single sign on enabled opencms
play

Single sign-on enabled OpenCms Architecture for Single sign-on - PowerPoint PPT Presentation

Jun 12, 2023 •709 likes •959 views

Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms Pavel Slav ek, pavel.slavicek@qbizm.cz Brno, The Czech Republic, 2. 5. 2008 Content Single sign-on introduction (SSO) Introduction to

  1. Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms ► Pavel Slaví č ek, pavel.slavicek@qbizm.cz Brno, The Czech Republic, 2. 5. 2008

  2. Content ► Single sign-on introduction (SSO) » Introduction to Single sign-on ► SSO protocols » Basic mechanisms » Simplified mechanisms of CAS, NTLM, Kerberos ► Implementation of SSO into OpenCms » General architecture » Architecture for concrete protocol ► Experiences » Our experiences in real projects

  3. What is Single sign-on?

  4. Single sing-on ► Method of access control ► User enters his credentials once and has access to multiple applications » Without the need to enter multiple passwords ► Heterogeneous systems » Intranet, emails, stock system, ... ► Comfortable for users

  5. Single sing-on ► Advantages » Reduces sending password over the network etc. » Reduces human error » Comfortable for users » … Disadvantages ► » Single sign-on component failure » Single sign-on component must be component with high security » …

  6. Protocols for Single sing-on ► Central Authentication Service (CAS) ► NTLM (NT Lan Manager) ► Kerberos ► And others » CoSign (cookie based) » OpenSSO (Sun Java System Access Manager) » …

  7. Single sign-on concepts and protocols

  8. Central Authentication Service (CAS) ► Yale University JA-SIG project ► Mostly used for web applications ► Features » Involves a client web browser » Cookies based mechanism » Password is send over network (https)

  9. Central Authentication Service (CAS)

  10. NTLM (NT Lan Manager) ► Microsoft authentication protocol ► ,,Old” protocol » Microsoft adopted Kerberos » In several cases Kerberos can’t be used ► Features » Challenge-reponse sequence » Messages between client and server » Password is not send over the network (Hash, DES)

  11. NTLM (NT Lan Manager)

  12. Kerberos ► Massachusetts Institute of Technology (MIT) ► Protocol was adopted by Microsoft » Windows 2000 and Windows Active Directory server 2003 ► Features » Client-server model, mutual-authentication » Symetric key kryptography » Over non-secure networks (eavesdropping, replay) » Password is not send over the network

  13. Kerberos

  14. Architecture for SSO implementation into OpenCms

  15. General architecture Concrete architecture depends on chosen Single sing-on ► protocol We do not have user’s password ► » We have to trust to Single sing-on component » Special authentication mechanism › We have to implement own user driver › User name transforming › We have to modify authentication mechanisms in OpenCms Central user’s account storage ► » User’s account synchronization from LDAP server › OCEE Modules from Alkacon › OpenCms-LDAP module from sourceforge.net

  16. LDAP General architecture (AD) Auth. Central user’s account prov. storage OCEE/ OpenCms- LDAP User Accounts Driver synch. Filter OpenCms

  17. CAS CAS LDAP/… server User Accounts Driver synch. Filter •Ticket Login/logout •Cookie OpenCms

  18. NTLM AD User Accounts Driver synch. Filter •Challenge- response OpenCms •JCIFS

  19. Kerberos Central user’s account KDC storage Secret User Accounts Driver synch. Filter •ServiceTicket OpenCms •Decryption

  20. Experiences with Single sign-on

  21. Experiences with Single sing-on in real projects ► Popular, user friendly ► Good feedback from customers ► Projects » CAS › Intranet/extranet › Over 30 000 of users » NTLM › Intranet, company with affiliates › About 5 000 of users » Kerberos › Intranet

  22. Summary ► Single sing-on is attractive for customers ► Usefully for intranets ► Architectures of modules were presented ► Implementation of our modules are based on presented architectures » Knowledge of Single sing-on mechanisms

  23. ► Thank you for your attention, any questions?

