SlideShare una empresa de Scribd logo

Srs sso-version-1.2-stable version

Descargar como DOCX, PDF
Shahzad
Shahzad
1 de 9
Single Sign On/Federation via AD FS/WIF/SAML Software Requirements Specification Group Id: F1202FBFA8 (MC110403218) Supervisor Name: Sarfraz Ahmad Awan (sawan@vu.edu.pk)
Revision History Date Version Description Author 11/2/1012 1.0 Initial Draft for all the basic MC110403218 elements of SRS document 11/5/2012 1.1 Added scope for project and MC110403218 Refined use cases. 11/5/2012 1.2 Labeled as version 1.2 send to MC110403218 Sarfraz Ahmad Awan as assignment no 1
Contents 1 Overview ............................................................................................................................ 4 1.1 Introduction ................................................................................................................. 4 1.2 Competitor solution ..................................................................................................... 4 1.3 Implementation technologies ...................................................................................... 4 2 Scope .................................................................................................................................. 5 2.1 Architecture Scope Options ........................................................................................ 5 2.1.1 Implementation via Federation Server for SSO ................................................... 5 2.1.2 Development of STS Service for SSO ................................................................. 5 2.1.3 Identity Providers to cover for SSO ..................................................................... 5 2.1.4 Service Providers to cover for SSO ..................................................................... 5 2.1.5 OS scope for SSO ................................................................................................ 5 2.1.6 SAML Implementation Scope ............................................................................. 5 3 Software Requirement ....................................................................................................... 5 3.1 Functional Software Requirement ............................................................................... 5 3.1.1 Transparent SSO .................................................................................................. 5 3.1.2 Source and destination ......................................................................................... 6 3.1.3 Administrator Console ......................................................................................... 6 3.2 Non-Functional Software Requirement ...................................................................... 6 3.2.1 Performance Requirements .................................................................................. 6 3.2.2 Security Requirements ......................................................................................... 6 4 User Case Diagram ............................................................................................................ 6 5 Use case Explanation ......................................................................................................... 7 5.1 Use Case Id 00001....................................................................................................... 7 5.2 Use Case Id 00002....................................................................................................... 8 5.3 Use Case Id 00003....................................................................................................... 9
1 Overview 1.1 Introduction Single Sign On (SSO) (also known as Enterprise Single Sign On or "ESSO") is the ability for a user to enter the same id and password to logon to multiple applications within an enterprise. As passwords are the least secure authentication mechanism, single sign on has now become known as reduced sign on (RSO) since more than one type of authentication mechanism is used according to enterprise risk models. 1.2 Competitor solution For details, please visit: http://en.wikipedia.org/wiki/List_of_single_sign-on_implementations 1.3 Implementation technologies Microsoft .Net Framework / C# WIF http://en.wikipedia.org/wiki/Windows_Identity_Foundation SAML http://en.wikipedia.org/wiki/SAML_2.0 WS-Trust http://en.wikipedia.org/wiki/WS-Trust
WS-Security http://en.wikipedia.org/wiki/WS-Security 2 Scope 2.1 Architecture Scope Options 2.1.1 Implementation via Federation Server for SSO Federation server can be implemented to handle federation mechanism for SSO. It would be best laid architecture. But can be out of scope for current course. A POC will be done to make sure that the current scope is properly under stood. Scope can be dependent on design phase of the project. 2.1.2 Development of STS Service for SSO AD FS will act as STS Service. Scope for AD FS can be dependent on design phase of the project. 2.1.3 Identity Providers to cover for SSO Currently Active directory is primary scope as Identity provider. 2.1.4 Service Providers to cover for SSO ASP .Net business applications like HR application will act as service provider for current implementation. 2.1.5 OS scope for SSO Current project will only cover Windows Server 2012 as testing and development environment for Server operating system. Current project will only cover Windows 8 as testing and development environment for client operation system. 2.1.6 SAML Implementation Scope Windows Identity Foundation have SAML 2.0 implementation as extension as explained in http://connect.microsoft.com/site1168/Downloads/DownloadDetails.aspx?DownloadID=360 88 This will be current scope of SAML 2.0 implementation. 3 Software Requirement 3.1 Functional Software Requirement 3.1.1 Transparent SSO For end user there should not be any visual indicator that user is moving from one application to another. Means for end user it should be transparent SSO.
3.1.2 Source and destination Source and destination Provider should be configurable. 3.1.3 Administrator Console There should not be any hard coding for entities evolved in solution like Identity provider or Service Provider. STS Service should not be hard coded; there must an interface to change URL for STS Service. Service accounts for solution must be configurable via UI interface. 3.2 Non-Functional Software Requirement 3.2.1 Performance Requirements SSO must be performed with no delays. Robust redirection should be provided from source to destination. 3.2.2 Security Requirements The security requirements to be met by an implementation of SSO are: SSO shall not adversely affect the resilience of the system within which it is deployed. SSO shall not adversely impact the availability of any individual system service. An SSO implementation shall audit all security relevant events which occur within the context of the XSSO. An SSO implementation shall protect all security relevant information supplied to or generated by the XSSO implementation such that other services may adequately trust the integrity and origin of all security information provided to them as part of a secondary sign-on operation. The SSO shall provide protection to security relevant information when exchanged between its own constituent components and between those components and other services. 4 User Case Diagram
Single Sign On/Federation via AD FS/WIF/SAML Configure Source «uses» «extends» Provider «uses» Provide System Provide Service Configuration Account Info Configure SSO * Provider «uses» * «extends» * Configure Destination Provider SSO Admin * * «uses» * Configure Identity * Privder Test Provider * STS Service «uses» Passing Token from Source «uses» Perform action for Notification for Provider to Destination SSO Provider change Provider * * SSO End User 5 Use case Explanation Explanation for only primary use cases (Those mainly used by actors) is written below. 5.1 Use Case Id 00001 Use Case Title Configure SSO Provider Abbreviated Title C_SSO_Provider Use Case Id 00001 Requirement Id 3.1.2 , 3.1.3 Description: It is administrative task and will be performed by SSO Admin Pre Conditions: Solution is properly installed. STS Service is already installed. Task Sequence Exceptions 1. Open MMC for SSO 2. Identify the Source or destination - type of provider to configure. 3. Provide configuration like URL or other related info. Some provider might not have URL 4. Provide Service account info for configuration like user name and Some provider might password give anonymous
access. . Post Conditions: Provider is tested and returns positive response to SSO admin. Unresolved issues: Authority: Shahzad Sarwar Modification history: Initial Draft Author: Shahzad Sarwar Description: Needs review by Course Supervisor : Sarfraz Ahmad Awan 5.2 Use Case Id 00002 Use Case Title Configure Identity Privder Abbreviated Title C_I_Privder Use Case Id 00002 Requirement Id 3.1.2 , 3.1.3 Description: It is administrative task and will be performed by SSO Admin Pre Conditions: Solution is properly installed. STS Service is already installed. Identify Provider is reachable. Task Sequence Exceptions 1. Open MMC for SSO 2. Provide Identity configuration like URL , domain name or other related Some provider might info. not have URL or domain name 3. Provide configuration like URL or other related info. Some provider might not have URL Post Conditions: Identity Provider is tested and returns positive response to SSO admin. Unresolved issues: Authority: Shahzad Sarwar Modification history: Initial Draft Author: Shahzad Sarwar
Description: Needs review by Course Supervisor : Sarfraz Ahmad Awan 5.3 Use Case Id 00003 Use Case Title Perform action for SSO Abbreviated Title P_A_F_SSO Use Case Id 00003 Requirement Id 3.1.1 Description: User will be redirected from source application to source application. Pre Conditions: Solution is properly installed. STS Service is already installed. Identify Provider is configured. Source Provider is configured. Destination Provider is configured. Task Sequence Exceptions 1. Open application for source. 2. Open application for destination. 3. Perform redirection action, that will redirect from source to destination. Post Conditions: Transparent redirection is performed from source to destination. Unresolved issues: Authority: Shahzad Sarwar Modification history: Initial Draft Author: Shahzad Sarwar Description: Needs review by Course Supervisor : Sarfraz Ahmad Awan

