Here is a quick diagram of the ULV SSO/Sync Application. Number 3 is what we deal with in this document.
|
|
- Erica Arnold
- 8 years ago
- Views:
Transcription
1 University of La Verne Single-SignOn Project How this Single-SignOn thing is built, the requirements, and all the gotchas. Kenny Katzgrau, August 25, 2008 Contents: Pre-requisites Overview of ULV Project How is this project set up? o What is SimpleSAMLphp? o What is Zend? o What does LTech s code do? o Major Function documentation o The LTech Hook/Patch o Where are actual page layouts are kept? The flow of application usage Configuring Debugging Server Prerequisites PHP gotchas Prerequisites: Before you keep reading, it s pretty important to have a good grip on what single sign-on is, and also what SAML is all about. Because this document is specifically about the ULV project, I won t get into it here. You can read more about SSO at: Here is a quick diagram of the ULV SSO/Sync Application. Number 3 is what we deal with in this document.
2 Overview of the University of La Verne Project: When Google sends our SSO application a SignOn request, it comes with a SAML request. In a regular SSO application, the app would ask the user to enter their login information, the app would authenticate them with the client s LDAP directory, and then the app would sign the SAML request and send them back to Google, and they would be logged in. For ULV, things happen differently. When the user enters their information, the app is required to: 1. Check to see if the user exists 2. Check to see if their password is expired ( hasn t been changed in 180 days). If it is expired, force them to change it (We supply that functionality too). 3. Check to see that the user hasn t made 3 consecutive failed logins (if they did, lock them out). If they are locked out, keep them out for 30 minutes. 4. Check to see if the User/Password Binds (Logs In) to the LDAP directory. If the user passes all these checks, we sign their SAML request, and they mosey along to Google. If in the event of something else occurring:
3 The username doesn t even exist: Load up the login page, and just display the Username/Password combination does not exist message. The password is expired: Checking if the password is expired requires looking up the username (which we now confirmed DOES exist), and checking the appropriate LDAP attribute to see if this user needs to change their password. If they need to, redirect them to Change Password Page. To change the password, make the user enter their old password and new password. Then make sure the new password passes the rules required by La Verne: It has a number in it It has an upper-case letter in it It has a lower-case letter in it It is not one of their last 10 passwords Checking the first 3 rules is easy, checking the last requires an LDAP lookup of that user, getting the appropriate attribute, and checking for matches. When we pass all the requirements, we change the password in both LDAP, and Google Apps. This is discussed in a bit. The user is locked out: If the user fails to log in, log that timestamp in the appropriate attribute in their LDAP record, and increment a fail count in their record as well. If the user has made 3 or more consecutive failed login attempts, display message telling them they have been locked out for 30 minutes. If 30 minutes has passed since their last failed login, allow an additional login attempt. If they succeed, reset the failed logins count and delete the attribute which holds the failed login time. Read this for the official requirements from ULV: %20Requirements.doc Overview of the University of La Verne Project: Before I get into the flow of the project, let s talk about the major code bases in it. What is SimpleSAMLphp? SimpleSAML php is a library whose whole purpose is to provide a SingleSignOn service. It natively supports talking to an LDAP directory, authenticating the user, and sending them back. Because of the extended requirements, there is a lot more needed from LDAP than simple authentication. Not only does the user need to be authenticated, but we have to do everything
4 mentioned in the previous sections. For this reason, we handle the authentication procedure instead. This is discussed later. SimpleSAMLphp s core usefulness is signing the SAML request, but it also acts as the web application. At this point, I want to make it clear that LTech s code exists to handle custom requirements from ULV. It s also important to note that SimpleSAMLphp s code is half-procedural, half Object-Oriented oriented framework. Modifying SimpleSAML s core code is not recommended, and doing is not required by any custom requirements. SimpleSAMLphp is recommended by Google, and is the standard for PHP Single Sign on apps. SimpleSAML provides a pure-script alternative to installing a number of dependencies, preventing a portability nightmare It is extremely unlikely that you will ever have to modify the core SimpleSAMLphp code, except for that mentioned in this document. Everything in the root of the application, except the ULV, LTech, and ChangePassword.php folders/files is SimpleSAMLphp s. This is its default layout. There are also several requirements you need to meet to make SimpleSAMLphp work correctly on any server. That is discussed in the Server Prerequisites section. What is Zend? Zend is the name of a company that created a very helpful library named Zend_GData. This library can be used to modify the settings of a user account in Google Apps. As long as you have the administrator account name and password, you can use this library to modify any account under his domain. In this SSO App, this library is only used to change a user s password. You cannot retrieve a password, only change it. What does LTech s code do? LTech s code is the API that performs all of the important stuff mentioned above. All the necessary tasks needed for the SSO application have been created. For instance, if you wanted to check whether a user exists, there is a function just to do that. It is unlikely that you will ever need to talk to LDAP directly (although I have tried to make it as easy as possible if you want to). Major Function Documentation: LTech s code is also completely Object-Oriented. There are 3 classes which perform all of the functionality needed at the time of this writing. They are (In order of abstraction): Class Name File Description ULV_LdapGdataManager /ULV/LdapGdataManager.php Contains two major functions: Login, and Change Password. Login: Does all necessary checking of rules on
