integration of n tiers application using cas single sign
play

Integration of N-tiers application Using CAS Single Sign On system - PowerPoint PPT Presentation

Dec 05, 2023 •413 likes •792 views

EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail Jan Du Caju ICT security officer K.U.Leuven Belgium Jan.DuCaju@icts.KULeuven.be EuroCAMP 8may2008 Integration of N-tiers application

  1. EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail Jan Du Caju ICT security officer K.U.Leuven Belgium Jan.DuCaju@icts.KULeuven.be

  2. EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  3. EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  4. EuroCAMP 8may2008 Introduction: context association K.U.Leuven � educational landscape reflects political situation association K.U.Leuven 1 university and 12 schools of higher education Need for resource sharing 2004: Shibboleth for institutional and inter-institutional web resources Jan.DuCaju@icts.KULeuven.be

  5. EuroCAMP 8may2008 Introduction: context association K.U.Leuven � Every institution of association K.U.Leuven has its own central AAI (Authentication and Authorization Infrastructure incl. Shibboleth IdP and CAS) Resources e-learning: Blackboard and other coupled education apps library: Ex Libris, and access to scientific papers, publications and databases work place context: intranet, webmail, groupware and inter-institutional offers research context: HPC et al administrative and organizational context: SAP Federations K.U.Leuven (institutional) Association K.U.Leuven K.U.Leuven - UZLeuven (university hospital) Not yet :-\ a national federation at NREN level (Belnet) Jan.DuCaju@icts.KULeuven.be

  6. EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  7. EuroCAMP 8may2008 N-tiers problem space � imap server uid pw browser webmail Jan.DuCaju@icts.KULeuven.be

  8. EuroCAMP 8may2008 N-tiers problem space � imap server uid pw uid pw browser webmail Jan.DuCaju@icts.KULeuven.be

  9. EuroCAMP 8may2008 N-tiers problem space � Goal imap - Password does not pass application server - Secure (no caching of passwords, ...) - Single Sign-On uid pw uid pw browser webmail Jan.DuCaju@icts.KULeuven.be

  10. EuroCAMP 8may2008 CAS � Originally open-source WebISO developed by Yale University JA-SIG project since December 2004 Loosely based on Kerberos passwords are replaced by tickets ( ≈ one-time passwords) Server: Java & Spring framework Client: lots of implementations and libraries Jan.DuCaju@icts.KULeuven.be

  11. EuroCAMP 8may2008 CAS � CAS imap server server a trusted arbiter back-end service of authenticity proxy: service that wants to access other service on behalf of a particular user browser webmail Jan.DuCaju@icts.KULeuven.be

  12. EuroCAMP 8may2008 CAS � CAS imap server server browser webmail Jan.DuCaju@icts.KULeuven.be

  13. EuroCAMP 8may2008 CAS � CAS imap server server service S1=https://webmail.kuleuven.be S1 browser webmail Jan.DuCaju@icts.KULeuven.be

  14. EuroCAMP 8may2008 CAS � CAS imap server server login page browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  15. EuroCAMP 8may2008 CAS � CAS imap server server login uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  16. EuroCAMP 8may2008 CAS � CAS imap server server ST TGC service ticket ST Ticket Granting Cookie TGC uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  17. EuroCAMP 8may2008 CAS � CAS imap server server ST TGC verification of service ticket uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  18. EuroCAMP 8may2008 CAS � CAS imap server server ST TGC uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  19. EuroCAMP 8may2008 N-tiers problem space � CAS imap server server ST TGC ? uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  20. EuroCAMP 8may2008 Integration of N-tiers application using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  21. EuroCAMP 8may2008 Proxy CAS � CAS imap server server ST TGC additional: Proxy Granting Ticket URL uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  22. EuroCAMP 8may2008 Proxy CAS � CAS imap server server ST TGC uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  23. EuroCAMP 8may2008 Proxy CAS � CAS imap PGTIOU PGT server server ST PGTIOU to correlate TGC PGT with uid uid pw PGT-URL browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  24. EuroCAMP 8may2008 Proxy CAS � CAS imap PGTIOU PGT server server ST TGC service S2=imap://imap.kuleuven.be S2 uid PGT pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  25. EuroCAMP 8may2008 Proxy CAS � PT Proxy Ticket CAS imap PGTIOU PGT server server ST TGC S2 uid PGT pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  26. EuroCAMP 8may2008 Proxy CAS � PT CAS imap PGTIOU PGT server server ST TGC S2 PT uid PGT uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  27. EuroCAMP 8may2008 Proxy CAS � S2 PT PT CAS imap PGTIOU PGT server server ST TGC S2 PT uid PGT uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  28. EuroCAMP 8may2008 Proxy CAS � uid S2 PT PT CAS imap PGTIOU PGT server server ST TGC S2 PT uid PGT uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  29. EuroCAMP 8may2008 Proxy CAS � uid S2 PT PT CAS imap PGTIOU PGT server server ST TGC S2 PT uid PGT uid pw browser S1 webmail Jan.DuCaju@icts.KULeuven.be