Recomendados

Performance tuningtoolkitintroduction
Performance tuningtoolkitintroductionPerformance tuningtoolkitintroduction
Performance tuningtoolkitintroductionRohit Kelapure
 
Mobile crm installation & configuration details
Mobile crm installation & configuration detailsMobile crm installation & configuration details
Mobile crm installation & configuration detailsArbind Tiwari
 
MMS Profile for Web Services
MMS Profile for Web ServicesMMS Profile for Web Services
MMS Profile for Web ServicesAbhijeet Ranadive
 
Cloud Intelligence - Build a Private Cloud in a 1,000 Easy Steps
Cloud Intelligence - Build a Private Cloud in a 1,000 Easy StepsCloud Intelligence - Build a Private Cloud in a 1,000 Easy Steps
Cloud Intelligence - Build a Private Cloud in a 1,000 Easy StepsHarold Wong
 
Monitoring Windows Server Systems Demo Setup
Monitoring Windows Server Systems Demo SetupMonitoring Windows Server Systems Demo Setup
Monitoring Windows Server Systems Demo SetupMicrosoft TechNet
 
FI-B328 How to Build a Microsoft Private Cloud Lab in 1,000 Tiny Steps
FI-B328 How to Build a Microsoft Private Cloud Lab in 1,000 Tiny StepsFI-B328 How to Build a Microsoft Private Cloud Lab in 1,000 Tiny Steps
FI-B328 How to Build a Microsoft Private Cloud Lab in 1,000 Tiny StepsHarold Wong
 
