integration of n tiers application
play

Integration of N-tiers application Using CAS Single Sign On system - PowerPoint PPT Presentation

Feb 11, 2023 •316 likes •911 views

Integration of N-tiers application Using CAS Single Sign On system with a webmail application, Horde K.U.Leuven Association velpi@groupt.be http://shib.kuleuven.be Integration of N-tiers application http://associatie.kuleuven.be/

  1. Integration of N-tiers application Using CAS Single Sign On system with a webmail application, Horde K.U.Leuven Association velpi@groupt.be http://shib.kuleuven.be

  2. Integration of N-tiers application http://associatie.kuleuven.be/ velpi@groupt.be 2

  3. Integration of N-tiers application Integration of N-tiers application Introducing CAS Proxy CAS login scenario Implementing proxy CAS Beyond... velpi@groupt.be 3

  4. Integration of N-tiers application Introducing CAS: the project Originally developed by Yale University JA-SIG project since December 2004 http://www.ja-sig.org/products/cas/ velpi@groupt.be 4

  5. Integration of N-tiers application Introducing CAS: the technology • Originally open-source WebISO • Loosely based on Kerberos *model* • Server: Java & Spring framework Client: lots of implementations + libs available (with source) velpi@groupt.be 5

  6. Integration of N-tiers application Introducing CAS: the protocol XML http://www.ja-sig.org/products/cas/overview/protocol/index.html velpi@groupt.be 6

  7. Integration of N-tiers application Introducing CAS: N-tiers Proxy CAS http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough velpi@groupt.be 7

  8. Integration of N-tiers application Proxy CAS: the problem space • Passwords are passing all “clients” • Credentials have to be cached • Caching has to be done in plain text velpi@groupt.be 8

  9. Integration of N-tiers application Proxy CAS: a solution • One-time “passwords” • Passwords are replaced by “tickets” • One-time=request new for next authN velpi@groupt.be 9

  10. Integration of N-tiers application Integration of N-tiers application Introducing CAS Proxy CAS login scenario Implementing proxy CAS Beyond... velpi@groupt.be 10

  11. login scenario Integration of N-tiers application • BROWSER: cookies enabled BROWSER velpi@groupt.be 11

  12. login scenario Integration of N-tiers application CAS SERVER • CAS: a trusted arbiter of authenticity BROWSER velpi@groupt.be 12

  13. login scenario Integration of N-tiers application CAS SERVER Performance enhancement • Service: webapp that authenticates users via CAS IMAP PROXY • Proxy: service that wants to access other services on behalf of a particular user Horde / IMP with BROWSER phpCAS CLIENT velpi@groupt.be 13

  14. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS • Target (back-end service): service that accepts proxied credentials from at least one particular proxy IMAP PROXY Horde / IMP with BROWSER phpCAS CLIENT velpi@groupt.be 14

  15. Integration of N-tiers application login scenario: the players • CAS: a trusted arbiter of authenticity CAS • Service: webapp that authenticates users via CAS Horde • Proxy: service that wants to access other services on behalf of a particular user IMP • Target (back-end service): service that accepts proxied credentials from at least one particular proxy IMAP velpi@groupt.be 15

  16. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS IMAP PROXY Horde / IMP with BROWSER phpCAS CLIENT velpi@groupt.be 16

  17. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS IMAP PROXY Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER phpCAS CLIENT velpi@groupt.be 17

  18. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS IMAP PROXY (+TGC) Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 18

  19. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS (LOGIN PAGE) (LT) (CREDENTIALS) IMAP PROXY (LT) (+TGC) Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 19

  20. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS ST (LOGIN PAGE) (LT) (CREDENTIALS) IMAP PROXY (LT) (+TGC) (SET TGC) Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 20

  21. Integration of N-tiers application login scenario: Credentials OR TicketGrantingCookie (TGC) response Redirect to: http://webmail.mydomain.org/?ticket=TICKET eg TICKET=ST-38815-m09bXdf770aEJfq9VsotayLh6OyE0MoovLM-20 velpi@groupt.be 21

  22. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS ST (LOGIN PAGE) (LT) (CREDENTIALS) IMAP PROXY (LT) (+TGC) (SET TGC) Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 22

  23. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS ST (LOGIN PAGE) (LT) (CREDENTIALS) IMAP PROXY (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 23

  24. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PGTIOU ST (LOGIN PAGE) PGT (LT) (CREDENTIALS) IMAP PROXY (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 24

