GC Integration Plan (Part II)

RoadMap

  • Learning Learning Tools Interoperability - Launch Link

 

  • Single Sign On (SSO)

 

  • Learning Learning Tools Interoperability - Transfer Grade

 

  • Learning Information Services

What is SSO?

LDAP, Active Directory, OAuth, OAuth2, OpenID, OpenID Connect...... None of above are SSO conceptually.

What is SSO?

A property of access control of multiple related, but independent software systems

Basic types of SSO

  • Broker-Based SSO (Kerberos)
  • Agent-Based SSO (C/S, client agent like ssh-agent)
  • Token-Based SSO
  • Broker & Agent Based SSO
  • Gateway-Based SSO

 

 

http://www.tml.tkk.fi/Opinnot/Tik-110.501/1997/single_sign-on.html

http://www.tml.tkk.fi/Opinnot/Tik-110.501/1998/papers/3singlesignon/singlesign-on.htm

https://en.wikipedia.org/wiki/List_of_single_sign-on_implementations

Widely used SSO products

  • CAS / Central Authentication Service
  • Gluu Server
  • OpenAM
  • SAML
  • Shibboleth

                           ...... 50+ 

GC Planned SSO (CAS)

  • Central Authentication Service
  • Yale CAS 1.0, 2.0
  • JASIG
  • 3.0

https://www.apereo.org/

GC Planned SSO (CAS)

https://wiki.jasig.org/display/CAS/CAS+Threat+Modeling

GC Planned SSO (CAS)

https://github.com/dlindahl/omniauth-cas

GC Planned SSO (CAS)

  • Steps
  1. Admin config basic attributes for CAS
  2. User login through CAS
  3. Admin config TLS for CAS
  4. User login CAS through TLS

GC Planned SSO (LDAP)

  • Lightweight Directory Access Protocol
  • An entry consists of a set of attributes.
  • An attribute has a name (an attribute type or attribute description) and one or more values. The attributes are defined in a schema.
  • Each entry has a unique identifier: its Distinguished Name (DN). This consists of its Relative Distinguished Name (RDN), constructed from some attribute(s) in the entry, followed by the parent entry's DN.
  • LDAP is not SSO

GC Planned SSO (LDAP)

  • Directory structure

GC Planned SSO (LDAP)

  • Operations
  • Add
  • Bind
  • Delete
  • Search and Compare
  • Modify
  • Modify DN
  • Extended Operations
  • Abandon
  • Unbind

GC Planned SSO (LDAP)

https://github.com/intridea/omniauth-ldap

http://www.rubydoc.info/gems/ruby-net-ldap

GC Planned SSO (LDAP)

  • Steps
  1. Admin config basic attributes for LDAP
  2. User login through LDAP
  3. Admin config authorisation for LDAP
  4. User login through LDAP by searching and binding with authorisation
  5. Admin config TLS for LDAP
  6. User login TLS through TLS

GC Planned SSO (Active Dir)

  • Directory service by Microsoft
  • Originally from X.500, make use of LDAP v2, LDAP v3, Kerberos, and DNS
  • Support basic LDAP protocol
  • Previewed in 1999, first release in Windows 2000 server

Demo

GC Integration II

By hanyi8000

GC Integration II

  • 1,879