Mef Carrier Ethernet For Delivery Of Private Cloud Services 20120031
Mef Carrier Ethernet For Delivery Of Private Cloud Services 20120031Mef Carrier Ethernet For Delivery Of Private Cloud Services 20120031
Mef Carrier Ethernet For Delivery Of Private Cloud Services 20120031slongobardo
 
Microsoft hyper v cloud licensing myths & truths david tang
Microsoft hyper v cloud licensing myths & truths david tangMicrosoft hyper v cloud licensing myths & truths david tang
Microsoft hyper v cloud licensing myths & truths david tangMicrosoft Singapore
 

Recomendados

Performance tuningtoolkitintroduction
Performance tuningtoolkitintroductionPerformance tuningtoolkitintroduction
Performance tuningtoolkitintroductionRohit Kelapure
 
Mobile crm installation & configuration details
Mobile crm installation & configuration detailsMobile crm installation & configuration details
Mobile crm installation & configuration detailsArbind Tiwari
 
MMS Profile for Web Services
MMS Profile for Web ServicesMMS Profile for Web Services
MMS Profile for Web ServicesAbhijeet Ranadive
 
Cloud Intelligence - Build a Private Cloud in a 1,000 Easy Steps
Cloud Intelligence - Build a Private Cloud in a 1,000 Easy StepsCloud Intelligence - Build a Private Cloud in a 1,000 Easy Steps
Cloud Intelligence - Build a Private Cloud in a 1,000 Easy StepsHarold Wong
 
Monitoring Windows Server Systems Demo Setup
Monitoring Windows Server Systems Demo SetupMonitoring Windows Server Systems Demo Setup
Monitoring Windows Server Systems Demo SetupMicrosoft TechNet
 
FI-B328 How to Build a Microsoft Private Cloud Lab in 1,000 Tiny Steps
FI-B328 How to Build a Microsoft Private Cloud Lab in 1,000 Tiny StepsFI-B328 How to Build a Microsoft Private Cloud Lab in 1,000 Tiny Steps
FI-B328 How to Build a Microsoft Private Cloud Lab in 1,000 Tiny StepsHarold Wong
 
Mef Carrier Ethernet For Delivery Of Private Cloud Services 20120031
Mef Carrier Ethernet For Delivery Of Private Cloud Services 20120031Mef Carrier Ethernet For Delivery Of Private Cloud Services 20120031
Mef Carrier Ethernet For Delivery Of Private Cloud Services 20120031slongobardo
 
Microsoft hyper v cloud licensing myths & truths david tang
Microsoft hyper v cloud licensing myths & truths david tangMicrosoft hyper v cloud licensing myths & truths david tang
Microsoft hyper v cloud licensing myths & truths david tangMicrosoft Singapore
 
Private Cloud Day Session 1: Building your Private Cloud Infrastructure
Private Cloud Day Session 1: Building your Private Cloud InfrastructurePrivate Cloud Day Session 1: Building your Private Cloud Infrastructure
Private Cloud Day Session 1: Building your Private Cloud InfrastructureMicrosoft TechNet - Belgium and Luxembourg
 
Configuration guide legacy
Configuration guide legacyConfiguration guide legacy
Configuration guide legacyJuan Antonio Garrido
 
Virtual desktop scalability and performance with VMware View 5.2 and Virident...
Virtual desktop scalability and performance with VMware View 5.2 and Virident...Virtual desktop scalability and performance with VMware View 5.2 and Virident...
Virtual desktop scalability and performance with VMware View 5.2 and Virident...Principled Technologies
 
Virtual Server Web Hosting Supplementary Terms
Virtual Server Web Hosting Supplementary Terms Virtual Server Web Hosting Supplementary Terms
Virtual Server Web Hosting Supplementary Terms webhostingguy
 
Cmis 7.2 deploy
Cmis 7.2 deployCmis 7.2 deploy
Cmis 7.2 deployEswar Eluri
 
Active directory rights_management_services_luna_sa_revf
Active directory rights_management_services_luna_sa_revfActive directory rights_management_services_luna_sa_revf
Active directory rights_management_services_luna_sa_revfsandeep updahayay
 
Active directory rights_management_services_luna_sa_revf
Active directory rights_management_services_luna_sa_revfActive directory rights_management_services_luna_sa_revf
Active directory rights_management_services_luna_sa_revfBilguun Ganbat
 
Srs sso-version-1.2-stable version-0
Srs sso-version-1.2-stable version-0Srs sso-version-1.2-stable version-0
Srs sso-version-1.2-stable version-0Shahzad
 
Tc Management Srs
Tc Management SrsTc Management Srs
Tc Management Srssushilprajapati
 
Tc Management Srs
Tc Management SrsTc Management Srs
Tc Management Srssushilprajapati
 
Tc Management Srs
Tc Management SrsTc Management Srs
Tc Management Srssushilprajapati
 