  25. Integration of N-tiers application login scenario: ServiceTicket (ST) validation 1/2 CAS server requests : http://webmail.mydomain.org/casProxy.php ?pgtIou= PGTIOU &pgtId= PGT eg PGT=TGT-38815-m09bXdf770aEJfq9VsotayLh6OyE0MoovLM-20 velpi@groupt.be 25

  26. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PGTIOU ST (LOGIN PAGE) PGT (LT) (CREDENTIALS) IMAP PROXY (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 26

  27. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (CREDENTIALS) IMAP PROXY (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 27

  28. Integration of N-tiers application login scenario: ServiceTicket (ST) validation 2/2 <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user> NetID </cas:user> <cas:proxyGrantingTicket> PGTIOU </cas:proxyGrantingTicket> </cas:authenticationSuccess> </cas:serviceResponse> velpi@groupt.be 28

  29. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (CREDENTIALS) IMAP PROXY (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 29

  30. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PT PT PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (CREDENTIALS) IMAP PROXY S2 PGT (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 30

  31. Integration of N-tiers application login scenario: ProxyGrantingTicket (PGT) response <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:proxySuccess> <cas:proxyTicket> PT </cas:proxyTicket> </cas:proxySuccess> </cas:serviceResponse> velpi@groupt.be 31

  32. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PT PT PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (CREDENTIALS) IMAP PROXY S2 PGT (LT) pgt-url ok? (+TGC) (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 32

  33. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PT PT NETID PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (PT) (CREDENTIALS) IMAP PROXY S2 PGT NETID (LT) pgt-url ok? (+TGC) PT (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 33

  34. login scenario Integration of N-tiers application PAM IMAP with CAS SERVER SERVER PAM_CAS PT PT NETID PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (PT) (CREDENTIALS) IMAP PROXY S2 PGT NETID (LT) pgt-url ok? (+TGC) PT (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 34

  35. login scenario Integration of N-tiers application =? PAM NETID S1(proxy[]) IMAP with CAS SERVER SERVER PT S2 PAM_CAS PT PT NETID PGTIOU ST (LOGIN PAGE) NETID PGTIOU PGT (LT) (PT) (CREDENTIALS) IMAP PROXY S2 PGT NETID (LT) pgt-url ok? (+TGC) PT (SET TGC) PGT-URL ST S1 Horde / IMP HTTP REQ (PHP-SESSION) with BROWSER S1 phpCAS CLIENT velpi@groupt.be 35

  36. Integration of N-tiers application login scenario: ProxyTicket (PT) validation <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user> NetID </cas:user> <cas:proxyGrantingTicket> PGTIOU </cas:proxyGrantingTicket> <cas:proxies> <cas:proxy> proxy1 </cas:proxy> <cas:proxy> proxy2 </cas:proxy> ... </cas:proxies> </cas:authenticationSuccess> </cas:serviceResponse> velpi@groupt.be 36

Recommend

Integration of N-tiers application Using CAS Single Sign On system with Horde webmail Jan Du

Integration of N-tiers application Using CAS Single Sign On system with Horde webmail Jan Du

EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail Jan Du Caju ICT security officer K.U.Leuven Belgium Jan.DuCaju@icts.KULeuven.be EuroCAMP 8may2008 Integration of N-tiers application

792 views • 36 slides
CHAPTER 12: APPLICATION AND COMPONENT INTEGRATION 11:35 2 Application integration What if

CHAPTER 12: APPLICATION AND COMPONENT INTEGRATION 11:35 2 Application integration What if

1 Architecture and Modelling of Information Systems (D0I71A) Prof. dr. Monique Snoeck CHAPTER 12: APPLICATION AND COMPONENT INTEGRATION 11:35 2 Application integration What if you already have software ? Software manages its own

346 views • 17 slides
Hardware Accelerated Application Integration: Challenges and Opportunities Active @

Hardware Accelerated Application Integration: Challenges and Opportunities Active @

Hardware Accelerated Application Integration: Challenges and Opportunities Active @ ACM/IFIP/USENIX Middleware 2017 Daniel Ritter Application Integration - De-coupling apps - Solving n-square connection and variety problems (for textual

490 views • 24 slides
Data Integration and Analysis Center (IABIN DIAC) A Pilot Application for the Integration,

Data Integration and Analysis Center (IABIN DIAC) A Pilot Application for the Integration,

Data Integration and Analysis Center (IABIN DIAC) A Pilot Application for the Integration, Visualization, Query, Analysis and Sharing of IABIN Thematic Network Data Overarching Goals Develop a prototype Data Basin application for the IABIN

477 views • 14 slides
Agenda Overall Enterprise Application Performance Factors Enterprise Application Best Practice