  30. EuroCAMP 8may2008 Integration of N-tiers application using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  31. EuroCAMP 8may2008 The gory details � uid S2 PT PAM_CAS CAS imap server server persistent imap connection PT uid php imap CAS proxy browser webmail Jan.DuCaju@icts.KULeuven.be

  32. EuroCAMP 8may2008 The gory details � imap server PAM_CAS: exchange of tickets with CAS server Horde IMP webmail server - standard: Apache, php, Horde IMP - imap proxy: keeps an persistent imap connection mostly implemented for performance but has the additional advantage that there is no need for new PT (Proxy Ticket) for each request - phpCAS client: exchange of tickets with CAS server - ESUP glue-code to let phpCAS client & Proxy CAS communicate seamlessly with Horde IMP Jan.DuCaju@icts.KULeuven.be

  33. EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  34. EuroCAMP 8may2008 Future K.U.Leuven needs calendar functionality moving from imap to MS Exchange Working proof-of-concept ADFS-enabled OWA (Outlook Web Access) integrated with our Shibboleth IdP Implementation: summer 2008 Jan.DuCaju@icts.KULeuven.be

  35. EuroCAMP 8may2008 Integration of N-tiers application Using CAS Single Sign On system with Horde webmail context association K.U.Leuven N-tiers problem space Proxy CAS The gory details Future Conclusions Jan.DuCaju@icts.KULeuven.be

  36. EuroCAMP 8may2008 Conclusion Integration of N-tiers applications - dependent on application - one possibility by means of Proxy CAS Credits URL’s Philip Brusten http://shib.kuleuven.be Jan Van der Velpen (CAS http://kuleuven.be/english developper) http://associatie.kuleuven.be/eng References http://www.ja-sig.org/cas http://esup-portal.org Jan.DuCaju@icts.KULeuven.be

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Integration of N-tiers application Using CAS Single Sign On system with a webmail application,

Integration of N-tiers application Using CAS Single Sign On system with a webmail application,

Integration of N-tiers application Using CAS Single Sign On system with a webmail application, Horde K.U.Leuven Association velpi@groupt.be http://shib.kuleuven.be Integration of N-tiers application http://associatie.kuleuven.be/

911 views • 58 slides
Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms

Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms

Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms Pavel Slav ek, pavel.slavicek@qbizm.cz Brno, The Czech Republic, 2. 5. 2008 Content Single sign-on introduction (SSO) Introduction to

959 views • 24 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
CHAPTER 12: APPLICATION AND COMPONENT INTEGRATION 11:35 2 Application integration What if

CHAPTER 12: APPLICATION AND COMPONENT INTEGRATION 11:35 2 Application integration What if

1 Architecture and Modelling of Information Systems (D0I71A) Prof. dr. Monique Snoeck CHAPTER 12: APPLICATION AND COMPONENT INTEGRATION 11:35 2 Application integration What if you already have software ? Software manages its own

346 views • 17 slides
Single Sign-On: Myth vs Reality Mark Wilcox mark@mjwilcox.com My Involvement Chief

Single Sign-On: Myth vs Reality Mark Wilcox mark@mjwilcox.com My Involvement Chief

Single Sign-On: Myth vs Reality Mark Wilcox mark@mjwilcox.com My Involvement Chief Integration Geek for WebCT Wrote a book on LDAP Became expert on authentication Participant in Internet 2 authentication working groups

789 views • 19 slides
RWJMS eConsult Workflow Centricity/AristaMD Integration For Providers Rutgers, The State

