single sign on enabled opencms
play

Single sign-on enabled OpenCms Architecture for Single sign-on - PowerPoint PPT Presentation

Jun 12, 2023 •709 likes •959 views

Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms Pavel Slav ek, pavel.slavicek@qbizm.cz Brno, The Czech Republic, 2. 5. 2008 Content Single sign-on introduction (SSO) Introduction to

  1. Single sign-on enabled OpenCms Architecture for Single sign-on implementation into OpenCms ► Pavel Slaví č ek, pavel.slavicek@qbizm.cz Brno, The Czech Republic, 2. 5. 2008

  2. Content ► Single sign-on introduction (SSO) » Introduction to Single sign-on ► SSO protocols » Basic mechanisms » Simplified mechanisms of CAS, NTLM, Kerberos ► Implementation of SSO into OpenCms » General architecture » Architecture for concrete protocol ► Experiences » Our experiences in real projects

  3. What is Single sign-on?

  4. Single sing-on ► Method of access control ► User enters his credentials once and has access to multiple applications » Without the need to enter multiple passwords ► Heterogeneous systems » Intranet, emails, stock system, ... ► Comfortable for users

  5. Single sing-on ► Advantages » Reduces sending password over the network etc. » Reduces human error » Comfortable for users » … Disadvantages ► » Single sign-on component failure » Single sign-on component must be component with high security » …

  6. Protocols for Single sing-on ► Central Authentication Service (CAS) ► NTLM (NT Lan Manager) ► Kerberos ► And others » CoSign (cookie based) » OpenSSO (Sun Java System Access Manager) » …

  7. Single sign-on concepts and protocols

  8. Central Authentication Service (CAS) ► Yale University JA-SIG project ► Mostly used for web applications ► Features » Involves a client web browser » Cookies based mechanism » Password is send over network (https)

  9. Central Authentication Service (CAS)

  10. NTLM (NT Lan Manager) ► Microsoft authentication protocol ► ,,Old” protocol » Microsoft adopted Kerberos » In several cases Kerberos can’t be used ► Features » Challenge-reponse sequence » Messages between client and server » Password is not send over the network (Hash, DES)

  11. NTLM (NT Lan Manager)

  12. Kerberos ► Massachusetts Institute of Technology (MIT) ► Protocol was adopted by Microsoft » Windows 2000 and Windows Active Directory server 2003 ► Features » Client-server model, mutual-authentication » Symetric key kryptography » Over non-secure networks (eavesdropping, replay) » Password is not send over the network

  13. Kerberos

  14. Architecture for SSO implementation into OpenCms

  15. General architecture Concrete architecture depends on chosen Single sing-on ► protocol We do not have user’s password ► » We have to trust to Single sing-on component » Special authentication mechanism › We have to implement own user driver › User name transforming › We have to modify authentication mechanisms in OpenCms Central user’s account storage ► » User’s account synchronization from LDAP server › OCEE Modules from Alkacon › OpenCms-LDAP module from sourceforge.net

  16. LDAP General architecture (AD) Auth. Central user’s account prov. storage OCEE/ OpenCms- LDAP User Accounts Driver synch. Filter OpenCms

  17. CAS CAS LDAP/… server User Accounts Driver synch. Filter •Ticket Login/logout •Cookie OpenCms

  18. NTLM AD User Accounts Driver synch. Filter •Challenge- response OpenCms •JCIFS

  19. Kerberos Central user’s account KDC storage Secret User Accounts Driver synch. Filter •ServiceTicket OpenCms •Decryption

  20. Experiences with Single sign-on

  21. Experiences with Single sing-on in real projects ► Popular, user friendly ► Good feedback from customers ► Projects » CAS › Intranet/extranet › Over 30 000 of users » NTLM › Intranet, company with affiliates › About 5 000 of users » Kerberos › Intranet

  22. Summary ► Single sing-on is attractive for customers ► Usefully for intranets ► Architectures of modules were presented ► Implementation of our modules are based on presented architectures » Knowledge of Single sing-on mechanisms

  23. ► Thank you for your attention, any questions?

