Title: Project Overview
1Project Overview
- Single Sign On Solution
- Robin Lilly
2Description of Single Sign On
- Single sign will allow user to sign on to UTEPs
system one time and be logged into all the
diverse systems from that one session. - Exchange Mail
- DotNetNuke Portals
- CAs CleverPath
- GoldMine
3Single Sign On Goals
- Feasible
- Scalable
- Secure
- Within budget
- Immediate solution
- Meets future needs
- Independent of 3rd party systems
4Some Problems Encountered
- Dependence on CleverPath
- Password to use in other systems was stored in
CleverPath - Retrieval of Password will never be successful
based on current API - Request Response objects
- CleverPath XML API problems
- No API to keep session alive when not in
CleverPath - No successful creation of CleverPath Session
without redirecting to CleverPath - No API ability to kill CleverPath session
- Session Info is stored in CleverPath
5Solution
- Stores session/password information
- Pass request response objects
- Build independent solution
6Look at some uses of Single Sign On
- Sign On to System
- Check if Im signed on
7Sign On
Users
UI - User Login
Validation
Other System
CleverPathAPI
Active Directory
iPlanet
Create Session Info (SessionID, Encrypted
Password, Salt)
Session Data (Session, Password, UserName)
Session Cookie (Session Salt)
8Check if Im Signed On
DNN
Session Cookie (Session Salt)
Various UTEP Sites
Various UTEP Sites
Validation
Session Status
Other System
CleverPathAPI
Active Directory
iPlanet
Is Session Active in Clever Path
Is Session Active in Database
Is Session Active in GoldMine
Create Session Info (SessionID, Encrypted
Password, Salt)
Goldmine
Goldmine
Clever Path
Gold Mine
It site
It site
Session Data (Session, Password, UserName)
Session Cookie (Session Salt)
CleverPath
CleverPath
9Retrieve Attributes of My Self
Users
Active Directory
CleverPath
Other
Validation
- New technology being used
- Benefits
- Standards being adopted
- Benefits
- Standards specifically being ignored
- Drawbacks benefits
- DYA define your acronyms!
10Classes
- Talk about supporting classes
- Registry
- MyRegistry
- Rijndael
- SessionInfo
See Page 2 of SingleSignOn Document
11Users Session Classes
- UsersDB class wraps the UserSessionInfo table
- UserCredentials class is passed the Session
Salt at instantiation - It then makes a call to GetUserSession
- It then decrypts the password with a call to
Rijndael
12UserAttributes Class
- UserAttributesInit()
- Get Session Info from the cookie (SSO Class)
- Gets UserCredentials from Database
- GetUserAttributes()
- Call iPlanet XML for attributes
See Page 3 of SingleSignOn Document
13Single Sign On Class
- Constructors
- IsActiveSession()
- Get Cookie Info
- Check Database if Session is valid
- Check other systems active
See Page 4-6 of SingleSignOn Document
14Single Sign On Class (cont.)
- LogIn(UserID,Password),
- Remove Old Session Cookies
- Generate Salt
- AuthenticateUser(UserID, Password)
- Call CleverPath XML API to Create Session
- Store Session in Cookie and Database
See Page 7-8 of SingleSignOn Document
15Single Sign On Class (cont.)
- LogOut()
- Calls RemoveSession()
- Calls RemoveCleverPathCookie()
- RemoveSession()
- Removes Cookie Database Entry
- RemoveCleverPathCookie()
- Removes CleverPath Cookie
See Page 9 of SingleSignOn Document
16Single Sign On Class (cont.)
- GetSessionInfo()
- Get Session Cookie
- Put SessionId and Salt into SessionInfo
See Page 10 of SingleSignOn Document
17Single Sign On Class (cont.)
- SetSessionCookie(SessionID,Salt)
- Writes an in memory cookie with SessionID and
Salt Out - SetCleverPathSessionStillActive(SessionID)
- Changes CleverPath Cookie to still be active
See Page 11-12 of SingleSignOn Document
18Single Sign On Class (cont.)
- GetSignOnURL(RedirectPage)
- Returns the URL of the signon page with the
return page as the page passed in
See Page 13 of SingleSignOn Document
19Things CA should do
- Changes to CleverPath API or do our own fix
- Is Session Active
- Remove Session
- Keep Session Active
- Fix CleverPath to go to Logout Screen
- Fix CleverPath to go to Logon Screen
20Things we need to do
21Conclusion
- No significant under site on design
- Control with UTEP not CA
- Can grow with UTEP
- Probably have some new classes
- CASystem Class
- GoldMineSystem Class
-