Agenda Overall Enterprise Application Performance Factors Enterprise Application Best Practice

Agenda Overall Enterprise Application Performance Factors Enterprise Application Best Practice for generic Enterprise Application Performance Factors Best Practice for 3-tiers Enterprise Application Hardware Load Balancer Basic Unix Tuning

336 views • 9 slides
Tiers Tier Premium Grant 1 Less than 250k $5,000 2 250k-750k $10,000 3 Greater than 750k

Tiers Tier Premium Grant 1 Less than 250k $5,000 2 250k-750k $10,000 3 Greater than 750k

Tiers Tier Premium Grant 1 Less than 250k $5,000 2 250k-750k $10,000 3 Greater than 750k $15,000 Grant Application Complete all 4 sections: 1. Describe the risk control goods and/or service 2. What is the total cost 3. How will

329 views • 12 slides
INTEGRATION THROUGH CREATIVITY An Application of the APP METHOD to Language

INTEGRATION THROUGH CREATIVITY An Application of the APP METHOD to Language

GRUNDTVIG LLP MIGRANT WOMEN : INTEGRATION THROUGH CREATIVITY An Application of the APP METHOD to Language Learning The EURO-IDEA Associa/on in partnership with the

200 views • 18 slides
Application Integration at the University of Mlaga Victoriano Giralt Central ICT Services

Application Integration at the University of Mlaga Victoriano Giralt Central ICT Services

Application Integration at the University of Mlaga Victoriano Giralt Central ICT Services University of Malaga Advanced EuroCAMP Budapest November 18 th 2009 Start Hurdles A path Steps Bumps ???? An ideal Enterprise Application

1.03k views • 76 slides
Redesigning NCs Economic Development Tiers System Jeff DeBellis NC Department of Commerce

Redesigning NCs Economic Development Tiers System Jeff DeBellis NC Department of Commerce

01/06/2016 Redesigning NCs Economic Development Tiers System Jeff DeBellis NC Department of Commerce January 7, 2016 Commerces Role with the Tier System Calculate Tiers annually Field questions from public &amp; community

254 views • 9 slides
Carroll County Commissioners Presentation on Mapping of Growth Tiers November 13, 2012 1

Carroll County Commissioners Presentation on Mapping of Growth Tiers November 13, 2012 1

Carroll County Commissioners Presentation on Mapping of Growth Tiers November 13, 2012 1 SUMMARY OF TIERS &amp; SUMMARY OF TIERS &amp; MAPPING REQUIREMENTS MAPPING REQUIREMENTS T om Devilbiss Deputy Director, Carroll County Dept. of

511 views • 13 slides
Data Integration and Analysis Center (IABIN DIAC) Version 2: A Pilot Application for the

Data Integration and Analysis Center (IABIN DIAC) Version 2: A Pilot Application for the

Data Integration and Analysis Center (IABIN DIAC) Version 2: A Pilot Application for the Integration, Visualization, Query, Analysis and Sharing of IABIN Thematic Network Data Goals for Day 2 presentation Dispel myths Cost There

81 views • 6 slides
FINANCIALLY SUSTAINABLE INCUBATION MODELS KEY SUCCESS FACTORS WG3 TIERS OF SUPPORT AGENDA

FINANCIALLY SUSTAINABLE INCUBATION MODELS KEY SUCCESS FACTORS WG3 TIERS OF SUPPORT AGENDA

FINANCIALLY SUSTAINABLE INCUBATION MODELS KEY SUCCESS FACTORS WG3 TIERS OF SUPPORT AGENDA 1. CREATIVE ECOSYSTEM 2. CLUSTER COOPERATION 3. BUSINESS MODEL 4. TIERS OF SUPPORT - 6 PILLARS 5. CREATIVE BRATISLAVA CREATIVE ECOSYSTEM Not

490 views • 20 slides
MCDA-GIS integration: an application in GRASS GIS 6.4 Massei G.*, Rocchi L.*, Paolotti L.*,

MCDA-GIS integration: an application in GRASS GIS 6.4 Massei G.*, Rocchi L.*, Paolotti L.*,

MCDA-GIS integration: an application in GRASS GIS 6.4 Massei G.*, Rocchi L.*, Paolotti L.*, Greco S., Boggia A.* * Department of Economics and Appraisal, University of Perugia. Borgo XX Giugno 74, 06121 Perugia, Italy. Faculty of

730 views • 41 slides
CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup

CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup

CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup RECOMMENDATIONS TO THE TASK FORCE July 18, 2014 Each Behavioral Health Organization should provide rapid access to the following billable services along a

