SlideShare una empresa de Scribd logo

Luminis Iv Sso 2010

Descargar como PPTX, PDF
Melissa Miller
Melissa Miller
1 de 27
Pennsylvania Banner Users Group 2010 Fall Conference SSO to Blackboard Utilizing Luminis' CAS Melissa Miller Alicia Stonesifer Manager, Web Applications Manager, Instructional Systems millermm@lasalle.edu stonesifer@lasalle.edu La Salle University Philadelphia, PA
General Announcements:  Please turn off all cell phones/pagers  If you must leave the session early, please do so as discreetly as possible  Please avoid side conversations during the session  Questions will be answered after the presentation Thank you for your cooperation
La Salle University  La Salle is a Catholic University founded by the Christian Brothers in Philadelphia in 1863.  Three campuses: North East Philadelphia, Bucks County and Montgomery County  Recent expansion projects ◦ The acquisition of Germantown Hospital for the School of Nursing and Health Sciences ◦ The expansion of Roland Holroyd Science Center to include environmentally friendly laboratories, classrooms, and lounges
La Salle University  The University student body of 7,500 students includes ◦ 3,400 full-time undergraduates ◦ 1,400 part-time undergraduates ◦ 2,700 graduate and doctoral students.  Enrollment has grown 16 percent in the past 10 years.  Students come from 44 states and 27 foreign countries  Two-thirds of undergraduates live on campus
Agenda  What is CAS?  Luminis’ CAS  Blackboard SSO
WHAT IS CAS?
CAS  Central Authentication Service  CAS is an authentication system originally created by Yale University  Provides a trusted way for an application to authenticate a user without a password
CAS  CAS involves three components- a client web browser, the web application requesting authentication, and the CAS server.  Client visits an application, the application redirects it to CAS.  CAS validates the client's authenticity
CAS  If the authentication succeeds, CAS returns the client to the application, passing along a security ticket  Application validates ticket by contacting CAS over a secure connection.  CAS passes information about whether the client has been successfully authenticated
LUMINIS CAS
Luminis CAS  “Yale CAS 2.0 is integrated by default with Luminis IV, and will issue tickets recognized by CAS-enabled clients.”  http://www.yale.edu/tp/cas/  Can be locked down to only trust specified services or applications  Usernames or Immutable ID’s can be used  See Appendix B in Luminis IV install guide for more details and Parallel deployment settings
Luminis CAS Example 1 User logs into Luminis Portal and clicks a link or Icon CAS which sends the browser to CAS with a “Service ID” 2 CAS Returns Ticket and Cookie Luminis Ticket Validation Browser redirects to the “Service” with ticket. 4 3 Web Service 5 If Ticket is valid, then continue to application Blackboard
BLACKBOARD 9 SSO
Blackboard 9 SSO  Asked BB community for help  Pointed to oscelot.org  Downloaded AutoSignOn1.0 by Mark O’Neil ◦ http://projects.oscelot.org/gf/project/autosignon/frs
Blackboard 9 SSO  Install as Building Block  Configure ◦ A Building Block file (sessionservice.class) was modified to use Username instead of Batch_UID. ◦ loadByBatchUid changed to loadByUserName,
Blackboard 9 SSO
Blackboard 9 SSO  BB is now listening for the SSO Request  Minimum URL for Request is: http://<host>/webapps/bbgs-autosignon- BBLEARN/autoSignon.do ?timestamp=<unix_epoch_time>&userId=<ubatch_uid>&auth =<mac>  So The Variables We Need Are: **Info From AutoSignon Admin Guide <host> The hostname/port of the Learn server. <unix_epoch_time> The timestamp in Unix epoch format <mac> A generated Message Authentication Code <ubatch_uid> On integrated systems, the user’s Batch Uid is equivalent to the Snapshot external person key. The Batch Uid of users created through the Learn GUI will be the same as their username.
Blackboard 9 SSO  Our Task: Write some code to build the URL  Step 1: Need to grab Username  We used phpCAS client ◦ Free, easy install ◦ Installation & Usage Instructions at https://wiki.jasig.org/display/CASC/phpCA S ◦ Also clients for .NET, JAVA, VBSCRIPT, PERL…  Next, phpCAS Sample
<? php // phpCAS simple client include_once('CAS.php'); // import phpCAS lib phpCAS::setDebug(); phpCAS::client(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // initialize phpCAS phpCAS::setNoCasServerValidation(); // no SSL validation for the CAS server phpCAS::forceAuthentication(); // force CAS authentication // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). if (isset($_REQUEST['logout'])) {phpCAS::logout();} // logout if desired // for this test, simply print that the authentication was successfull ?> <html> <head> <title>phpCAS simple client</title></head> <body> <h1>Successfull Authentication!</h1> <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p> <p>phpCAS version is <b><?php echo phpCAS::getVersion(); ?></b>.</p> <p><a href="?logout=">Logout</a></p> </body> </html>
Blackboard 9 SSO  We use phpCAS to forces user to sign-in to our portal if they have not already.  Once authenticated, phpCAS::getUser() grabs the users Portal ID which is the $userId = as their Blackboard User ID same phpCAS::getUser();
Blackboard 9 SSO  Next, We generate the Unix Time Stamp function msTimeStamp() { return round(microtime(1) * 1000); } $timestamp = msTimeStamp();
Blackboard 9 SSO  Next, We Generate the MAC  In AutoSignOn guide we are given the following: PHP Example Secure Algorithm: /* Calculates a MAC (message authentication code) from an array of strings and a secret. Sort request parameters alphabetically by parameter name first, then pass values of sorted parameters and shared secret to calculateSecureMac */ function calculateSecureMac($params, $secret) { $data = implode('', $params); // concatenate param values // get md5 of concatenated param values and secret $mac = md5($data . $secret); return $mac; }
Blackboard 9 SSO  Set Shared Secret  In Building Block:  In Our Code: // Shared Secret $secret= '12345'; // associated password
Blackboard 9 SSO  Given the sample, we built this: $params = array($timestamp, $userId); function calculateSecureMac($params, $secret) { // concatenate param values $data = implode('', $params); // get md5 of concatenated param values and secret $mac = md5($data . $secret); return $mac; } $mac = calculateSecureMac($params,$secret);
Blackboard 9 SSO  So We Have… ◦ HOST ◦ USERID ◦ TIMESTAMP ◦ MAC  Finally, Build URL and Redirect //redirect to site with required parameters header( 'Location: https://bb.myschool.edu/webapps/bbgs- autosignon-BBLEARN/autoSignon.do?timestamp=‘ .$timestamp.'&userId=' .$userId. '&auth='.$mac);
Lessons Learned