RWJMS eConsult Workflow Centricity/AristaMD Integration For Providers Rutgers, The State

RWJMS eConsult Workflow Centricity/AristaMD Integration For Providers Rutgers, The State University of New Jersey Robert Wood Johnson Medical Group eConsult Program: Centricity/AristaMD Integration 1. Single-Sign-On (SSO): User may launch and

616 views • 17 slides
Hardware Accelerated Application Integration: Challenges and Opportunities Active @

Hardware Accelerated Application Integration: Challenges and Opportunities Active @

Hardware Accelerated Application Integration: Challenges and Opportunities Active @ ACM/IFIP/USENIX Middleware 2017 Daniel Ritter Application Integration - De-coupling apps - Solving n-square connection and variety problems (for textual

490 views • 24 slides
Integration-Manager Workflow and Rebasing Sign in on the attendance sheet! Remember the

Integration-Manager Workflow and Rebasing Sign in on the attendance sheet! Remember the

Lecture 8 Integration-Manager Workflow and Rebasing Sign in on the attendance sheet! Remember the Centralized Workflow? Problem: Every developer needs push access to the shared repository! Integration-Manager Workflow Github/ The cloud

626 views • 21 slides
154 GRAND ST PAINTED SIGN MASTER PLAN APPLICATION Lot Diagram Zoning Map 2 154 GRAND ST -

154 GRAND ST PAINTED SIGN MASTER PLAN APPLICATION Lot Diagram Zoning Map 2 154 GRAND ST -

154 GRAND ST PAINTED SIGN MASTER PLAN APPLICATION Lot Diagram Zoning Map 2 154 GRAND ST - CURRENT CONDITION FROM GRAND ST & CENTRE ST 3 3 - Secondary Facade of 154 Grand St - Zoned M1-5B - Sign dimensions: 36 H x 20 W - Sign

603 views • 26 slides
Single Sign- -On across On across Single Sign Web Services Web Services Ernest Artiaga

Single Sign- -On across On across Single Sign Web Services Web Services Ernest Artiaga

Single Sign- -On across On across Single Sign Web Services Web Services Ernest Artiaga Artiaga Ernest CERN - - OpenLab OpenLab Security Workshop Security Workshop April 2004 April 2004 CERN Outline Outline Motivation and

352 views • 23 slides
Data Integration and Analysis Center (IABIN DIAC) A Pilot Application for the Integration,

Data Integration and Analysis Center (IABIN DIAC) A Pilot Application for the Integration,

Data Integration and Analysis Center (IABIN DIAC) A Pilot Application for the Integration, Visualization, Query, Analysis and Sharing of IABIN Thematic Network Data Overarching Goals Develop a prototype Data Basin application for the IABIN

477 views • 14 slides
Single Sign On SimpleSAMLphp CivicActions | SSO | Dan Gurin | tweeter@dgurin | Drupal.org +

Single Sign On SimpleSAMLphp CivicActions | SSO | Dan Gurin | tweeter@dgurin | Drupal.org +

Single Sign On SimpleSAMLphp CivicActions | SSO | Dan Gurin | tweeter@dgurin | Drupal.org + GitHub + LinkedIn = DANGUR Enterprise level user account costs Administration Setup Retire Support Password resets

669 views • 24 slides
Unik Idit Levine EMC CONFIDENTIALINTERNAL USE ONLY EMC CONFIDENTIALINTERNAL USE ONLY 1

Unik Idit Levine EMC CONFIDENTIALINTERNAL USE ONLY EMC CONFIDENTIALINTERNAL USE ONLY 1

Unik Idit Levine EMC CONFIDENTIALINTERNAL USE ONLY EMC CONFIDENTIALINTERNAL USE ONLY 1 Virtualization Stack Application Config Application The aim is to run single Language Runtime Application with a single user on a single server

2.88k views • 28 slides
Agenda Overall Enterprise Application Performance Factors Enterprise Application Best Practice

Agenda Overall Enterprise Application Performance Factors Enterprise Application Best Practice

Agenda Overall Enterprise Application Performance Factors Enterprise Application Best Practice for generic Enterprise Application Performance Factors Best Practice for 3-tiers Enterprise Application Hardware Load Balancer Basic Unix Tuning

336 views • 9 slides
Kerberos and Single Sign-On with HTTP Joe Orton Red Hat Overview Introduction The