790 views • 9 slides
INTENS A Flexible Integration Platform for Application Software Ronald Tanner 31st January 2006

INTENS A Flexible Integration Platform for Application Software Ronald Tanner 31st January 2006

Semafor Informatik &amp; Energie Architecture and Features Application Example: Vehicle Engineering Engineering Database Configuration Examples INTENS A Flexible Integration Platform for Application Software Ronald Tanner 31st January 2006

559 views • 19 slides
Sub-topics Application(s) of Industrial Waste(s)/By-products Coal residues Fly ash

Sub-topics Application(s) of Industrial Waste(s)/By-products Coal residues Fly ash

Applications of Industrial Waste(s) Sub-topics Application(s) of Industrial Waste(s)/By-products Coal residues Fly ash Silica Fumes Rubber tiers Glass (Aggregates) Dredged material Need for Characterization (of

1.15k views • 30 slides
Sub-topics Application(s) of Industrial Waste(s)/By-products Fly ash Silica Fumes

Sub-topics Application(s) of Industrial Waste(s)/By-products Fly ash Silica Fumes

Applications of Industrial Waste(s) Sub-topics Application(s) of Industrial Waste(s)/By-products Fly ash Silica Fumes Rubber tiers Glass (Aggregates) Dredged material Need for Characterization (of geomaterials

641 views • 17 slides
Sub-topics Application(s) of Industrial Waste(s)/By-products Fly ash Silica Fumes

Sub-topics Application(s) of Industrial Waste(s)/By-products Fly ash Silica Fumes

Applications of Industrial Waste(s) Sub-topics Application(s) of Industrial Waste(s)/By-products Fly ash Silica Fumes Rubber tiers Glass (Aggregates) Dredged material Need for Characterization (of geomaterials

255 views • 6 slides
Lidar Topography and Hydrographic Integration: Fundamentals and Application Issues USGS

Lidar Topography and Hydrographic Integration: Fundamentals and Application Issues USGS

This image cannot currently be displayed. Lidar Topography and Hydrographic Integration: Fundamentals and Application Issues USGS Hydrography Seminar Series, Seminar #8 Thursday, May 19, 2016 H. Karl Heidemann, GISP, CMS Physical Scientist

596 views • 45 slides
The application of PROMETHEE with Prospect Theory - Opportunities and Challenges 1. Integration

The application of PROMETHEE with Prospect Theory - Opportunities and Challenges 1. Integration

The application of PROMETHEE with Prospect Theory - Opportunities and Challenges 1. Integration of Prospect Theory into PROMETHEE 2. Feedback from decision makers in a case study concerning sustainable bioenergy 3. Extensions: sensitivity

1.02k views • 22 slides
Geometric Numerical Integration of Hamiltonian systems: application to some optimal control

Geometric Numerical Integration of Hamiltonian systems: application to some optimal control

Geometric Numerical Integration of Hamiltonian systems: application to some optimal control problems Philippe Chartier 1 1 IPSO INRIA-Rennes Optimal Control : Algorithms and Applications, May 30-June 1st 2007 logo First examples Hamiltonian

899 views • 62 slides
Modeling and integration of renewable energy Application to datacenters Dr. Robin Roche

Modeling and integration of renewable energy Application to datacenters Dr. Robin Roche

Modeling and integration of renewable energy Application to datacenters Dr. Robin Roche robin.roche@femto-st.fr FEMTO-ST, FCLAB, CNRS, Univ. Bourgogne Franche-Comte, UTBM GreenDays Toulouse, 3 July 2018 | | Research Introduction

682 views • 27 slides
Oracle SOA Suite Enterprise Service Bus Oracle Integration Product Management Multi Tiered

Oracle SOA Suite Enterprise Service Bus Oracle Integration Product Management Multi Tiered

Oracle SOA Suite Enterprise Service Bus Oracle Integration Product Management Multi Tiered Deployment Oracle ESB Slide 2 ESB Multi Tier Deployment Overview Topology 3 tiers: 1 Metadata(DT) servers, 2 runtime servers Oracle

337 views • 17 slides
Sub queries Used mainly in clauses and with FROM quan tiers and FORALL . EXISTS

Sub queries Used mainly in clauses and with FROM quan tiers and FORALL . EXISTS

Sub queries Used mainly in clauses and with FROM quan tiers and FORALL . EXISTS Example: Sub query in FROM Find the man ufacturers of the b eers serv ed at Jo e's. SELECT DISTINCT b.manf FROM ( SELECT

497 views • 16 slides

More recommend