integration of n tiers application using cas single sign
play

Integration of N-tiers application Using CAS Single Sign On system - PowerPoint PPT Presentation

Dec 05, 2023 •413 likes •792 views

EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail Jan Du Caju ICT security officer K.U.Leuven Belgium Jan.DuCaju@icts.KULeuven.be EuroCAMP 8may2008 Integration of N-tiers application

  1. EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail Jan Du Caju ICT security officer K.U.Leuven Belgium Jan.DuCaju@icts.KULeuven.be

  2. EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  3. EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  4. EuroCAMP 8may2008 Introduction: context association K.U.Leuven � educational landscape reflects political situation association K.U.Leuven 1 university and 12 schools of higher education Need for resource sharing 2004: Shibboleth for institutional and inter-institutional web resources Jan.DuCaju@icts.KULeuven.be

  5. EuroCAMP 8may2008 Introduction: context association K.U.Leuven � Every institution of association K.U.Leuven has its own central AAI (Authentication and Authorization Infrastructure incl. Shibboleth IdP and CAS) Resources e-learning: Blackboard and other coupled education apps library: Ex Libris, and access to scientific papers, publications and databases work place context: intranet, webmail, groupware and inter-institutional offers research context: HPC et al administrative and organizational context: SAP Federations K.U.Leuven (institutional) Association K.U.Leuven K.U.Leuven - UZLeuven (university hospital) Not yet :-\ a national federation at NREN level (Belnet) Jan.DuCaju@icts.KULeuven.be

  6. EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  7. EuroCAMP 8may2008 N-tiers problem space � imap server uid pw browser webmail Jan.DuCaju@icts.KULeuven.be

  8. EuroCAMP 8may2008 N-tiers problem space � imap server uid pw uid pw browser webmail Jan.DuCaju@icts.KULeuven.be

  9. EuroCAMP 8may2008 N-tiers problem space � Goal imap - Password does not pass application server - Secure (no caching of passwords, ...) - Single Sign-On uid pw uid pw browser webmail Jan.DuCaju@icts.KULeuven.be

  10. EuroCAMP 8may2008 CAS � Originally open-source WebISO developed by Yale University JA-SIG project since December 2004 Loosely based on Kerberos passwords are replaced by tickets ( ≈ one-time passwords) Server: Java & Spring framework Client: lots of implementations and libraries Jan.DuCaju@icts.KULeuven.be

  11. EuroCAMP 8may2008 CAS � CAS imap server server a trusted arbiter back-end service of authenticity proxy: service that wants to access other service on behalf of a particular user browser webmail Jan.DuCaju@icts.KULeuven.be

  12. EuroCAMP 8may2008 CAS � CAS imap server server browser webmail Jan.DuCaju@icts.KULeuven.be

  13. EuroCAMP 8may2008 CAS � CAS imap server server service S1=https://webmail.kuleuven.be S1 browser webmail Jan.DuCaju@icts.KULeuven.be

  14. EuroCAMP 8may2008 CAS � CAS imap server server login page browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  15. EuroCAMP 8may2008 CAS � CAS imap server server login uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  16. EuroCAMP 8may2008 CAS � CAS imap server server ST TGC service ticket ST Ticket Granting Cookie TGC uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  17. EuroCAMP 8may2008 CAS � CAS imap server server ST TGC verification of service ticket uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  18. EuroCAMP 8may2008 CAS � CAS imap server server ST TGC uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  19. EuroCAMP 8may2008 N-tiers problem space � CAS imap server server ST TGC ? uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  20. EuroCAMP 8may2008 Integration of N-tiers application using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  21. EuroCAMP 8may2008 Proxy CAS � CAS imap server server ST TGC additional: Proxy Granting Ticket URL uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  22. EuroCAMP 8may2008 Proxy CAS � CAS imap server server ST TGC uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  23. EuroCAMP 8may2008 Proxy CAS � CAS imap PGTIOU PGT server server ST PGTIOU to correlate TGC PGT with uid uid pw PGT-URL browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  24. EuroCAMP 8may2008 Proxy CAS � CAS imap PGTIOU PGT server server ST TGC service S2=imap://imap.kuleuven.be S2 uid PGT pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  25. EuroCAMP 8may2008 Proxy CAS � PT Proxy Ticket CAS imap PGTIOU PGT server server ST TGC S2 uid PGT pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  26. EuroCAMP 8may2008 Proxy CAS � PT CAS imap PGTIOU PGT server server ST TGC S2 PT uid PGT uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  27. EuroCAMP 8may2008 Proxy CAS � S2 PT PT CAS imap PGTIOU PGT server server ST TGC S2 PT uid PGT uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  28. EuroCAMP 8may2008 Proxy CAS � uid S2 PT PT CAS imap PGTIOU PGT server server ST TGC S2 PT uid PGT uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  29. EuroCAMP 8may2008 Proxy CAS � uid S2 PT PT CAS imap PGTIOU PGT server server ST TGC S2 PT uid PGT uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  30. EuroCAMP 8may2008 Integration of N-tiers application using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  31. EuroCAMP 8may2008 The gory details � uid S2 PT PAM_CAS CAS imap server server persistent imap connection PT uid php imap CAS proxy browser webmail Jan.DuCaju@icts.KULeuven.be