  24. References [1] Introduction to Single Sign-On, http://www.opengroup.org/security/sso/sso_intro.htm/ [2] Single sign-on, http://en.wikipedia.org/wiki/Single_sign-on [3] Central Authentication Service, http://en.wikipedia.org/wiki/Central_Authentication_Service [4] NTLM, http://en.wikipedia.org/wiki/NTLM [5] Kerberos, http://en.wikipedia.org/wiki/Kerberos_(protocol) [6] The Java CIFS Client Library, http://jcifs.samba.org/ [7] JA-SIG Central Authentication Service, http://www.ja-sig.org/products/cas/ [8] TagLab, http://dev.taglab.com/ [9] Single Sign On Concepts & Protocols, http://www.sans.org/reading_room/whitepapers/authentication/1352.php

Recommend

OpenCms Days 2011 Workshop Track: Upgrading from OpenCms 7.5 to OpenCms 8 Michael Emmerich,

OpenCms Days 2011 Workshop Track: Upgrading from OpenCms 7.5 to OpenCms 8 Michael Emmerich,

OpenCms Days 2011 Workshop Track: Upgrading from OpenCms 7.5 to OpenCms 8 Michael Emmerich, Alkacon Software GmbH . Agenda 1. Migrating from OpenCms 7.x to OpenCms 8 Export and Import in OpenCms Using the Update-Wizard

416 views • 40 slides
OpenCms Days 2008 Custom Widgets In OpenCms Welcome! Dan Liliedahl OpenCms 7 Development

OpenCms Days 2008 Custom Widgets In OpenCms Welcome! Dan Liliedahl OpenCms 7 Development

OpenCms Days 2008 Custom Widgets In OpenCms Welcome! Dan Liliedahl OpenCms 7 Development http://www.packtpub.com/opencms-7-development/book Extending OpenCms Developing a Custom Widget Widgets in OpenCms Provides Rich User Interface

547 views • 25 slides
OpenCms Hosting Management OpenCms Spanish Community OpenCms Hispano Alejandro Alves

OpenCms Hosting Management OpenCms Spanish Community OpenCms Hispano Alejandro Alves

OpenCms Hosting Management OpenCms Spanish Community OpenCms Hispano Alejandro Alves Caldern Sergio Raposo Vargas ndice Why? Statistics Options The project The infrastructure The modules Why? Java Maintenance PHP cost vs

179 views • 17 slides
OpenCms Days 2008 Conference Opening Keynote: Status of the OpenCms Project Alexander Kandzior,

OpenCms Days 2008 Conference Opening Keynote: Status of the OpenCms Project Alexander Kandzior,

OpenCms Days 2008 Conference Opening Keynote: Status of the OpenCms Project Alexander Kandzior, CEO Alkacon Software GmbH OpenCms History OpenCms version 1 & 2: since 1995 Called MHT CLI written in C, also used with CGI

480 views • 37 slides
OpenCms Days 2008 Technical Track: Secrets of using the OpenCms CRE Michael Moossen, Alkacon

OpenCms Days 2008 Technical Track: Secrets of using the OpenCms CRE Michael Moossen, Alkacon

OpenCms Days 2008 Technical Track: Secrets of using the OpenCms CRE Michael Moossen, Alkacon Software GmbH Agenda What is the OpenCms CRE? Workplace Improvements Publishing Deleting XML Content editing

489 views • 34 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
OpenCms Days 2011 Conference Opening Keynote: Presenting OpenCms 8 Alexander Kandzior, CEO

OpenCms Days 2011 Conference Opening Keynote: Presenting OpenCms 8 Alexander Kandzior, CEO

OpenCms Days 2011 Conference Opening Keynote: Presenting OpenCms 8 Alexander Kandzior, CEO Alkacon Software GmbH OpenCms Days Sponsors Thank you very much! Organizational Details The Workshop Tracks, Keynotes and the Conference Roundup

768 views • 73 slides
OpenCms Days 2011 Workshop Track: The OpenCms 8 Demo Template Modules in Detail Polina Smagina,