5 passwords, and changes passwords in LDAP and Google Apps. One-Stop shopping for performing a full login. Returns a constant depending on what the status was (define in the class). ULV_UserDirectory /ULV/UserDirectory Contains all the major functions that ULV_LdapGdataManager uses. You use ULV_UserDirectory to do any interaction with LDAP. It has many functions, which are documented in a bit. LTech_Ldap /LTech/Ldap.php Is the actual object used by ULV_UserDirectory to talk to LDAP. This class is completely reusable in any PHP-Ldap application. It is highly recommended to use this Kenny Katzgrau innovation instead of the low level PHP Ldap API. There are also 2 utility classes used: Class Name File Description ULV_Utilities /ULV/Utilities.php Contains utility functions such as Encryption/Decryption, validating passwords, redirecting users to pages, converting LDAP Timestamps, loading templates, etc. Depends on LTech_Utilities. LTech_Utilities_String /LTech/Utilities/String.php Contains reusable functions for dealing with strings that aren t built in to PHP. For example, does this string have a number in it? Used by ULV_Utilities.
6 There is 1 Configuration File: Class Name File Description ULV_Config /ULV/Config Contains all the configuration constants used by the application. This file is one-stop shopping for configuration changes. Look it over and see all the awesome stuff you can change on the fly. As you may have been able to tell, both Zend and LTech s code follow a very useful naming convention. Class names are somewhat of a C# namespace. If a class is kept in /Path/To/Class.php, the actual class name is made Path_To_Class. This is important, because in a PHP app, it isn t always obvious where a class is coming from. Another readability design used is naming functions and variables with occasionally long, but highly descriptive names. Take the ULV_UserDirectories doesuserexist( function. Can you guess what it does? LTech s Code performs the following functions, in the following files (only major functions are mentioned). ULV_LdapGdataManager Function ChangePassword ( $userid, $newpassword, $oldpassword ) Login( $username, $password) ULV_UserDirectory Function construct addtouserpasswordhistory( $username, $password ) Description Checks the new password for validity, changes the Ldap password, and then changes the Google apps password. Returns a status constant: Password_Changed Password_UnChanged_Invalid_Login Password_UnChanged_NoUser Password_UnChanged_Reqs Password_UnChanged_History Password_UnChanged_Fail Authenticates the user against LDAP, returns a status constant: Login_User_Failed Login_Expired Login_Locked Login_Password_Failed Description Creates a new UserDirectory object, all ready to talk to LDAP. LDAP connection info is set in the config. Adds a passwords to the specified user s history of used passwords. (That attribute is in the config)
7 changeuserpassword( $username, $password ) getuserinfobyusername( getuserattribute( $username, $attribute, $indexvalue = -1 ) getfirstuserattributevalue( $username, $attribute ) getlastknownuserpassword( iscorrectuserpass( $username, $password ) ispasswordexpired( isuserlockedout ( loguserloginfail( makednfromusername ( resetfailedlogincount( saveattribute( $username, $attributename, $attributevalue ) saveattributes( $username, $attributesarray ) doesuserexist( getinstance() Changes a user s LDAP password, with no checking, validation, or anything. Gets a user s entire LDAP record. Gets a specific attribute from a user s LDAP record. Gets the first value of a potentially multivalued attribute in a user s LDAP record. Gets the last user password changed in our system. If the password was modified outside of our App, we don t know that. Attempts a bind against the LDAP directory with the specified username and password. Returns true or false depending on if the user/pass worked. Checks to see is the user s password is expired beyond the number of days set in the config. Checks to see if the user has failed a login more than the number of times set in the config. Increments the failed login count, sets the lockout time, and adds a timestamp to a failed login date list. Creates a user s DN from the dn template in the config. Guess. Saves an attribute in a user s directory. Saves a user s attribute, which is specified in a name/value pair array. Checks to see if that user has an entry in the LDAP directory. Gets a running instance of the UserDirectory object. Use this to maintain and use one connection in several different parts of a script. The LTech Hook/Patch So where does LTech s code get included in SimpleSAMLphp? In /auth/login-auto.php, around line 70. This is where we got rid of SimpleSAML s authentication process, and used our own. If everything goes well, and the user was authenticated in LDAP, we get their record in an $attributes array. We then create a pseudo record of the form that SimpleSAMLphp was expecting before we made our path, and start to insert the correct information into it, which comes out of our own $attributes array. This takes place around line 140. The attribute that SimpleSAMLphp uses as the GoogleApp ID is uid. This can be set in the config.