  24. References [1] Introduction to Single Sign-On, http://www.opengroup.org/security/sso/sso_intro.htm/ [2] Single sign-on, http://en.wikipedia.org/wiki/Single_sign-on [3] Central Authentication Service, http://en.wikipedia.org/wiki/Central_Authentication_Service [4] NTLM, http://en.wikipedia.org/wiki/NTLM [5] Kerberos, http://en.wikipedia.org/wiki/Kerberos_(protocol) [6] The Java CIFS Client Library, http://jcifs.samba.org/ [7] JA-SIG Central Authentication Service, http://www.ja-sig.org/products/cas/ [8] TagLab, http://dev.taglab.com/ [9] Single Sign On Concepts & Protocols, http://www.sans.org/reading_room/whitepapers/authentication/1352.php

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OpenCms Days 2011 Workshop Track: Upgrading from OpenCms 7.5 to OpenCms 8 Michael Emmerich,

OpenCms Days 2011 Workshop Track: Upgrading from OpenCms 7.5 to OpenCms 8 Michael Emmerich,

OpenCms Days 2011 Workshop Track: Upgrading from OpenCms 7.5 to OpenCms 8 Michael Emmerich, Alkacon Software GmbH . Agenda 1. Migrating from OpenCms 7.x to OpenCms 8 Export and Import in OpenCms Using the Update-Wizard

416 views • 40 slides
OpenCms Days 2008 Custom Widgets In OpenCms Welcome! Dan Liliedahl OpenCms 7 Development

OpenCms Days 2008 Custom Widgets In OpenCms Welcome! Dan Liliedahl OpenCms 7 Development

OpenCms Days 2008 Custom Widgets In OpenCms Welcome! Dan Liliedahl OpenCms 7 Development http://www.packtpub.com/opencms-7-development/book Extending OpenCms Developing a Custom Widget Widgets in OpenCms Provides Rich User Interface

547 views • 25 slides
OpenCms Hosting Management OpenCms Spanish Community OpenCms Hispano Alejandro Alves

OpenCms Hosting Management OpenCms Spanish Community OpenCms Hispano Alejandro Alves

OpenCms Hosting Management OpenCms Spanish Community OpenCms Hispano Alejandro Alves Caldern Sergio Raposo Vargas ndice Why? Statistics Options The project The infrastructure The modules Why? Java Maintenance PHP cost vs

179 views • 17 slides
OpenCms Days 2008 Conference Opening Keynote: Status of the OpenCms Project Alexander Kandzior,

OpenCms Days 2008 Conference Opening Keynote: Status of the OpenCms Project Alexander Kandzior,

OpenCms Days 2008 Conference Opening Keynote: Status of the OpenCms Project Alexander Kandzior, CEO Alkacon Software GmbH OpenCms History OpenCms version 1 & 2: since 1995 Called MHT CLI written in C, also used with CGI

480 views • 37 slides
OpenCms Days 2008 Technical Track: Secrets of using the OpenCms CRE Michael Moossen, Alkacon

OpenCms Days 2008 Technical Track: Secrets of using the OpenCms CRE Michael Moossen, Alkacon

OpenCms Days 2008 Technical Track: Secrets of using the OpenCms CRE Michael Moossen, Alkacon Software GmbH Agenda What is the OpenCms CRE? Workplace Improvements Publishing Deleting XML Content editing

489 views • 34 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
OpenCms Days 2011 Conference Opening Keynote: Presenting OpenCms 8 Alexander Kandzior, CEO

OpenCms Days 2011 Conference Opening Keynote: Presenting OpenCms 8 Alexander Kandzior, CEO

OpenCms Days 2011 Conference Opening Keynote: Presenting OpenCms 8 Alexander Kandzior, CEO Alkacon Software GmbH OpenCms Days Sponsors Thank you very much! Organizational Details The Workshop Tracks, Keynotes and the Conference Roundup

768 views • 73 slides
OpenCms Days 2011 Workshop Track: The OpenCms 8 Demo Template Modules in Detail Polina Smagina,

OpenCms Days 2011 Workshop Track: The OpenCms 8 Demo Template Modules in Detail Polina Smagina,