Tc Management Srs
Tc Management SrsTc Management Srs
Tc Management Srssushilprajapati
 
Tc Management Srs
Tc Management SrsTc Management Srs
Tc Management Srssushilprajapati
 
Tc Management Srs
Tc Management SrsTc Management Srs
Tc Management Srssushilprajapati
 
Tideway Foundation Consolidation
Tideway Foundation ConsolidationTideway Foundation Consolidation
Tideway Foundation ConsolidationPeter Grant
 
802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for SeacoastSithideth Banavong
 
Tideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationTideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationPeter Grant
 
20090213 Friday Food Croslocis
20090213 Friday Food Croslocis20090213 Friday Food Croslocis
20090213 Friday Food Croslocisimec.archive
 
20090213 Friday Food croslocis
20090213 Friday Food croslocis20090213 Friday Food croslocis
20090213 Friday Food croslocisimec.archive
 
20240
2024020240
20240Srikanth Kumar K
 
Sharepoint 2007 Install Best Practice Phase 1
Sharepoint 2007 Install Best Practice Phase 1Sharepoint 2007 Install Best Practice Phase 1
Sharepoint 2007 Install Best Practice Phase 1LiquidHub
 
OpenSSO Tech Overview Aquarium
OpenSSO Tech Overview AquariumOpenSSO Tech Overview Aquarium
OpenSSO Tech Overview AquariumEduardo Pelegri-Llopart
 

Más contenido relacionado

La actualidad más candente

Virtual desktop scalability and performance with VMware View 5.2 and Virident...
Virtual desktop scalability and performance with VMware View 5.2 and Virident...Virtual desktop scalability and performance with VMware View 5.2 and Virident...
Virtual desktop scalability and performance with VMware View 5.2 and Virident...Principled Technologies
 
Virtual Server Web Hosting Supplementary Terms
Virtual Server Web Hosting Supplementary Terms Virtual Server Web Hosting Supplementary Terms
Virtual Server Web Hosting Supplementary Terms webhostingguy
 
Active directory rights_management_services_luna_sa_revf
Active directory rights_management_services_luna_sa_revfActive directory rights_management_services_luna_sa_revf
Active directory rights_management_services_luna_sa_revfsandeep updahayay
 
Active directory rights_management_services_luna_sa_revf
Active directory rights_management_services_luna_sa_revfActive directory rights_management_services_luna_sa_revf
Active directory rights_management_services_luna_sa_revfBilguun Ganbat
 

La actualidad más candente (7)

Private Cloud Day Session 1: Building your Private Cloud Infrastructure
Private Cloud Day Session 1: Building your Private Cloud InfrastructurePrivate Cloud Day Session 1: Building your Private Cloud Infrastructure
Private Cloud Day Session 1: Building your Private Cloud Infrastructure
 
Configuration guide legacy
Configuration guide legacyConfiguration guide legacy
Configuration guide legacy
 
Virtual desktop scalability and performance with VMware View 5.2 and Virident...
Virtual desktop scalability and performance with VMware View 5.2 and Virident...Virtual desktop scalability and performance with VMware View 5.2 and Virident...
Virtual desktop scalability and performance with VMware View 5.2 and Virident...
 
Virtual Server Web Hosting Supplementary Terms
Virtual Server Web Hosting Supplementary Terms Virtual Server Web Hosting Supplementary Terms
Virtual Server Web Hosting Supplementary Terms
 
Cmis 7.2 deploy
Cmis 7.2 deployCmis 7.2 deploy
Cmis 7.2 deploy
 
Active directory rights_management_services_luna_sa_revf
Active directory rights_management_services_luna_sa_revfActive directory rights_management_services_luna_sa_revf
Active directory rights_management_services_luna_sa_revf
 
Active directory rights_management_services_luna_sa_revf
Active directory rights_management_services_luna_sa_revfActive directory rights_management_services_luna_sa_revf
Active directory rights_management_services_luna_sa_revf
 

Similar a Srs sso-version-1.2-stable version

Srs sso-version-1.2-stable version-0
Srs sso-version-1.2-stable version-0Srs sso-version-1.2-stable version-0
Srs sso-version-1.2-stable version-0Shahzad
 
Tideway Foundation Consolidation
Tideway Foundation ConsolidationTideway Foundation Consolidation
Tideway Foundation ConsolidationPeter Grant
 
802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for SeacoastSithideth Banavong
 
Tideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationTideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationPeter Grant
 
20090213 Friday Food Croslocis
20090213 Friday Food Croslocis20090213 Friday Food Croslocis
20090213 Friday Food Croslocisimec.archive
 
20090213 Friday Food croslocis
20090213 Friday Food croslocis20090213 Friday Food croslocis
20090213 Friday Food croslocisimec.archive
 