8 At this point, I should mention that a user logs into with a username such as msmith. This is the username we use when talking to LDAP. When we talk to Google Apps, we refer to the user as something like Mark.Smith. This name is stored in an attribute. At the time of this writing, the CN attribute of a user is multivalued. CN[0] == msmith, and CN[1] == Mark.Smith. This, although, is expected to change due to ULV s schema change. After we create our pseudo array, we load it into SimpleSAMLphp, and let it take care of the rest. Where are the actual page layouts/designs kept? All page designs and layouts are kept in /templates/default. This is not our choice directory structure, it is SimpleSAML php s. These files are shown when needed in files such as loginauto.php, around line 70. The flow of application usage: 1. User browses to 2. User is redirected to Laverne s server. (Which we ll call mail.laverne.edu/sso) They are sent by Google to mail.laverne.edu/sso/ssoservice.php. 3. SimpleSAMLPHP stores information about the SAML request in the session, and forwards the user to mail.laverne.edu/sso/auth/login-auto.php with some crazy parameters. At this points, our code was not executed yet, because no username/password had been submitted. 4. The user enters his username and password, and submits. 5. login-auto.php is loaded once again. It sees there is a password, and then the LTech patch is executed, calling the ULV_LdapGdataManager::Login( $username, $password) function. Depending on what that function returns, different things can happen. If the function returns: a. ULV_LdapGdataManager::Login_User_Failed: Show the page again with a error message. b. ULV_LdapGdataManager::Login_Expired: Direct the user to the change password page. c. ULV_LdapGdataManager::Login_Locked: Tell the user they re locked out. d. ULV_LdapGdataManager::Login_Password_Failed: Show the page again with an error message. (User_Failed means the user didn t exist, and this means that the user existed, but the password failed. Don t tell them this, though). If we got this far, then the function must have returned an attribute array for the user (hooray for duck typing!). Now we can proceed with the login procedure mentioned above. There she is, the whole application in 5 steps, and 7 pages. But there s more! Configuring: All configurations for this SSO application are performed through the ULV_Config class, located in /ULV/ULV_Config.php.
9 Debugging: Debugging in PHP is a lot like ASP debugging: Print out lines to the page to see what is happening at a given time. There are a few very helpful things to do when debugging this app: 1. If is seems that you aren t even connecting the ldap server, the LTech_Ldap class keeps an internal message queue that contains error messages, and stuff like that. If you want to see that status of the ldap object, you can use the PHP print_r function, to print out this array. Print_r prints out the nicely formatted contents of any PHP object. Example: print_r( $My_User_Directory->ldap->MessageQueue). By the way, the ldap object the ULV_UserDirectory uses is a public property. 2. There are a few test that I use to test functions of the ULV_UserDirectory Class. In /tests there is an ldaptest.php file. Open it up, and see the SSO API in action. You may have to change the require_once files at the top to the correct path. Server Prerequisites: Here are the required extensions and libraries needed by this app. Claudio knows about installing these, and making them work: Required - PHP Version >= Required - Hashing function Required - ZLib Required - OpenSSL Required - SimpleXML Required - XML DOM Required - RegEx support Required - LDAP Extension Required - Radius Extension Required - Mcrypt And https (however that is done) PHP Gotchas: Here are some things in PHP that aren t quite obvious. PHP uses duck-typing, meaning variables can be treated like string one minute, objects the next, and numbers the next. In fact: 0 == false == == null. If you require a file at the top of a script, keep in mind that PHP always uses the path relative to the originally executing script. If you want to include a file relative to the file you are editing, use: Require_once dirname( FILE ). /path/to/file ; FILE is a global php constant containing the name of the current file. If you have an instantiated object in a variable $myobject, the way to call a function on that object is $myobject->function. This is a lot like C++. If you want to call a static function, you have to use the class name and ::. Example: If I wanted to call ULV_Utility s static convertldaptimestamp( $value ) function, I would call: $timestamp = ULV_Utility::convertLDAPTimestamp( $timestamp );. Constants are also treated this way. You will see a lot of ULV_Config::[ConstantName] throughout the app.