OpenCms Days 2011 Workshop Track: The OpenCms 8 Demo Template Modules in Detail Polina Smagina, Alkacon Software GmbH Agenda Template comparison OpenCms 6, 7 and 8 Template III and content modules Dev Demo Template OpenCms 6 and 7

380 views • 37 slides
OpenCms Days 2011 Workshop Track: Creating Plug & Play Modules for OpenCms 8 Rdiger Kurz

OpenCms Days 2011 Workshop Track: Creating Plug & Play Modules for OpenCms 8 Rdiger Kurz

OpenCms Days 2011 Workshop Track: Creating Plug & Play Modules for OpenCms 8 Rdiger Kurz Alkacon Software GmbH Agenda Developing Web-Projects in general OpenCms Modules v7 vs. v8 The module structure The module contents

623 views • 23 slides
Jquery and OpenCms Matt Butcher Aleph-Null, Inc. http://aleph-null.tv The Strengths of OpenCms

Jquery and OpenCms Matt Butcher Aleph-Null, Inc. http://aleph-null.tv The Strengths of OpenCms

Jquery and OpenCms Matt Butcher Aleph-Null, Inc. http://aleph-null.tv The Strengths of OpenCms Built on Mature Core Technologies Solid Object-Oriented Architecture Feature-packed Workplace JSP for Templates, Structured XML for

331 views • 10 slides
OpenCms Days 2011 Workshop Track: The OpenCms 8 Content Subscription Engine Georg Westenberger,

OpenCms Days 2011 Workshop Track: The OpenCms 8 Content Subscription Engine Georg Westenberger,

OpenCms Days 2011 Workshop Track: The OpenCms 8 Content Subscription Engine Georg Westenberger, Alkacon Software GmbH Agenda Introduction Basic concepts Demonstration Using subscriptions The <cms:usertracking> tag

580 views • 30 slides
OpenCms days 2008 Using and extending OpenCms search capabilities Claus Priisholm CEO,

OpenCms days 2008 Using and extending OpenCms search capabilities Claus Priisholm CEO,

OpenCms days 2008 Using and extending OpenCms search capabilities Claus Priisholm CEO, CodeDroids ApS www.codedroids.com Contents Overview over the built-in features Searching with the default setup Indexing structured contents

686 views • 24 slides
Personalized Documents in OpenCms Dr. Martin Abel General Manager Plambeck Health GmbH OpenCms

Personalized Documents in OpenCms Dr. Martin Abel General Manager Plambeck Health GmbH OpenCms

Personalized Documents in OpenCms Dr. Martin Abel General Manager Plambeck Health GmbH OpenCms Days 2009-06-16 Dr. Martin Abel, Plambeck Health GmbH Page 1 Agenda Plambeck Health Requirements for Document Management An OpenCms Solution

610 views • 26 slides
OpenCms Days 2011 Workshop Track: Creating OpenCms 8 Container Templates (Part 1) Tobias

OpenCms Days 2011 Workshop Track: Creating OpenCms 8 Container Templates (Part 1) Tobias

OpenCms Days 2011 Workshop Track: Creating OpenCms 8 Container Templates (Part 1) Tobias Herrmann, Alkacon Software GmbH Agenda Configuration Container Page Site Map Detail Pages SEO and Detail Pages Sub Sites Group

593 views • 24 slides
OpenCms Hispano s Modules OpenCms Hispano Sergio Raposo Vargas Alejandro Alves Caldern

OpenCms Hispano s Modules OpenCms Hispano Sergio Raposo Vargas Alejandro Alves Caldern

OpenCms Hispano s Modules OpenCms Hispano Sergio Raposo Vargas Alejandro Alves Caldern Modules overview Index Forum module Components Classes Future Demo Advanced direct edit Classes How it works Future

768 views • 18 slides
Integration of OpenCMS into SAP NetWeaver Dimitry Surkov Cologne, June 2009 Agenda Integration

Integration of OpenCMS into SAP NetWeaver Dimitry Surkov Cologne, June 2009 Agenda Integration

Integration of OpenCMS into SAP NetWeaver Dimitry Surkov Cologne, June 2009 Agenda Integration of openCMS into SAP NetWeaver 1. SAP NetWeaver introduction 2. Business case: government services portal of YNAO 3. Integration: openCMS