Sharepoint 2007 Install Best Practice Phase 1
Sharepoint 2007 Install Best Practice Phase 1Sharepoint 2007 Install Best Practice Phase 1
Sharepoint 2007 Install Best Practice Phase 1LiquidHub
 
Protocol
ProtocolProtocol
Protocolm_bahba
 
Major Project Chand Piyush 2011
Major Project Chand Piyush 2011Major Project Chand Piyush 2011
Major Project Chand Piyush 2011Piyush Chand
 
sReliable Locksmith Services in Austin, Texas: Your Trusted Security Partner
sReliable Locksmith Services in Austin, Texas: Your Trusted Security PartnersReliable Locksmith Services in Austin, Texas: Your Trusted Security Partner
sReliable Locksmith Services in Austin, Texas: Your Trusted Security PartnerTXP Locksmith
 

Similar a Srs sso-version-1.2-stable version (20)

Srs sso-version-1.2-stable version-0
Srs sso-version-1.2-stable version-0Srs sso-version-1.2-stable version-0
Srs sso-version-1.2-stable version-0
 
Tc Management Srs
Tc Management SrsTc Management Srs
Tc Management Srs
 
Tc Management Srs
Tc Management SrsTc Management Srs
Tc Management Srs
 
Tc Management Srs
Tc Management SrsTc Management Srs
Tc Management Srs
 
Tc Management Srs
Tc Management SrsTc Management Srs
Tc Management Srs
 
Tc Management Srs
Tc Management SrsTc Management Srs
Tc Management Srs
 
Tc Management Srs
Tc Management SrsTc Management Srs
Tc Management Srs
 
Tideway Foundation Consolidation
Tideway Foundation ConsolidationTideway Foundation Consolidation
Tideway Foundation Consolidation
 
802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast
 
Tideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb PopulationTideway Foundation 7.2 Cmdb Population
Tideway Foundation 7.2 Cmdb Population
 
20090213 Friday Food Croslocis
20090213 Friday Food Croslocis20090213 Friday Food Croslocis
20090213 Friday Food Croslocis
 
20090213 Friday Food croslocis
20090213 Friday Food croslocis20090213 Friday Food croslocis
20090213 Friday Food croslocis
 
20240
2024020240
20240
 
Sharepoint 2007 Install Best Practice Phase 1
Sharepoint 2007 Install Best Practice Phase 1Sharepoint 2007 Install Best Practice Phase 1
Sharepoint 2007 Install Best Practice Phase 1
 
OpenSSO Tech Overview Aquarium
OpenSSO Tech Overview AquariumOpenSSO Tech Overview Aquarium
OpenSSO Tech Overview Aquarium
 
Protocol
ProtocolProtocol
Protocol
 
Major Project Chand Piyush 2011
Major Project Chand Piyush 2011Major Project Chand Piyush 2011
Major Project Chand Piyush 2011
 
sReliable Locksmith Services in Austin, Texas: Your Trusted Security Partner
sReliable Locksmith Services in Austin, Texas: Your Trusted Security PartnersReliable Locksmith Services in Austin, Texas: Your Trusted Security Partner
sReliable Locksmith Services in Austin, Texas: Your Trusted Security Partner
 
Microservices
MicroservicesMicroservices
Microservices
 
Dinesh Wp Siebel Crm To Fusion Crm
Dinesh Wp Siebel Crm To Fusion CrmDinesh Wp Siebel Crm To Fusion Crm
Dinesh Wp Siebel Crm To Fusion Crm
 

Más de Shahzad

Exploration note - none windows based authentication for WCF
Exploration note - none windows based authentication for WCFExploration note - none windows based authentication for WCF
Exploration note - none windows based authentication for WCFShahzad
 
To study pcms pegasus erp cargo management system-release-7 from architectu...
To study pcms pegasus erp cargo management system-release-7 from architectu...To study pcms pegasus erp cargo management system-release-7 from architectu...
To study pcms pegasus erp cargo management system-release-7 from architectu...Shahzad
 
To study pcms pegasus erp cargo management system-release-6 from architectu...
To study pcms pegasus erp cargo management system-release-6 from architectu...To study pcms pegasus erp cargo management system-release-6 from architectu...
To study pcms pegasus erp cargo management system-release-6 from architectu...Shahzad
 
Pakistan management
Pakistan managementPakistan management
Pakistan managementShahzad
 
Corporate lessons
Corporate lessonsCorporate lessons
Corporate lessonsShahzad
 
What is future of web with reference to html5 will it devalue current present...
What is future of web with reference to html5 will it devalue current present...What is future of web with reference to html5 will it devalue current present...
What is future of web with reference to html5 will it devalue current present...Shahzad
 
Software architecture to analyze licensing needs for pcms- pegasus cargo ma...
Software architecture to analyze licensing needs for pcms- pegasus cargo ma...Software architecture to analyze licensing needs for pcms- pegasus cargo ma...
Software architecture to analyze licensing needs for pcms- pegasus cargo ma...Shahzad
 
