1 / 14

Campus Experience: Pubcookie

Campus Experience: Pubcookie. University of Alabama at Birmingham Academic Computing Zach Garner. Overview. Interfacing with an Existing Enterprise Infrastructure Modifying Existing Applications Future Directions. Pre-requisites. Requirements:

lixue
Download Presentation

Campus Experience: Pubcookie

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Campus Experience: Pubcookie University of Alabama at Birmingham Academic Computing ZachGarner

  2. Overview • Interfacing with an Existing Enterprise Infrastructure • Modifying Existing Applications • Future Directions

  3. Pre-requisites • Requirements: • Need a central, authoritative person directory • Follow eduPerson, LDAP Recipe & other NMI standards/practices • Directory is used for enterprise authentication (password assignment & resets)

  4. Interfacing with EnterpriseAuthentication • Pubcookie supports LDAP, Kerberos or UNIX style authentication • At UAB, authenticate off of central username/password (“BlazerID”) via LDAP • Password is protected • Type username/password into web browser • Passed to Pubcookie Login server over SSL • Use secure backchannel such as ldaps:// to directory

  5. Outcome • Initial sign-on once a day allows access to all pubcookie-protected campus web sites without logging in again

  6. Using Pubcookie • Install a pubcookie Apache or IIS module on each web server to be protected • Put protected information in a directory protected by this module • User’s attempts to access the URL • Pubcookie redirects them to login if they haven’t yet today; otherwise cookie credential is checked

  7. Uses for Pubcookie • UAB has used Pubcookie for: • Distributing software to members of the UAB community

  8. Pubcookie Limitations • All authenticated users are equal; useful for resources available to entire campus only • Library materials • Licensed software • Usually, the target population is smaller • Students in a particular school or class • Faculty, staff, students in School of Engineering

  9. Modifying Existing Applications • The Problem • Many Web Applications create their own authentication system • So, the user needs a username/password for each application • The Solution • Pubcookie-enable those applications to use centralized username/password

  10. Modifying Existing Applications • We Pubcookie-enabled two open source applications • Bugzilla (Written in Perl) • PHPWebsite (Written in PHP) • Similar changes were required for both applications

  11. Modifications • Remove old user login/password web form • Instead, Pubcookie authenticates the user • Authenticated users can proceed if they also have a Bugzilla or PHPwebsite account • Change behavior of “Log Out” and “Change Password” pages

  12. Future Directions • Modifying Pubcookie to support Client-Side SSL Certificates • Enables authentication of users without a user remembering username/password • Modifying Pubcookie to support PAM for the authentication mechanism • PAM is a standard system for flexibly using a large number of authentication systems.

  13. Resources • Linux implementation of PAM www.kernel.org/pub/linux/libs/pam/ • Bugzilla www.bugzilla.org • PHPWebsite http://phpwebsite.appstate.edu/

  14. David L. Shealy Jill Gemmill John-Paul Robinson Jason Lynn Kenn McCracken Zach Garner Ramesh Puljala Rajani Sadasivam Aditya Srinivasan Academic Computing

More Related