OpenCms Days 2011 Workshop Track: The OpenCms 8 Demo Template Modules in Detail Polina Smagina,

OpenCms Days 2011 Workshop Track: The OpenCms 8 Demo Template Modules in Detail Polina Smagina, Alkacon Software GmbH Agenda Template comparison OpenCms 6, 7 and 8 Template III and content modules Dev Demo Template OpenCms 6 and 7

380 views • 37 slides
OpenCms Days 2011 Workshop Track: Creating Plug & Play Modules for OpenCms 8 Rdiger Kurz

OpenCms Days 2011 Workshop Track: Creating Plug & Play Modules for OpenCms 8 Rdiger Kurz

OpenCms Days 2011 Workshop Track: Creating Plug & Play Modules for OpenCms 8 Rdiger Kurz Alkacon Software GmbH Agenda Developing Web-Projects in general OpenCms Modules v7 vs. v8 The module structure The module contents

623 views • 23 slides
Jquery and OpenCms Matt Butcher Aleph-Null, Inc. http://aleph-null.tv The Strengths of OpenCms

Jquery and OpenCms Matt Butcher Aleph-Null, Inc. http://aleph-null.tv The Strengths of OpenCms

Jquery and OpenCms Matt Butcher Aleph-Null, Inc. http://aleph-null.tv The Strengths of OpenCms Built on Mature Core Technologies Solid Object-Oriented Architecture Feature-packed Workplace JSP for Templates, Structured XML for

331 views • 10 slides
OpenCms Days 2011 Workshop Track: The OpenCms 8 Content Subscription Engine Georg Westenberger,

OpenCms Days 2011 Workshop Track: The OpenCms 8 Content Subscription Engine Georg Westenberger,

OpenCms Days 2011 Workshop Track: The OpenCms 8 Content Subscription Engine Georg Westenberger, Alkacon Software GmbH Agenda Introduction Basic concepts Demonstration Using subscriptions The <cms:usertracking> tag

580 views • 30 slides
OpenCms days 2008 Using and extending OpenCms search capabilities Claus Priisholm CEO,

OpenCms days 2008 Using and extending OpenCms search capabilities Claus Priisholm CEO,

OpenCms days 2008 Using and extending OpenCms search capabilities Claus Priisholm CEO, CodeDroids ApS www.codedroids.com Contents Overview over the built-in features Searching with the default setup Indexing structured contents

686 views • 24 slides
Personalized Documents in OpenCms Dr. Martin Abel General Manager Plambeck Health GmbH OpenCms

Personalized Documents in OpenCms Dr. Martin Abel General Manager Plambeck Health GmbH OpenCms

Personalized Documents in OpenCms Dr. Martin Abel General Manager Plambeck Health GmbH OpenCms Days 2009-06-16 Dr. Martin Abel, Plambeck Health GmbH Page 1 Agenda Plambeck Health Requirements for Document Management An OpenCms Solution

610 views • 26 slides
OpenCms Days 2011 Workshop Track: Creating OpenCms 8 Container Templates (Part 1) Tobias

OpenCms Days 2011 Workshop Track: Creating OpenCms 8 Container Templates (Part 1) Tobias

OpenCms Days 2011 Workshop Track: Creating OpenCms 8 Container Templates (Part 1) Tobias Herrmann, Alkacon Software GmbH Agenda Configuration Container Page Site Map Detail Pages SEO and Detail Pages Sub Sites Group

593 views • 24 slides
OpenCms Hispano s Modules OpenCms Hispano Sergio Raposo Vargas Alejandro Alves Caldern

OpenCms Hispano s Modules OpenCms Hispano Sergio Raposo Vargas Alejandro Alves Caldern

OpenCms Hispano s Modules OpenCms Hispano Sergio Raposo Vargas Alejandro Alves Caldern Modules overview Index Forum module Components Classes Future Demo Advanced direct edit Classes How it works Future

768 views • 18 slides
Integration of OpenCMS into SAP NetWeaver Dimitry Surkov Cologne, June 2009 Agenda Integration