A cross referenced whitepaper on cloud computing
A cross referenced whitepaper on cloud computingA cross referenced whitepaper on cloud computing
A cross referenced whitepaper on cloud computingShahzad
 
Software architecture case study - why and why not sql server replication
Software architecture case study - why and why not sql server replicationSoftware architecture case study - why and why not sql server replication
Software architecture case study - why and why not sql server replicationShahzad
 
Software Architecture New Features of Visual Studio 2010 / .Net 4.0 - Part 1...
Software Architecture New Features of Visual Studio 2010 / .Net 4.0 - Part 1...Software Architecture New Features of Visual Studio 2010 / .Net 4.0 - Part 1...
Software Architecture New Features of Visual Studio 2010 / .Net 4.0 - Part 1...Shahzad
 
From Windows Presentation Foundation To Silverlight
From Windows Presentation Foundation To SilverlightFrom Windows Presentation Foundation To Silverlight
From Windows Presentation Foundation To SilverlightShahzad
 
To Study The Tips Tricks Guidelines Related To Performance Tuning For N Hib...
To Study The Tips Tricks Guidelines Related To Performance Tuning For N Hib...To Study The Tips Tricks Guidelines Related To Performance Tuning For N Hib...
To Study The Tips Tricks Guidelines Related To Performance Tuning For N Hib...Shahzad
 
To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...
To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...
To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...Shahzad
 
To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...
To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...
To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...Shahzad
 
To Analyze Cargo Loading Optimization Algorithm
To Analyze Cargo Loading Optimization AlgorithmTo Analyze Cargo Loading Optimization Algorithm
To Analyze Cargo Loading Optimization AlgorithmShahzad
 
Whitepaper To Study Filestream Option In Sql Server
Whitepaper To Study Filestream Option In Sql ServerWhitepaper To Study Filestream Option In Sql Server
Whitepaper To Study Filestream Option In Sql ServerShahzad
 
White Paper On ConCurrency For PCMS Application Architecture
White Paper On ConCurrency For PCMS Application ArchitectureWhite Paper On ConCurrency For PCMS Application Architecture
White Paper On ConCurrency For PCMS Application ArchitectureShahzad
 
Case Study For Replication For PCMS
Case Study For Replication For PCMSCase Study For Replication For PCMS
Case Study For Replication For PCMSShahzad
 
Data Structure In C#
Data Structure In C#Data Structure In C#
Data Structure In C#Shahzad
 

Más de Shahzad (20)

Exploration note - none windows based authentication for WCF
Exploration note - none windows based authentication for WCFExploration note - none windows based authentication for WCF
Exploration note - none windows based authentication for WCF
 
To study pcms pegasus erp cargo management system-release-7 from architectu...
To study pcms pegasus erp cargo management system-release-7 from architectu...To study pcms pegasus erp cargo management system-release-7 from architectu...
To study pcms pegasus erp cargo management system-release-7 from architectu...
 
To study pcms pegasus erp cargo management system-release-6 from architectu...
To study pcms pegasus erp cargo management system-release-6 from architectu...To study pcms pegasus erp cargo management system-release-6 from architectu...
To study pcms pegasus erp cargo management system-release-6 from architectu...
 
Pakistan management
Pakistan managementPakistan management
Pakistan management
 
Corporate lessons
Corporate lessonsCorporate lessons
Corporate lessons
 
What is future of web with reference to html5 will it devalue current present...
What is future of web with reference to html5 will it devalue current present...What is future of web with reference to html5 will it devalue current present...
What is future of web with reference to html5 will it devalue current present...
 
Software architecture to analyze licensing needs for pcms- pegasus cargo ma...
Software architecture to analyze licensing needs for pcms- pegasus cargo ma...Software architecture to analyze licensing needs for pcms- pegasus cargo ma...
Software architecture to analyze licensing needs for pcms- pegasus cargo ma...
 
A cross referenced whitepaper on cloud computing
A cross referenced whitepaper on cloud computingA cross referenced whitepaper on cloud computing
A cross referenced whitepaper on cloud computing
 
Software architecture case study - why and why not sql server replication
Software architecture case study - why and why not sql server replicationSoftware architecture case study - why and why not sql server replication
Software architecture case study - why and why not sql server replication
 
Software Architecture New Features of Visual Studio 2010 / .Net 4.0 - Part 1...
Software Architecture New Features of Visual Studio 2010 / .Net 4.0 - Part 1...Software Architecture New Features of Visual Studio 2010 / .Net 4.0 - Part 1...
Software Architecture New Features of Visual Studio 2010 / .Net 4.0 - Part 1...
 