577 views • 25 slides
Rajesh Ponnurangam Infosol The Four Big Steps 1 Preparing for the Upgrade 2 Installing BI

Rajesh Ponnurangam Infosol The Four Big Steps 1 Preparing for the Upgrade 2 Installing BI

Rajesh Ponnurangam Infosol The Four Big Steps 1 Preparing for the Upgrade 2 Installing BI Platform on Amazon Cloud (AWS) 3 Migrating Reports using Upgrade Management Tool (UMT) 4 Configuring and testing the new BI Platform Preparin

748 views • 33 slides
How I Stopped Worrying and Learned to Love Open Source David Cleary Progress Progress Who? 3

How I Stopped Worrying and Learned to Love Open Source David Cleary Progress Progress Who? 3

How I Stopped Worrying and Learned to Love Open Source David Cleary Progress Progress Who? 3 August 1984 First Shipment of Progress 2.2 "Data Language Corp. has released Progress, a high-performance application development system.

512 views • 33 slides
Altinity Building Multi-Petabyte Data Warehouses with ClickHouse Alexander Zaitsev LifeSteet,

Altinity Building Multi-Petabyte Data Warehouses with ClickHouse Alexander Zaitsev LifeSteet,

Altinity Building Multi-Petabyte Data Warehouses with ClickHouse Alexander Zaitsev LifeSteet, Altinity Percona Live Dublin, 2017 Who am I Graduated Moscow State University in 1999 Software engineer since 1997 Developed distributed

918 views • 55 slides
Introducing Erlang to OpenX Anthony Molinaro Sunday, September 22, 13 What is OpenX? An

Introducing Erlang to OpenX Anthony Molinaro Sunday, September 22, 13 What is OpenX? An

Introducing Erlang to OpenX Anthony Molinaro Sunday, September 22, 13 What is OpenX? An Open Source PHP ad server. A global company with a SAAS enterprise ad server featuring an integrated ad exchange. Both Sunday, September 22,

520 views • 27 slides
14/05/2018 Online advertising revenue in the United States from 2000 to 2016 US Display Ad

14/05/2018 Online advertising revenue in the United States from 2000 to 2016 US Display Ad

14/05/2018 Online advertising revenue in the United States from 2000 to 2016 US Display Ad Spending Share, by Type, 20112017 80 120% 72.5 70 100% 59.6 60 REVENUE IN BILION U.S. DOLLARS 80% 49.5 50 42.8 60% 36.6 40 31.7 40% 30

185 views • 7 slides
Defense Enterprise Computing Alfred J. Rivera Director, Computing Services DISA 24 May 2011

Defense Enterprise Computing Alfred J. Rivera Director, Computing Services DISA 24 May 2011

Defense Enterprise Computing Alfred J. Rivera Director, Computing Services DISA 24 May 2011 Agenda Enterprise Infrastructure DISA Computing Environment DoD Focused Computing Service Opportunities Summary 2 DISA Enterprise

341 views • 11 slides
Applications. Archan Misra, Singapore Management University archanm@smu.edu.sg Feb 17, 2012

Applications. Archan Misra, Singapore Management University archanm@smu.edu.sg Feb 17, 2012

The LiveLabs T estbed & Mobile Sensing-based Applications. Archan Misra, Singapore Management University archanm@smu.edu.sg Feb 17, 2012 UMD, 2012 Talk Outline LiveLabs: A Mobile Behavioral Experimentation Analogue of PlanetLab

691 views • 29 slides
An Integrated Active Hybrid Filter for ADSL Jim Hellums, Ph.D. TI Fellow Seminar for IEEE May

An Integrated Active Hybrid Filter for ADSL Jim Hellums, Ph.D. TI Fellow Seminar for IEEE May

An Integrated Active Hybrid Filter for ADSL Jim Hellums, Ph.D. TI Fellow Seminar for IEEE May 29, 2008 I wish to acknowledge collaborations with: Dr. Richard Hester TI Senior Fellow Outline Background System Circuits

780 views • 36 slides

More recommend