Recomendados

Claims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .newClaims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .newRavikantChaturvedi
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethAndrew Petro
 
SSL Setup for Oracle 10g AS
SSL Setup for Oracle 10g ASSSL Setup for Oracle 10g AS
SSL Setup for Oracle 10g ASEnkitec
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Vivek chan
 
Digging Deeper into Desktop and Mobile App Security
Digging Deeper into Desktop and Mobile App SecurityDigging Deeper into Desktop and Mobile App Security
Digging Deeper into Desktop and Mobile App SecuritySalesforce Developers
 
Authorization in asp
Authorization in aspAuthorization in asp
Authorization in aspOPENLANE
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Niit Care
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing onguest648519
 

Recomendados

Claims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .newClaims based authentication in share point 2010 .new
Claims based authentication in share point 2010 .newRavikantChaturvedi
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethAndrew Petro
 
SSL Setup for Oracle 10g AS
SSL Setup for Oracle 10g ASSSL Setup for Oracle 10g AS
SSL Setup for Oracle 10g ASEnkitec
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Vivek chan
 
Digging Deeper into Desktop and Mobile App Security
Digging Deeper into Desktop and Mobile App SecurityDigging Deeper into Desktop and Mobile App Security
Digging Deeper into Desktop and Mobile App SecuritySalesforce Developers
 