From Windows Presentation Foundation To Silverlight
From Windows Presentation Foundation To SilverlightFrom Windows Presentation Foundation To Silverlight
From Windows Presentation Foundation To Silverlight
 
To Study The Tips Tricks Guidelines Related To Performance Tuning For N Hib...
To Study The Tips Tricks Guidelines Related To Performance Tuning For N Hib...To Study The Tips Tricks Guidelines Related To Performance Tuning For N Hib...
To Study The Tips Tricks Guidelines Related To Performance Tuning For N Hib...
 
To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...
To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...
To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...
 
To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...
To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...
To Study E T L ( Extract, Transform, Load) Tools Specially S Q L Server I...
 
To Analyze Cargo Loading Optimization Algorithm
To Analyze Cargo Loading Optimization AlgorithmTo Analyze Cargo Loading Optimization Algorithm
To Analyze Cargo Loading Optimization Algorithm
 
Asp
AspAsp
Asp
 
Whitepaper To Study Filestream Option In Sql Server
Whitepaper To Study Filestream Option In Sql ServerWhitepaper To Study Filestream Option In Sql Server
Whitepaper To Study Filestream Option In Sql Server
 
White Paper On ConCurrency For PCMS Application Architecture
White Paper On ConCurrency For PCMS Application ArchitectureWhite Paper On ConCurrency For PCMS Application Architecture
White Paper On ConCurrency For PCMS Application Architecture
 
Case Study For Replication For PCMS
Case Study For Replication For PCMSCase Study For Replication For PCMS
Case Study For Replication For PCMS
 
Data Structure In C#
Data Structure In C#Data Structure In C#
Data Structure In C#
 

