Authentication - PowerPoint PPT Presentation

About This Presentation
Title:

Authentication

Description:

... Product Manager, Platform, Architecture and Database BBDN User Requests Login Page Server sends login page with Challenge User Enters Credentials; ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 34
Provided by: TomJ60
Category:

less

Transcript and Presenter's Notes

Title: Authentication


1
Blackboard Building Blocks
Authentication Overview
Tom Joyce, Product Manager, Platform Architecture
Database
Thursday, October 17, 2013
2
Road Map
  • Authentication/Security Overview
  • Release 6 Authentication Options
  • Custom Authentication
  • Authentication Demos
  • Review/Open Discussion

3
Authentication Concepts
  • Ensures that you are who you say you are!
  • Most schemes require the user to present a set of
    credentials
  • In the form of a username/password, or others
  • Referred to as End User Authentication (EUA)

4
EUA Options in Release 6
5
EUA Options in Release 6
  • Blackboard Learning and Community Portal System
    (Release 6) offers several options out of the
    box solutions
  • One option for all Vls
  • Set in authentication. Properties (file)

6
EUA Options
  • Blackboard Default (RDBMS)
  • LDAP
  • Webserver Delegation
  • Passport
  • Custom

7
Default Authentication (RDBMS)
  • Standard with Blackboard Learning System(Release
    6)
  • Form to enter in their user id and password

8
Default Authentication
  • Customization Options
  • Users can customize login page via UI
  • Direct Portal Entry
  • MD5 Passwords are stored in Bb Database
  • Uses a challenge/response mechanism for increased
    security

9
Challenge/Response Mechanism
  • Does not send the password over the network in
    clear text form
  • Prevents sniffing of passwords

10
Challenge/Response Mechanism
User Requests Login Page
Server sends login page with Challenge
Server receives credentials, uses challenge to
compare the password with the MD5 password stored
in the Bb5 database
User Enters Credentials Credentials are
submitted with Challenge and MD5 Encrypted
11
EUA Option LDAP
  • Can configure to go against an external LDAP
    directory
  • Standard Bb Login Screen Used
  • Matches against the user id in the Blackboard
    database
  • SSL enabling Blackboard strongly encouraged

12
EUA OptionWebserver
  • Authenticates information based on the user
    passed via HTTP to the authentication module.
  • Checks for the existence of the remote-user
    variable.
  • User is reconciled with users already in the Bb
    Database (more on this later)
  • WindowsAutomatically installs an ISAPI filter to
    add this information based on the Windows Domain
    (Windows Integrated)
  • UNIXAdd-ins for Apache are required

13
EUA Option Passport
  • Requires users to login using a Microsoft
    Passport
  • Functionally similar to Webserver auth

14
User Reconciliation Options
  • User is received from external system
  • What to do if user is not found in system
  • In Release 6
  • Webserver and Passport

15
Reconciliation Process
  • The Auth module receives the external credential
  • Windows Auth Windows Domain/User ID (e.g.
    DC/tjoyce)
  • Passport PUID (Passport Unique ID)
  • The User Registry is searched for the external
    credential
  • If found, then the user is authenticated

16
Reconciliation Process, Contd
  • If user is not found, depends on user_account
    setting
  • Reconcile Present the user with a form
  • Create Create the user based on external ID
  • Deny Do not authenticate the user

17
User Option Reconcile
  • User is presented with a screen and prompted to
    enter in Bb Credentials
  • MUST exist in the Blackboard database!
  • The external user is associated with that
    Blackboard user

18
User Option Create
  • User is automatically created in the Blackboard
    database based on the external credential
  • Webserver webserver-user-xxxx
  • Passport passport-user-xxxx
  • User or Admin can change personal info

19
User Option Deny
  • User not in User Registry No access

20
Reconciliation Option Pitfalls
  • Info is stored in the User Registry
  • Not accessible by Snapshot or UI.
  • Non-Public methods exist to get the data via the
    Java API
  • May be addressed in 6.2

21
EUA Option Custom
  • Authentication API
  • Java
  • API is part of B2 program
  • B2 Developers should use this for custom
    authentication modules

22
Authentication API (HttpAuthModule)
  • void init(ConfigurationService cfg)
  • boolean isAuthenticated(HttpServletRequest
    request) throws BbSecurityException
  • String doAuthenticate(HttpServletRequest request,
    HttpServletResponse response)
  • void doLogout(HttpServletRequest request,
    HttpServletResponse response)
  • void requestAuthenticate(HttpServletRequest
    request, HttpServletResponse response)
  • public String getAuthType()
  • public String getPropKeys()
  • public void setConfig( HttpAuthConfig config )

23
API Details
  • void init(ConfigurationService cfg)
  • Called upon Tomcat initialization
  • public String getAuthType()
  • Must return a String (i.e., customauth)
  • public String getPropKeys()
  • Return an array of properties for this
    authentication
  • At a minimum, impl should be returned here to
    specify the class name of the custom module

24
API Details (contd)
  • public void setConfig( HttpAuthConfig config )
  • Handle to the configuration properties for the
    autentication
  • void requestAuthenticate (HttpServletRequest
    request, HttpServletResponse response)
  • Called when Blackboard requires authentication
  • Can set this to a web page, login form, or do
    nothing.

25
API Details (contd)
  • String doAuthenticate (HttpServletRequest
    request, HttpServletResponse response)
  • Does the implementation-specific work of
    authenticating the user
  • Return the user id if successful, null if not
    (can also throw a BbSecurityException)

26
API Details (contd)
  • boolean isAuthenticated (HttpServletRequest
    request) throws BbSecurityException
  • This is deprecated can return true here
  • Caveat As of 6.0.10, you MUST subclass
    BaseAuthenticationModule!
  • This has been identified as a bug and will be
    fixed in a future release

27
Authentication Configuration
  • 2 Files
  • bb-config.properties
  • authentication.properties
  • Run PushConfigUpdates after changing any values
  • Load Balanced Systems

28
Config File bb-config.properties
  • bbconfig.auth.type
  • rdbms, ldap, webserver, passport, or custom

29
Config File authentication.properties
  • Entries in the form
  • auth.type.ltauth typegt.ltproperty namegtltproperty
    valuegt
  • Example
  • auth.type.rdbms.use_challengetrue
  • auth.type.ldap.error_fallback_to_bbfalse

30
Demo Custom Auth
  • Code CustomAuthModule.java
  • Implement HttpAuthModule.java
  • MUST subclass BaseAuthenticationModule (this is a
    bug)
  • Build jar, move jar to Tomcat lib/apps (windows)
  • Edit authentication.properties,
    bb-config.properties
  • Restart Tomcat

31
Summary
  • Several Different Authentication Options are
    available for Release 6
  • B2 Developers can develop Custom Authentication
    modules
  • Numerous Possibilities exist for custom
    authentication modules (SSO, Kerberos, etc.)

32
QA/Open Discussion
  • Tom Joyce, Product Manager, Platform,
    Architecture and Database
  • BBDN

33
Thank You

Demos to Follow gt
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Authentication" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!