Authorization in asp
Authorization in aspAuthorization in asp
Authorization in aspOPENLANE
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Niit Care
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing onguest648519
 
Luminis Iv To Exchange Labs
Luminis Iv To Exchange LabsLuminis Iv To Exchange Labs
Luminis Iv To Exchange LabsMelissa Miller
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Certificate Validation using block chain
Certificate Validation using block chainCertificate Validation using block chain
Certificate Validation using block chainAshokkumarK20CS004
 
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...Puppet
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Danny Jessee
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSJohn Gasper
 
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and UtilizationDEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and UtilizationCisco DevNet
 
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap APIBuilding a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap APICisco DevNet
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxssuser865ecd
 
Whole Process PPT of LC-Latest.pptx
Whole Process PPT of LC-Latest.pptxWhole Process PPT of LC-Latest.pptx
Whole Process PPT of LC-Latest.pptxLearningChain
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...Ganesh Kumar
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerNovell
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5Julie Iskander
 
Multi-Factor Authentication for your clouds
Multi-Factor Authentication for your cloudsMulti-Factor Authentication for your clouds
Multi-Factor Authentication for your cloudsAlexandre Verkinderen
 
Azure hands on lab
Azure hands on labAzure hands on lab
Azure hands on labAtanas Gergiminov
 
Code your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnCode your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnDan Rinzel
 
Microsoft identity platform and device authorization flow to use azure servic...
Microsoft identity platform and device authorization flow to use azure servic...Microsoft identity platform and device authorization flow to use azure servic...
Microsoft identity platform and device authorization flow to use azure servic...Sunil kumar Mohanty
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicHarihara sarma
 
java and javascript api dev guide
java and javascript api dev guidejava and javascript api dev guide
java and javascript api dev guideZenita Smythe
 

Más contenido relacionado

Similar a Luminis Iv Sso 2010

Luminis Iv To Exchange Labs
Luminis Iv To Exchange LabsLuminis Iv To Exchange Labs
Luminis Iv To Exchange LabsMelissa Miller
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Certificate Validation using block chain
Certificate Validation using block chainCertificate Validation using block chain
Certificate Validation using block chainAshokkumarK20CS004
 
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...Puppet
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Danny Jessee
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSJohn Gasper
 
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and UtilizationDEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and UtilizationCisco DevNet
 
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap APIBuilding a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap APICisco DevNet
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxssuser865ecd
 
Whole Process PPT of LC-Latest.pptx
Whole Process PPT of LC-Latest.pptxWhole Process PPT of LC-Latest.pptx
Whole Process PPT of LC-Latest.pptxLearningChain
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...Ganesh Kumar
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerNovell
 
Multi-Factor Authentication for your clouds
Multi-Factor Authentication for your cloudsMulti-Factor Authentication for your clouds
Multi-Factor Authentication for your cloudsAlexandre Verkinderen
 
Code your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnCode your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnDan Rinzel
 
Microsoft identity platform and device authorization flow to use azure servic...
Microsoft identity platform and device authorization flow to use azure servic...Microsoft identity platform and device authorization flow to use azure servic...
Microsoft identity platform and device authorization flow to use azure servic...Sunil kumar Mohanty
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicHarihara sarma
 
java and javascript api dev guide
java and javascript api dev guidejava and javascript api dev guide
java and javascript api dev guideZenita Smythe
 

Similar a Luminis Iv Sso 2010 (20)

Luminis Iv To Exchange Labs
Luminis Iv To Exchange LabsLuminis Iv To Exchange Labs
Luminis Iv To Exchange Labs
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
Certificate Validation using block chain
Certificate Validation using block chainCertificate Validation using block chain
Certificate Validation using block chain
 
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...
PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at ...
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFS
 
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and UtilizationDEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
DEVNET-1120 Intercloud Fabric - AWS and Azure Account Setup and Utilization
 
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap APIBuilding a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
 
Whole Process PPT of LC-Latest.pptx
Whole Process PPT of LC-Latest.pptxWhole Process PPT of LC-Latest.pptx
Whole Process PPT of LC-Latest.pptx
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5
 