10
Qualtrics Single Sign-On Specification
Qualtrics Single Sign-On Specification Version: 2010-06-25 Contents Introduction... 2 Implementation Considerations... 2 Qualtrics has never been used by the organization... 2 Qualtrics has been used by
More informationPHP Integration Kit. Version 2.5.1. User Guide
PHP Integration Kit Version 2.5.1 User Guide 2012 Ping Identity Corporation. All rights reserved. PingFederate PHP Integration Kit User Guide Version 2.5.1 December, 2012 Ping Identity Corporation 1001
More informationSAML single sign-on configuration overview
Chapter 46 Configurin uring Drupal Configure the Drupal Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with a Drupal-based web application. Configuration also specifies
More informationConfiguring. Moodle. Chapter 82
Chapter 82 Configuring Moodle The following is an overview of the steps required to configure the Moodle Web application for single sign-on (SSO) via SAML. Moodle offers SP-initiated SAML SSO only. 1 Prepare
More informationDocumentation. CloudAnywhere. http://www.cloudiway.com. Page 1
Documentation CloudAnywhere http://www.cloudiway.com Page 1 Table of Contents 1 INTRODUCTION 3 2 OVERVIEW 4 2.1 KEY FUNCTIONALITY 4 2.2 PREREQUISITES 5 3 FEATURES 6 3.1 A UNIVERSAL PROVISIONING SOLUTION.
More informationSAML application scripting guide
Chapter 151 SAML application scripting guide You can use the generic SAML application template (described in Creating a custom SAML application profile) to add a SAML-enabled web application to the app
More informationAuthentication and Single Sign On
Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication
More informationUser-password application scripting guide
Chapter 2 User-password application scripting guide You can use the generic user-password application template (described in Creating a generic user-password application profile) to add a user-password
More informationSAML single sign-on configuration overview
Chapter 34 Configurin guring g Clarizen Configure the Clarizen Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with Clarizen. Configuration also specifies how the application
More informationSingle Sign-On Implementation Guide
Single Sign-On Implementation Guide Salesforce, Winter 16 @salesforcedocs Last updated: November 4, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark
More informationEgnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)
w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) To set up ADFS so that your employees can access Egnyte using their ADFS credentials,
More informationGetting Started with Clearlogin A Guide for Administrators V1.01
Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality
More informationConfiguring Sponsor Authentication
CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five
More informationSingle Sign-On Implementation Guide
Single Sign-On Implementation Guide Salesforce, Summer 15 @salesforcedocs Last updated: July 1, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of
More informationSchoolBooking SSO Integration Guide
SchoolBooking SSO Integration Guide Before you start This guide has been written to help you configure SchoolBooking to operate with SSO (Single Sign on) Please treat this document as a reference guide,
More informationGlobalSign Enterprise Solutions Google Apps Authentication User Guide
GlobalSign Enterprise Solutions Google Apps Authentication User Guide Using EPKI for Google Apps for Business Single Sign-on and Secure Document Sharing v.1.1 1 Table of Contents Table of Contents... 2
More informationIntegration Overview. Web Services and Single Sign On
Integration Overview Web Services and Single Sign On Table of Contents Overview...3 Quick Start 1-2-3...4 Single Sign-On...6 Background... 6 Setup... 6 Programming SSO... 7 Web Services API...8 What is
More informationOpenLogin: PTA, SAML, and OAuth/OpenID
OpenLogin: PTA, SAML, and OAuth/OpenID Ernie Turner Chris Fellows RightNow Technologies, Inc. Why should you care about these features? Why should you care about these features? Because users hate creating
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationSiteminder Integration Guide
Integrating Siteminder with SA SA - Siteminder Integration Guide Abstract The Junos Pulse Secure Access (SA) platform supports the Netegrity Siteminder authentication and authorization server along with
More informationActive Directory Requirements and Setup
Active Directory Requirements and Setup The information contained in this document has been written for use by Soutron staff, clients, and prospective clients. Soutron reserves the right to change the
More informationCentrify Mobile Authentication Services