  32. EuroCAMP 8may2008 The gory details � imap server PAM_CAS: exchange of tickets with CAS server Horde IMP webmail server - standard: Apache, php, Horde IMP - imap proxy: keeps an persistent imap connection mostly implemented for performance but has the additional advantage that there is no need for new PT (Proxy Ticket) for each request - phpCAS client: exchange of tickets with CAS server - ESUP glue-code to let phpCAS client & Proxy CAS communicate seamlessly with Horde IMP Jan.DuCaju@icts.KULeuven.be

  33. EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  34. EuroCAMP 8may2008 Future K.U.Leuven needs calendar functionality moving from imap to MS Exchange Working proof-of-concept ADFS-enabled OWA (Outlook Web Access) integrated with our Shibboleth IdP Implementation: summer 2008 Jan.DuCaju@icts.KULeuven.be

  35. EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  36. EuroCAMP 8may2008 Conclusion Integration of N-tiers applications - dependent on application - one possibility by means of Proxy CAS Credits URL’s Philip Brusten http://shib.kuleuven.be Jan Van der Velpen (CAS http://kuleuven.be/english developper) http://associatie.kuleuven.be/eng References http://www.ja-sig.org/cas http://esup-portal.org Jan.DuCaju@icts.KULeuven.be

Recommend

Integration of N-tiers application Using CAS Single Sign On system with a webmail application,

Integration of N-tiers application Using CAS Single Sign On system with a webmail application,

Integration of N-tiers application Using CAS Single Sign On system with a webmail application, Horde K.U.Leuven Association velpi@groupt.be http://shib.kuleuven.be Integration of N-tiers application http://associatie.kuleuven.be/

911 views • 58 slides
Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms

Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms

Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms Pavel Slav ek, pavel.slavicek@qbizm.cz Brno, The Czech Republic, 2. 5. 2008 Content Single sign-on introduction (SSO) Introduction to

959 views • 24 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
CHAPTER 12: APPLICATION AND COMPONENT INTEGRATION 11:35 2 Application integration What if

CHAPTER 12: APPLICATION AND COMPONENT INTEGRATION 11:35 2 Application integration What if

1 Architecture and Modelling of Information Systems (D0I71A) Prof. dr. Monique Snoeck CHAPTER 12: APPLICATION AND COMPONENT INTEGRATION 11:35 2 Application integration What if you already have software ? Software manages its own

346 views • 17 slides
Single Sign-On: Myth vs Reality Mark Wilcox mark@mjwilcox.com My Involvement Chief

Single Sign-On: Myth vs Reality Mark Wilcox mark@mjwilcox.com My Involvement Chief

Single Sign-On: Myth vs Reality Mark Wilcox mark@mjwilcox.com My Involvement Chief Integration Geek for WebCT Wrote a book on LDAP Became expert on authentication Participant in Internet 2 authentication working groups

789 views • 19 slides
RWJMS eConsult Workflow Centricity/AristaMD Integration For Providers Rutgers, The State

RWJMS eConsult Workflow Centricity/AristaMD Integration For Providers Rutgers, The State

RWJMS eConsult Workflow Centricity/AristaMD Integration For Providers Rutgers, The State University of New Jersey Robert Wood Johnson Medical Group eConsult Program: Centricity/AristaMD Integration 1. Single-Sign-On (SSO): User may launch and