Multi-Factor Authentication for your clouds
Multi-Factor Authentication for your cloudsMulti-Factor Authentication for your clouds
Multi-Factor Authentication for your clouds
 
Azure hands on lab
Azure hands on labAzure hands on lab
Azure hands on lab
 
Code your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnCode your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard Learn
 
Microsoft identity platform and device authorization flow to use azure servic...
Microsoft identity platform and device authorization flow to use azure servic...Microsoft identity platform and device authorization flow to use azure servic...
Microsoft identity platform and device authorization flow to use azure servic...
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
 
java and javascript api dev guide
java and javascript api dev guidejava and javascript api dev guide
java and javascript api dev guide
 

Luminis Iv Sso 2010

  • 1. Pennsylvania Banner Users Group 2010 Fall Conference SSO to Blackboard Utilizing Luminis' CAS Melissa Miller Alicia Stonesifer Manager, Web Applications Manager, Instructional Systems millermm@lasalle.edu stonesifer@lasalle.edu La Salle University Philadelphia, PA
  • 2. General Announcements:  Please turn off all cell phones/pagers  If you must leave the session early, please do so as discreetly as possible  Please avoid side conversations during the session  Questions will be answered after the presentation Thank you for your cooperation
  • 3. La Salle University  La Salle is a Catholic University founded by the Christian Brothers in Philadelphia in 1863.  Three campuses: North East Philadelphia, Bucks County and Montgomery County  Recent expansion projects ◦ The acquisition of Germantown Hospital for the School of Nursing and Health Sciences ◦ The expansion of Roland Holroyd Science Center to include environmentally friendly laboratories, classrooms, and lounges
  • 4. La Salle University  The University student body of 7,500 students includes ◦ 3,400 full-time undergraduates ◦ 1,400 part-time undergraduates ◦ 2,700 graduate and doctoral students.  Enrollment has grown 16 percent in the past 10 years.  Students come from 44 states and 27 foreign countries  Two-thirds of undergraduates live on campus
  • 5. Agenda  What is CAS?  Luminis’ CAS  Blackboard SSO
  • 7. CAS  Central Authentication Service  CAS is an authentication system originally created by Yale University  Provides a trusted way for an application to authenticate a user without a password
  • 8. CAS  CAS involves three components- a client web browser, the web application requesting authentication, and the CAS server.  Client visits an application, the application redirects it to CAS.  CAS validates the client's authenticity
  • 9. CAS  If the authentication succeeds, CAS returns the client to the application, passing along a security ticket  Application validates ticket by contacting CAS over a secure connection.  CAS passes information about whether the client has been successfully authenticated
  • 11. Luminis CAS  “Yale CAS 2.0 is integrated by default with Luminis IV, and will issue tickets recognized by CAS-enabled clients.”  http://www.yale.edu/tp/cas/  Can be locked down to only trust specified services or applications  Usernames or Immutable ID’s can be used  See Appendix B in Luminis IV install guide for more details and Parallel deployment settings
  • 12. Luminis CAS Example 1 User logs into Luminis Portal and clicks a link or Icon CAS which sends the browser to CAS with a “Service ID” 2 CAS Returns Ticket and Cookie Luminis Ticket Validation Browser redirects to the “Service” with ticket. 4 3 Web Service 5 If Ticket is valid, then continue to application Blackboard
  • 14. Blackboard 9 SSO  Asked BB community for help  Pointed to oscelot.org  Downloaded AutoSignOn1.0 by Mark O’Neil ◦ http://projects.oscelot.org/gf/project/autosignon/frs
  • 15. Blackboard 9 SSO  Install as Building Block  Configure ◦ A Building Block file (sessionservice.class) was modified to use Username instead of Batch_UID. ◦ loadByBatchUid changed to loadByUserName,
  • 17.