Srs sso-version-1.2-stable version

  • 1. Single Sign On/Federation via AD FS/WIF/SAML Software Requirements Specification Group Id: F1202FBFA8 (MC110403218) Supervisor Name: Sarfraz Ahmad Awan (sawan@vu.edu.pk)
  • 2. Revision History Date Version Description Author 11/2/1012 1.0 Initial Draft for all the basic MC110403218 elements of SRS document 11/5/2012 1.1 Added scope for project and MC110403218 Refined use cases. 11/5/2012 1.2 Labeled as version 1.2 send to MC110403218 Sarfraz Ahmad Awan as assignment no 1
  • 3. Contents 1 Overview ............................................................................................................................ 4 1.1 Introduction ................................................................................................................. 4 1.2 Competitor solution ..................................................................................................... 4 1.3 Implementation technologies ...................................................................................... 4 2 Scope .................................................................................................................................. 5 2.1 Architecture Scope Options ........................................................................................ 5 2.1.1 Implementation via Federation Server for SSO ................................................... 5 2.1.2 Development of STS Service for SSO ................................................................. 5 2.1.3 Identity Providers to cover for SSO ..................................................................... 5 2.1.4 Service Providers to cover for SSO ..................................................................... 5 2.1.5 OS scope for SSO ................................................................................................ 5 2.1.6 SAML Implementation Scope ............................................................................. 5 3 Software Requirement ....................................................................................................... 5 3.1 Functional Software Requirement ............................................................................... 5 3.1.1 Transparent SSO .................................................................................................. 5 3.1.2 Source and destination ......................................................................................... 6 3.1.3 Administrator Console ......................................................................................... 6 3.2 Non-Functional Software Requirement ...................................................................... 6 3.2.1 Performance Requirements .................................................................................. 6 3.2.2 Security Requirements ......................................................................................... 6 4 User Case Diagram ............................................................................................................ 6 5 Use case Explanation ......................................................................................................... 7 5.1 Use Case Id 00001....................................................................................................... 7 5.2 Use Case Id 00002....................................................................................................... 8 5.3 Use Case Id 00003....................................................................................................... 9
  • 4. 1 Overview 1.1 Introduction Single Sign On (SSO) (also known as Enterprise Single Sign On or "ESSO") is the ability for a user to enter the same id and password to logon to multiple applications within an enterprise. As passwords are the least secure authentication mechanism, single sign on has now become known as reduced sign on (RSO) since more than one type of authentication mechanism is used according to enterprise risk models. 1.2 Competitor solution For details, please visit: http://en.wikipedia.org/wiki/List_of_single_sign-on_implementations 1.3 Implementation technologies Microsoft .Net Framework / C# WIF http://en.wikipedia.org/wiki/Windows_Identity_Foundation SAML http://en.wikipedia.org/wiki/SAML_2.0 WS-Trust http://en.wikipedia.org/wiki/WS-Trust
  • 5. WS-Security http://en.wikipedia.org/wiki/WS-Security 2 Scope 2.1 Architecture Scope Options 2.1.1 Implementation via Federation Server for SSO Federation server can be implemented to handle federation mechanism for SSO. It would be best laid architecture. But can be out of scope for current course. A POC will be done to make sure that the current scope is properly under stood. Scope can be dependent on design phase of the project. 2.1.2 Development of STS Service for SSO AD FS will act as STS Service. Scope for AD FS can be dependent on design phase of the project. 2.1.3 Identity Providers to cover for SSO Currently Active directory is primary scope as Identity provider. 2.1.4 Service Providers to cover for SSO ASP .Net business applications like HR application will act as service provider for current implementation. 2.1.5 OS scope for SSO Current project will only cover Windows Server 2012 as testing and development environment for Server operating system. Current project will only cover Windows 8 as testing and development environment for client operation system. 2.1.6 SAML Implementation Scope Windows Identity Foundation have SAML 2.0 implementation as extension as explained in http://connect.microsoft.com/site1168/Downloads/DownloadDetails.aspx?DownloadID=360 88 This will be current scope of SAML 2.0 implementation. 3 Software Requirement 3.1 Functional Software Requirement 3.1.1 Transparent SSO For end user there should not be any visual indicator that user is moving from one application to another. Means for end user it should be transparent SSO.
  • 6. 3.1.2 Source and destination Source and destination Provider should be configurable. 3.1.3 Administrator Console There should not be any hard coding for entities evolved in solution like Identity provider or Service Provider. STS Service should not be hard coded; there must an interface to change URL for STS Service. Service accounts for solution must be configurable via UI interface. 3.2 Non-Functional Software Requirement 3.2.1 Performance Requirements SSO must be performed with no delays. Robust redirection should be provided from source to destination. 3.2.2 Security Requirements The security requirements to be met by an implementation of SSO are: SSO shall not adversely affect the resilience of the system within which it is deployed. SSO shall not adversely impact the availability of any individual system service. An SSO implementation shall audit all security relevant events which occur within the context of the XSSO. An SSO implementation shall protect all security relevant information supplied to or generated by the XSSO implementation such that other services may adequately trust the integrity and origin of all security information provided to them as part of a secondary sign-on operation. The SSO shall provide protection to security relevant information when exchanged between its own constituent components and between those components and other services. 4 User Case Diagram
  • 7. Single Sign On/Federation via AD FS/WIF/SAML Configure Source «uses» «extends» Provider «uses» Provide System Provide Service Configuration Account Info Configure SSO * Provider «uses» * «extends» * Configure Destination Provider SSO Admin * * «uses» * Configure Identity * Privder Test Provider * STS Service «uses» Passing Token from Source «uses» Perform action for Notification for Provider to Destination SSO Provider change Provider * * SSO End User 5 Use case Explanation Explanation for only primary use cases (Those mainly used by actors) is written below. 5.1 Use Case Id 00001 Use Case Title Configure SSO Provider Abbreviated Title C_SSO_Provider Use Case Id 00001 Requirement Id 3.1.2 , 3.1.3 Description: It is administrative task and will be performed by SSO Admin Pre Conditions: Solution is properly installed. STS Service is already installed. Task Sequence Exceptions 1. Open MMC for SSO 2. Identify the Source or destination - type of provider to configure. 3. Provide configuration like URL or other related info. Some provider might not have URL 4. Provide Service account info for configuration like user name and Some provider might password give anonymous
  • 8. access. . Post Conditions: Provider is tested and returns positive response to SSO admin. Unresolved issues: Authority: Shahzad Sarwar Modification history: Initial Draft Author: Shahzad Sarwar Description: Needs review by Course Supervisor : Sarfraz Ahmad Awan 5.2 Use Case Id 00002 Use Case Title Configure Identity Privder Abbreviated Title C_I_Privder Use Case Id 00002 Requirement Id 3.1.2 , 3.1.3 Description: It is administrative task and will be performed by SSO Admin Pre Conditions: Solution is properly installed. STS Service is already installed. Identify Provider is reachable. Task Sequence Exceptions 1. Open MMC for SSO 2. Provide Identity configuration like URL , domain name or other related Some provider might info. not have URL or domain name 3. Provide configuration like URL or other related info. Some provider might not have URL Post Conditions: Identity Provider is tested and returns positive response to SSO admin. Unresolved issues: Authority: Shahzad Sarwar Modification history: Initial Draft Author: Shahzad Sarwar
  • 9. Description: Needs review by Course Supervisor : Sarfraz Ahmad Awan 5.3 Use Case Id 00003 Use Case Title Perform action for SSO Abbreviated Title P_A_F_SSO Use Case Id 00003 Requirement Id 3.1.1 Description: User will be redirected from source application to source application. Pre Conditions: Solution is properly installed. STS Service is already installed. Identify Provider is configured. Source Provider is configured. Destination Provider is configured. Task Sequence Exceptions 1. Open application for source. 2. Open application for destination. 3. Perform redirection action, that will redirect from source to destination. Post Conditions: Transparent redirection is performed from source to destination. Unresolved issues: Authority: Shahzad Sarwar Modification history: Initial Draft Author: Shahzad Sarwar Description: Needs review by Course Supervisor : Sarfraz Ahmad Awan