616 views • 17 slides
Hardware Accelerated Application Integration: Challenges and Opportunities Active @

Hardware Accelerated Application Integration: Challenges and Opportunities Active @

Hardware Accelerated Application Integration: Challenges and Opportunities Active @ ACM/IFIP/USENIX Middleware 2017 Daniel Ritter Application Integration - De-coupling apps - Solving n-square connection and variety problems (for textual

490 views • 24 slides
Integration-Manager Workflow and Rebasing Sign in on the attendance sheet! Remember the

Integration-Manager Workflow and Rebasing Sign in on the attendance sheet! Remember the

Lecture 8 Integration-Manager Workflow and Rebasing Sign in on the attendance sheet! Remember the Centralized Workflow? Problem: Every developer needs push access to the shared repository! Integration-Manager Workflow Github/ The cloud

626 views • 21 slides
154 GRAND ST PAINTED SIGN MASTER PLAN APPLICATION Lot Diagram Zoning Map 2 154 GRAND ST -

154 GRAND ST PAINTED SIGN MASTER PLAN APPLICATION Lot Diagram Zoning Map 2 154 GRAND ST -

154 GRAND ST PAINTED SIGN MASTER PLAN APPLICATION Lot Diagram Zoning Map 2 154 GRAND ST - CURRENT CONDITION FROM GRAND ST & CENTRE ST 3 3 - Secondary Facade of 154 Grand St - Zoned M1-5B - Sign dimensions: 36 H x 20 W - Sign

603 views • 26 slides
Single Sign- -On across On across Single Sign Web Services Web Services Ernest Artiaga

Single Sign- -On across On across Single Sign Web Services Web Services Ernest Artiaga

Single Sign- -On across On across Single Sign Web Services Web Services Ernest Artiaga Artiaga Ernest CERN - - OpenLab OpenLab Security Workshop Security Workshop April 2004 April 2004 CERN Outline Outline Motivation and

352 views • 23 slides
Data Integration and Analysis Center (IABIN DIAC) A Pilot Application for the Integration,

Data Integration and Analysis Center (IABIN DIAC) A Pilot Application for the Integration,

Data Integration and Analysis Center (IABIN DIAC) A Pilot Application for the Integration, Visualization, Query, Analysis and Sharing of IABIN Thematic Network Data Overarching Goals Develop a prototype Data Basin application for the IABIN

477 views • 14 slides
Single Sign On SimpleSAMLphp CivicActions | SSO | Dan Gurin | tweeter@dgurin | Drupal.org +

Single Sign On SimpleSAMLphp CivicActions | SSO | Dan Gurin | tweeter@dgurin | Drupal.org +

Single Sign On SimpleSAMLphp CivicActions | SSO | Dan Gurin | tweeter@dgurin | Drupal.org + GitHub + LinkedIn = DANGUR Enterprise level user account costs Administration Setup Retire Support Password resets

669 views • 24 slides
Unik Idit Levine EMC CONFIDENTIALINTERNAL USE ONLY EMC CONFIDENTIALINTERNAL USE ONLY 1

Unik Idit Levine EMC CONFIDENTIALINTERNAL USE ONLY EMC CONFIDENTIALINTERNAL USE ONLY 1

Unik Idit Levine EMC CONFIDENTIALINTERNAL USE ONLY EMC CONFIDENTIALINTERNAL USE ONLY 1 Virtualization Stack Application Config Application The aim is to run single Language Runtime Application with a single user on a single server

2.88k views • 28 slides
Agenda Overall Enterprise Application Performance Factors Enterprise Application Best Practice

Agenda Overall Enterprise Application Performance Factors Enterprise Application Best Practice

Agenda Overall Enterprise Application Performance Factors Enterprise Application Best Practice for generic Enterprise Application Performance Factors Best Practice for 3-tiers Enterprise Application Hardware Load Balancer Basic Unix Tuning

336 views • 9 slides
Kerberos and Single Sign-On with HTTP Joe Orton Red Hat Overview Introduction The

Kerberos and Single Sign-On with HTTP Joe Orton Red Hat Overview Introduction The

Kerberos and Single Sign-On with HTTP Joe Orton Red Hat Overview Introduction The Problem Current Solutions Future Solutions Conclusion Introduction WebDAV: common complaint of poor support for authentication in