  • 18. Blackboard 9 SSO  BB is now listening for the SSO Request  Minimum URL for Request is: http://<host>/webapps/bbgs-autosignon- BBLEARN/autoSignon.do ?timestamp=<unix_epoch_time>&userId=<ubatch_uid>&auth =<mac>  So The Variables We Need Are: **Info From AutoSignon Admin Guide <host> The hostname/port of the Learn server. <unix_epoch_time> The timestamp in Unix epoch format <mac> A generated Message Authentication Code <ubatch_uid> On integrated systems, the user’s Batch Uid is equivalent to the Snapshot external person key. The Batch Uid of users created through the Learn GUI will be the same as their username.
  • 19. Blackboard 9 SSO  Our Task: Write some code to build the URL  Step 1: Need to grab Username  We used phpCAS client ◦ Free, easy install ◦ Installation & Usage Instructions at https://wiki.jasig.org/display/CASC/phpCA S ◦ Also clients for .NET, JAVA, VBSCRIPT, PERL…  Next, phpCAS Sample
  • 20. <? php // phpCAS simple client include_once('CAS.php'); // import phpCAS lib phpCAS::setDebug(); phpCAS::client(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // initialize phpCAS phpCAS::setNoCasServerValidation(); // no SSL validation for the CAS server phpCAS::forceAuthentication(); // force CAS authentication // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). if (isset($_REQUEST['logout'])) {phpCAS::logout();} // logout if desired // for this test, simply print that the authentication was successfull ?> <html> <head> <title>phpCAS simple client</title></head> <body> <h1>Successfull Authentication!</h1> <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p> <p>phpCAS version is <b><?php echo phpCAS::getVersion(); ?></b>.</p> <p><a href="?logout=">Logout</a></p> </body> </html>
  • 21. Blackboard 9 SSO  We use phpCAS to forces user to sign-in to our portal if they have not already.  Once authenticated, phpCAS::getUser() grabs the users Portal ID which is the $userId = as their Blackboard User ID same phpCAS::getUser();
  • 22. Blackboard 9 SSO  Next, We generate the Unix Time Stamp function msTimeStamp() { return round(microtime(1) * 1000); } $timestamp = msTimeStamp();
  • 23. Blackboard 9 SSO  Next, We Generate the MAC  In AutoSignOn guide we are given the following: PHP Example Secure Algorithm: /* Calculates a MAC (message authentication code) from an array of strings and a secret. Sort request parameters alphabetically by parameter name first, then pass values of sorted parameters and shared secret to calculateSecureMac */ function calculateSecureMac($params, $secret) { $data = implode('', $params); // concatenate param values // get md5 of concatenated param values and secret $mac = md5($data . $secret); return $mac; }
  • 24. Blackboard 9 SSO  Set Shared Secret  In Building Block:  In Our Code: // Shared Secret $secret= '12345'; // associated password
  • 25. Blackboard 9 SSO  Given the sample, we built this: $params = array($timestamp, $userId); function calculateSecureMac($params, $secret) { // concatenate param values $data = implode('', $params); // get md5 of concatenated param values and secret $mac = md5($data . $secret); return $mac; } $mac = calculateSecureMac($params,$secret);
  • 26. Blackboard 9 SSO  So We Have… ◦ HOST ◦ USERID ◦ TIMESTAMP ◦ MAC  Finally, Build URL and Redirect //redirect to site with required parameters header( 'Location: https://bb.myschool.edu/webapps/bbgs- autosignon-BBLEARN/autoSignon.do?timestamp=‘ .$timestamp.'&userId=' .$userId. '&auth='.$mac);

Notas del editor

  1. Good morning everyone. My name is Melissa Miller and I work at La Salle University as the Manager of Web Applications. I am here today to talk about our method of providing Single Sign On to the Microsoft Exchange Labs email system.
  2. Some things I have learned along the way is to allow plenty of time to deal with support issues. Microsoft is working on their support model and as of this writing this is still in progress. In particular the Windows Ed Desk was a major sticking point in trying to resolved certificate issues. Make sure you are clear from the beginning on your domains and if you will have sub domains or separate domains because that changes EVERYTHING as far as they are concerned.If you can land yourself one or two senior tech support people they will be your best friends and help escalade the process in a way that you cant.