GC Integration Plan (Part II)
RoadMap
- Learning Learning Tools Interoperability - Launch Link
- Single Sign On (SSO)
- Learning Learning Tools Interoperability - Transfer Grade
- Learning Information Services
What is SSO?
LDAP, Active Directory, OAuth, OAuth2, OpenID, OpenID Connect...... None of above are SSO conceptually.
What is SSO?
A property of access control of multiple related, but independent software systems
Basic types of SSO
- Broker-Based SSO (Kerberos)
- Agent-Based SSO (C/S, client agent like ssh-agent)
- Token-Based SSO
- Broker & Agent Based SSO
- Gateway-Based SSO
http://www.tml.tkk.fi/Opinnot/Tik-110.501/1997/single_sign-on.html
http://www.tml.tkk.fi/Opinnot/Tik-110.501/1998/papers/3singlesignon/singlesign-on.htm
https://en.wikipedia.org/wiki/List_of_single_sign-on_implementations
Widely used SSO products
- CAS / Central Authentication Service
- Gluu Server
- OpenAM
- SAML
- Shibboleth
...... 50+
GC Planned SSO (CAS)
- Central Authentication Service
- Yale CAS 1.0, 2.0
- JASIG
- 3.0
https://www.apereo.org/
GC Planned SSO (CAS)
https://wiki.jasig.org/display/CAS/CAS+Threat+Modeling
GC Planned SSO (CAS)
https://github.com/dlindahl/omniauth-cas
GC Planned SSO (CAS)
- Steps
- Admin config basic attributes for CAS
- User login through CAS
- Admin config TLS for CAS
- User login CAS through TLS
GC Planned SSO (LDAP)
- Lightweight Directory Access Protocol
- An entry consists of a set of attributes.
- An attribute has a name (an attribute type or attribute description) and one or more values. The attributes are defined in a schema.
- Each entry has a unique identifier: its Distinguished Name (DN). This consists of its Relative Distinguished Name (RDN), constructed from some attribute(s) in the entry, followed by the parent entry's DN.
- LDAP is not SSO
GC Planned SSO (LDAP)
- Directory structure
GC Planned SSO (LDAP)
- Operations
- Add
- Bind
- Delete
- Search and Compare
- Modify
- Modify DN
- Extended Operations
- Abandon
- Unbind
GC Planned SSO (LDAP)
https://github.com/intridea/omniauth-ldap
http://www.rubydoc.info/gems/ruby-net-ldap
GC Planned SSO (LDAP)
- Steps
- Admin config basic attributes for LDAP
- User login through LDAP
- Admin config authorisation for LDAP
- User login through LDAP by searching and binding with authorisation
- Admin config TLS for LDAP
- User login TLS through TLS
GC Planned SSO (Active Dir)
- Directory service by Microsoft
- Originally from X.500, make use of LDAP v2, LDAP v3, Kerberos, and DNS
- Support basic LDAP protocol
- Previewed in 1999, first release in Windows 2000 server
Demo
GC Integration II
By hanyi8000
GC Integration II
- 1,879