917 views • 34 slides
Centralized user management and Single Sign On for the WeNMR gateway through the WeNMR Virtual

Centralized user management and Single Sign On for the WeNMR gateway through the WeNMR Virtual

Centralized user management and Single Sign On for the WeNMR gateway through the WeNMR Virtual Research Community Marc van Dijk , Andrea Giachetti, Marco Verlato, Antonio Rosato, Alexandre Bonvin EGI Technical Forum 2012 zondag 16 september 12

413 views • 13 slides
Tiers Tier Premium Grant 1 Less than 250k $5,000 2 250k-750k $10,000 3 Greater than 750k

Tiers Tier Premium Grant 1 Less than 250k $5,000 2 250k-750k $10,000 3 Greater than 750k

Tiers Tier Premium Grant 1 Less than 250k $5,000 2 250k-750k $10,000 3 Greater than 750k $15,000 Grant Application Complete all 4 sections: 1. Describe the risk control goods and/or service 2. What is the total cost 3. How will

329 views • 12 slides
Search for four-top-quark production in in the single-lepton and opposite-sign dilepton final

Search for four-top-quark production in in the single-lepton and opposite-sign dilepton final

Search for four-top-quark production in in the single-lepton and opposite-sign dilepton final states in in pp pp collisions at at = 13 13 TeV with the ATLAS detector MOHAMMED FARAJ UNIVERSITA DI UDINE/INFN TRIESTE -GRUPPO COLLEGATO

601 views • 23 slides
Single sign-on (SSO) Presentation Tiit Erm 106572 IVCMM Main points Introduction Old

Single sign-on (SSO) Presentation Tiit Erm 106572 IVCMM Main points Introduction Old

Single sign-on (SSO) Presentation Tiit Erm 106572 IVCMM Main points Introduction Old approach in multiple systems SSO Security Benefits Common SSO based configurations Examples of SSO usage Conclusion 15/12/11

379 views • 16 slides
Di Digi gital and Analog og Si Sign gnals 01219335 Data Acquisition and Integration Chaipo

Di Digi gital and Analog og Si Sign gnals 01219335 Data Acquisition and Integration Chaipo

Di Digi gital and Analog og Si Sign gnals 01219335 Data Acquisition and Integration Chaipo Chaiporn J n Jaik aikae aeo De Department of f Computer Engineering Ka Kasetsart Unive versity Revised 2020-08-26 Ou Outline Digital

337 views • 31 slides
Single Sign-On for the Internet: A Security Story eugene@tsyrklevich.name vlad902@gmail.com

Single Sign-On for the Internet: A Security Story eugene@tsyrklevich.name vlad902@gmail.com

Single Sign-On for the Internet: A Security Story eugene@tsyrklevich.name vlad902@gmail.com BlackHat USA, Las Vegas 2007 How do you manage your 169 Web 2.0 accounts today? Does your SSO consist of A login (e.g. johndoe) + 2

599 views • 46 slides
of Workstation Single Sign-On George A. Gellert, MD, MPH, MPA Associate CMIO, CHRISTUS Health

of Workstation Single Sign-On George A. Gellert, MD, MPH, MPA Associate CMIO, CHRISTUS Health

Clinical Impact and Value of Workstation Single Sign-On George A. Gellert, MD, MPH, MPA Associate CMIO, CHRISTUS Health San Antonio, Texas The Challenge: Providers using EHRs must maintain the security of protected health information and

588 views • 26 slides
What is Classlink? Classlink is a single sign on solution for Hamilton County Schools staff and

What is Classlink? Classlink is a single sign on solution for Hamilton County Schools staff and

What is Classlink? Classlink is a single sign on solution for Hamilton County Schools staff and students. - One place to log in and access websites and resources 2 Lets Log In! 1. Use the classlink desktop icon pushed to your HCDE

668 views • 10 slides
Colorados Approach to Developing the Single Streamlined Application (SSAp) March 26, 2013

Colorados Approach to Developing the Single Streamlined Application (SSAp) March 26, 2013

Colorados Approach to Developing the Single Streamlined Application (SSAp) March 26, 2013 Merged Advisory Group Meeting Background Beginning in 2014, all states are required to use a single streamlined application (SSAp) provided by the

298 views • 12 slides

More recommend