130 likes | 139 Views
Learn how UMBC implemented directory services for application integration, including the development of a single sign-on authenticator and the integration of WebCT and Blackboard.
E N D
Using Directory Services for Application Integration Jack Suess, CIO, UMBCjack@umbc.eduhttp://umbc.edu/~jack/cumrec
UMBC Institutional Profile • University of Maryland, Baltimore County. • Established 1966. Enrollment is 10,800. • Carnegie designation of Research/Extensive • Centralized administration and IT services with strong faculty governance structure • Heavy IT emphasis, about 25% of students in IT related majors. • Locally developed SIS/HR system. Recently signed on to implement Peoplesoft. Using Directory Services for Application Information
What we will discuss • The business factors driving this initiative • How we got involved in developing directory services • The directory development team and process • Development and deployment of new applications using the directory service • Creation of a single sign on web authenticator • Integrating WebCT and Blackboard course management tools • Questions Using Directory Services for Application Information
Business Factors Driving the Development of Directory Services Fall 1999.Finished with Y2K. • UMBC decided we would begin discussions to replace our SIS, HR and Finance systems. • UMBC started two online graduate programs and began planning for a third program. We needed to add more web-based self-service applications, especially account generation. • We had successfully deployed our web portal, myUMBC and were thinking about how we may extend it to alumni, parents, and prospective students. • Fall 1999, saw WebCT usage plateau, discussions with faculty pointed at need to make it “easier” to use course tools. Using Directory Services for Application Information
Directory Services@UMBC • Internally we had decided that the indecision over our SIS/HR plans made using those databases directly a mistake. We felt LDAP-based directory services offered us more flexibility and we didn’t have to worry about overload on transaction systems • Dec. 1999, UMBC applied and was selected to participate in the I2 “middleware” initiative. • UMBC created a middleware team to plan directory development. • March 2000, purchased Innosoft directory server and began development Using Directory Services for Application Information
Directory Development Team and Process • As then Director of OIT, I was the project sponsor and evangelist for middleware • A technical lead was identified and the project team created. • Members represented all areas of IT • Need to educated team on directory services • Sharp differences on what directory platform to use • I2 middleware group was helpful in framing issues for consideration • I worked with VP’s and Vice Provost’s to get support for project and access to data Using Directory Services for Application Information
Development and Deployment Phase 1 • Phase 1 – September 2000 • Decided to load all students in SIS who have applied UMBC to date, ~275000 • Decided early on that directory data would not be authoritative or updated directly by end-users. Updates to SIS/HR done through myUMBC and propogated back to directory through database change logs • Where duplicate data exists in HR/SIS we used most recent entry as “current” • Identified need for a common web-based authentication system, we created a service we call webauth. Using Directory Services for Application Information
Development of Webauth • Modeled after Kerberos, cookies function as tickets and web services use redirects to get service tickets. Here is how it works. • Client authenticates to webauth and gets a ticket-granting cookie (TGC), applications use this to get service cookies for applications. • Applications connect to service, if they don’t have a TGC the service redirects them to the webauth server with an encoded redirect that can get them “back” to the service after getting a service ticket • Created apache module to replace basic auth service • Created Java and Perl interfaces • Available upon request but consider I2 shibboleth Using Directory Services for Application Information
UMBC Directory Applications • Brought up directory-enabled account generation and management system • Web-based, allows delegation of control over different functions to groups/people based on roles and needs. Helpdesk can now reset passwords and quotas. • Self-service, students can now select username and password without coming onto campus • Supports user email redirection and lookup • IntegratedBlackboard and WebCT to use our username/password and autoenroll Using Directory Services for Application Information
Blackboard Integration • Great product but….. • July 2000, UMBC purchased a level 3 contract from Blackboard. Paid them to read our webauth cookie and retrieve authenticated username. UMBC wrote Java classes for them to call. Brought this up January 2001. • Extract users twice a day from directory and batch load into Blackboard. For fall 2001 we will automatically enroll students into their course • Had problems authenticating students coming in through some ISP’s. Tracked this to the way ISP’s play tricks with caching servers, we had to revamp java classes. • Had to figure out how to provide “guest” access. Using Directory Services for Application Information
WebCT 3.1 Integration • Brought up in January 2001. • Since WebCT provides source it was very easy to replace WebCTs’ apache authentication with webauth. • Presently load user list from directory twice a day, looking at doing this every hour. • For fall 2001 we will have students auto-registered into their webct courses. • We now create group containers for people, one type of group container is a course. Using Directory Services for Application Information
Results • The directory service has been our most reliable service, at least 99.99% uptime. • These self-service applications have revamped the way we support users and the services we provide. • Seeing tremendous interest in faculty that want to use Blackboard and to a lesser extent webct in large enrollment courses. • Using a directory allowed us to utilize our institutional data in an academic context. The staff that did this would never be able to directly access and update our SIS tables. Using Directory Services for Application Information
Questions • For more information and a copy of these slides visit • http://umbc.edu/~jack/cumrec Using Directory Services for Application Information