Kerberos and Single Sign-On with HTTP Joe Orton Red Hat Overview Introduction The

Kerberos and Single Sign-On with HTTP Joe Orton Red Hat Overview Introduction The Problem Current Solutions Future Solutions Conclusion Introduction WebDAV: common complaint of poor support for authentication in

917 views • 34 slides
Centralized user management and Single Sign On for the WeNMR gateway through the WeNMR Virtual

Centralized user management and Single Sign On for the WeNMR gateway through the WeNMR Virtual

Centralized user management and Single Sign On for the WeNMR gateway through the WeNMR Virtual Research Community Marc van Dijk , Andrea Giachetti, Marco Verlato, Antonio Rosato, Alexandre Bonvin EGI Technical Forum 2012 zondag 16 september 12

413 views • 13 slides
Communication as a Service T elepathy and the KDE Software Compilation George Goldberg Akademy

Communication as a Service T elepathy and the KDE Software Compilation George Goldberg Akademy

Communication as a Service T elepathy and the KDE Software Compilation George Goldberg Akademy 2010 Tampere, Finland Introduction 1. Introduction to Telepathy 2. Telepathy and KDE The plan, the present and the future 3. The Flying Car

874 views • 41 slides
Javascript More powerful than you think Some tools for

Javascript More powerful than you think Some tools for

Master Informa-que - Universit Paris-Sud 1/15/14 Javascript More powerful than you think Some tools for building Func-onal: func-ons are

846 views • 5 slides
Todays Objec4ves Threads and Synchroniza4on Wrap up Services Sept 25, 2017 Sprenkle -

Todays Objec4ves Threads and Synchroniza4on Wrap up Services Sept 25, 2017 Sprenkle -

9/25/17 Todays Objec4ves Threads and Synchroniza4on Wrap up Services Sept 25, 2017 Sprenkle - CSCI325 1 Review What is the goal of TCP? What are some of the approaches it uses to meet these goals? Compare and contrast

518 views • 12 slides
R&E Telepresence Exchange status & lessons learned APAN 32Delhi 25 August 2011 Brent

R&E Telepresence Exchange status & lessons learned APAN 32Delhi 25 August 2011 Brent

R&E Telepresence Exchange status & lessons learned APAN 32Delhi 25 August 2011 Brent Sweeny of GRNOC, y , Indiana University (USA) y ( ) The R&E exchange community: Cisco Telepresence rooms Currently almost 200 Cisco

483 views • 35 slides
Akonadi The KDE4 PIM Framework Tobias Koenig KDE Akademy 2006 p. 1 Overview Why a new

Akonadi The KDE4 PIM Framework Tobias Koenig KDE Akademy 2006 p. 1 Overview Why a new

Akonadi The KDE4 PIM Framework Tobias Koenig KDE Akademy 2006 p. 1 Overview Why a new PIM Framework Akonadi History Concepts Current State The Future Questions & Answers KDE Akademy 2006 p. 2 Problems

3.39k views • 21 slides
Identification and Collection Seminar on E-Discovery, February 9th, 2012, College of Information

Identification and Collection Seminar on E-Discovery, February 9th, 2012, College of Information

Identification and Collection Seminar on E-Discovery, February 9th, 2012, College of Information Studies, University of Maryland Dr. Hans Henseler Amsterdam University of Applied Sciences, The Netherlands Information Technology & Computer

925 views • 26 slides
BrickNet (contd) BrickNet (contd) Other Academic Projects Other Academic Projects

BrickNet (contd) BrickNet (contd) Other Academic Projects Other Academic Projects

Special Course on Networked Virtual January 29, 2004 Environments BrickNet (contd) BrickNet (contd) Other Academic Projects Other Academic Projects Object Object- -request brokers on request brokers on MASSIVE MASSIVE

496 views • 4 slides
A web-based collaboration platform Oliver Kutter kutter@in.tum.de Technische Universit at M

A web-based collaboration platform Oliver Kutter kutter@in.tum.de Technische Universit at M

TWiki A web-based collaboration platform Oliver Kutter kutter@in.tum.de Technische Universit at M unchen TWiki. March 9, 2004 p.1/15 Topics of this talk TWiki overview TWiki features TWiki text formatting Create a new

530 views • 15 slides

More recommend