190 likes | 389 Views
Project Overview. Single Sign On Solution Robin Lilly. Description of Single Sign On. Single sign will allow user to sign on to UTEP’s system one time and be logged into all the diverse systems from that one session. Exchange Mail DotNetNuke Portals CA’s CleverPath GoldMine.
E N D
Project Overview Single Sign On Solution Robin Lilly
Description of Single Sign On • Single sign will allow user to sign on to UTEP’s system one time and be logged into all the diverse systems from that one session. • Exchange Mail • DotNetNuke Portals • CA’s CleverPath • GoldMine
Single Sign On Goals • Feasible • Scalable • Secure • Within budget • Immediate solution • Meets future needs • Independent of 3rd party systems
Some Problems Encountered • Dependence on CleverPath • Password to use in other systems was stored in CleverPath • Retrieval of Password will never be successful based on current API • Request & Response objects • CleverPath XML API problems • No API to keep session alive when not in CleverPath • No successful creation of CleverPath Session without redirecting to CleverPath • No API ability to kill CleverPath session • Session Info is stored in CleverPath
Solution • Store’s session/password information • Pass request & response objects • Build independent solution
Look at some uses of Single Sign On • Sign On to System • Check if I’m signed on
Sign On Users UI - User Login Validation Other System CleverPathAPI Active Directory iPlanet Create Session Info (SessionID, Encrypted Password, Salt) Session Data (Session, Password, UserName) Session Cookie (Session & Salt)
DNN Check if I’m Signed On Session Cookie (Session & Salt) Various UTEP Sites Various UTEP Sites Validation Session Status Other System CleverPathAPI Active Directory iPlanet Is Session Active in Database Is Session Active in Clever Path Is Session Active in GoldMine Create Session Info (SessionID, Encrypted Password, Salt) Goldmine Goldmine Clever Path Gold Mine It site It site Session Data (Session, Password, & UserName) Session Cookie (Session & Salt) CleverPath CleverPath
Classes • Talk about supporting classes • Registry • MyRegistry • Rijndael • SessionInfo See Page 2 of SingleSignOn Document
Users Session Classes • UsersDB class wraps the UserSessionInfo table • UserCredentials class is passed the Session & Salt at instantiation • It then makes a call to GetUserSession • It then decrypts the password with a call to Rijndael
UserAttributes Class • UserAttributesInit() • Get Session Info from the cookie (SSO Class) • Gets UserCredentials from Database • GetUserAttributes() • Call iPlanet XML for attributes See Page 3 of SingleSignOn Document
Single Sign On Class • Constructors • IsActiveSession() • Get Cookie Info • Check Database if Session is valid • Check other systems active See Page 4-6 of SingleSignOn Document
Single Sign On Class (cont.) • LogIn(UserID,Password), • Remove Old Session & Cookies • Generate Salt • AuthenticateUser(UserID, Password) • Call CleverPath XML API to Create Session • Store Session in Cookie and Database See Page 7-8 of SingleSignOn Document
Single Sign On Class (cont.) • LogOut() • Calls RemoveSession() • Calls RemoveCleverPathCookie() • RemoveSession() • Removes Cookie & Database Entry • RemoveCleverPathCookie() • Removes CleverPath Cookie See Page 9 of SingleSignOn Document
Single Sign On Class (cont.) • GetSessionInfo() • Get Session Cookie • Put SessionId and Salt into SessionInfo See Page 10 of SingleSignOn Document
Single Sign On Class (cont.) • SetSessionCookie(SessionID,Salt) • Writes an in memory cookie with SessionID and Salt Out • SetCleverPathSessionStillActive(SessionID) • Changes CleverPath Cookie to still be active See Page 11-12 of SingleSignOn Document
Single Sign On Class (cont.) • GetSignOnURL(RedirectPage) • Returns the URL of the signon page with the return page as the page passed in See Page 13 of SingleSignOn Document
Things CA should do • Changes to CleverPath API or do our own fix • Is Session Active • Remove Session • Keep Session Active • Fix CleverPath to go to Logout Screen • Fix CleverPath to go to Logon Screen
Conclusion • No significant under site on design • Control with UTEP not CA • Can grow with UTEP • Probably have some new classes: • CASystem Class • GoldMineSystem Class • …