Integration of OpenCMS into SAP NetWeaver Dimitry Surkov Cologne, June 2009 Agenda Integration

Integration of OpenCMS into SAP NetWeaver Dimitry Surkov Cologne, June 2009 Agenda Integration of openCMS into SAP NetWeaver 1. SAP NetWeaver introduction 2. Business case: government services portal of YNAO 3. Integration: openCMS

578 views • 25 slides
OpenCms Days 2009 Technical Track: Using the Alkacon OAMP Module series to enhance OpenCms

OpenCms Days 2009 Technical Track: Using the Alkacon OAMP Module series to enhance OpenCms

OpenCms Days 2009 Technical Track: Using the Alkacon OAMP Module series to enhance OpenCms Michael Emmerich, Alkacon Software GmbH . Agenda 1. Introduction of the Alkacon OAMP Modules Overview over exiting OAMP Modules 2. OAMP

616 views • 47 slides
How Fujitsu Racing is super-charging its OpenCMS performance Author: Dammian Miller About me

How Fujitsu Racing is super-charging its OpenCMS performance Author: Dammian Miller About me

How Fujitsu Racing is super-charging its OpenCMS performance Author: Dammian Miller About me From an island called Australia Web developer for 10+ years - Java focus, government, corporate, private, consulting OpenCMS since 2005

693 views • 22 slides
OpenCms at The Royal Library An implementation Story Presentation Overview Background

OpenCms at The Royal Library An implementation Story Presentation Overview Background

OpenCms at The Royal Library An implementation Story Presentation Overview Background Implementation process overview Why OpenCms/opensource Porting existing content/services Integration of Digital Asset Management

207 views • 20 slides
Single Sign- -On across On across Single Sign Web Services Web Services Ernest Artiaga

Single Sign- -On across On across Single Sign Web Services Web Services Ernest Artiaga

Single Sign- -On across On across Single Sign Web Services Web Services Ernest Artiaga Artiaga Ernest CERN - - OpenLab OpenLab Security Workshop Security Workshop April 2004 April 2004 CERN Outline Outline Motivation and

352 views • 23 slides
Discussing OpenCms Workplace Usability 06/05/2008 OpenCms Day 2008 Christian Weber Manager -

Discussing OpenCms Workplace Usability 06/05/2008 OpenCms Day 2008 Christian Weber Manager -

Discussing OpenCms Workplace Usability 06/05/2008 OpenCms Day 2008 Christian Weber Manager - Content Management Solutions 06.05.2008 Abstract One major goal of content management systems is to bring web publishing One major goal of content

1.05k views • 71 slides
Saving Money in the Enterprise With OpenCms Joel Tosi Lead Application Architect CME Group

Saving Money in the Enterprise With OpenCms Joel Tosi Lead Application Architect CME Group

Saving Money in the Enterprise With OpenCms Joel Tosi Lead Application Architect CME Group June 16, 2009 Quick Overview Content CME Background Why OpenCms What we are doing Where are we going Format Questions

613 views • 20 slides
OpenCms Days 2009 Technical Track: Advanced XML Content & Widget Configuration Andreas

OpenCms Days 2009 Technical Track: Advanced XML Content & Widget Configuration Andreas

OpenCms Days 2009 Technical Track: Advanced XML Content & Widget Configuration Andreas Zahner, Alkacon Software GmbH . Agenda 1. Introduction of new XML content features in OpenCms 7.5 Improved standard galleries Enhanced

802 views • 44 slides
Single Sign On SimpleSAMLphp CivicActions | SSO | Dan Gurin | tweeter@dgurin | Drupal.org +

Single Sign On SimpleSAMLphp CivicActions | SSO | Dan Gurin | tweeter@dgurin | Drupal.org +

Single Sign On SimpleSAMLphp CivicActions | SSO | Dan Gurin | tweeter@dgurin | Drupal.org + GitHub + LinkedIn = DANGUR Enterprise level user account costs Administration Setup Retire Support Password resets

669 views • 24 slides

More recommend