Centrify Mobile Authentication Services SDK Quick Start Guide 7 November 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject
More informationCrawl Proxy Installation and Configuration Guide
Crawl Proxy Installation and Configuration Guide Google Enterprise EMEA Google Search Appliance is able to natively crawl secure content coming from multiple sources using for instance the following main
More informationSIMIAN systems. Sitellite LDAP Administrator Guide. Sitellite Enterprise Edition
Sitellite LDAP Administrator Guide Sitellite Enterprise Edition Environment In order for the Sitellite LDAP driver to work, PHP must be compiled with its LDAP extension enabled. Instructions on installing
More informationConfiguring User Identification via Active Directory
Configuring User Identification via Active Directory Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be User Identification Overview User Identification allows you to create security policies based
More informationINTEGRATION GUIDE. DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationSAP NetWeaver AS Java
Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is
More informationRemote Authentication and Single Sign-on Support in Tk20
Remote Authentication and Single Sign-on Support in Tk20 1 Table of content Introduction:... 3 Architecture... 3 Single Sign-on... 5 Remote Authentication... 6 Request for Information... 8 Testing Procedure...
More informationSAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page 108-10.
Chapter 108 Configuring SAP NetWeaver Fiori The following is an overview of the steps required to configure the SAP NetWeaver Fiori Web application for single sign-on (SSO) via SAML. SAP NetWeaver Fiori
More informationExample for Using the PrestaShop Web Service : CRUD
Example for Using the PrestaShop Web Service : CRUD This tutorial shows you how to use the PrestaShop web service with PHP library by creating a "CRUD". Prerequisites: - PrestaShop 1.4 installed on a server
More informationAbsorb Single Sign-On (SSO) V3.0
Absorb Single Sign-On (SSO) V3.0 Overview Absorb allows single sign-on (SSO) with third-party systems, regardless of the programming language. SSO is made secure by a series of calls (between Absorb and
More informationAdministrator's Guide
Active Directory Module AD Module Administrator's Guide Rev. 090923 Active Directory Module Administrator's Guide Installation, configuration and usage of the AD module Table of Contents Chapter 1 Introduction...
More informationAdministration Guide. BlackBerry Enterprise Service 12. Version 12.0
Administration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2015-01-16 SWD-20150116150104141 Contents Introduction... 9 About this guide...10 What is BES12?...11 Key features of BES12...
More informationGoogle Apps and Open Directory. Randy Saeks Twitter: @rsaeks http://www.techrecess.com
Google Apps and Open Directory Randy Saeks Twitter: @rsaeks http://www.techrecess.com Agenda Quick Google Apps Overview Structure Setup Preparing OD Configuration Q&A&S Resources http://techrecess.com/technical-papers/gapps/
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationMoodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services
Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services This document is provided as-is. Information and views expressed in this document, including URL and other
More informationSetting up single signon with Zendesk Remote Authentication
Setting up single signon with Zendesk Remote Authentication Zendesk Inc. 2 Zendesk Developer Library Introduction Notice Copyright and trademark notice Copyright 2009 2013 Zendesk, Inc. All rights reserved.
More informationUse Enterprise SSO as the Credential Server for Protected Sites
Webthority HOW TO Use Enterprise SSO as the Credential Server for Protected Sites This document describes how to integrate Webthority with Enterprise SSO version 8.0.2 or 8.0.3. Webthority can be configured
More informationSingle Sign-On Implementation Guide
Salesforce.com: Salesforce Winter '09 Single Sign-On Implementation Guide Copyright 2000-2008 salesforce.com, inc. All rights reserved. Salesforce.com and the no software logo are registered trademarks,
More informationOIOSAML 2.0 Toolkits Test results May 2009
OIOSAML 2.0 Toolkits Test results May 2009 5. September 2008 - Søren Peter Nielsen: - Lifted and modified from http://docs.google.com/a/nemsso.info/doc?docid=dfxj3xww_7d9xdf7gz&hl=en by Joakim Recht 12.
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationIntegrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER
Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication
More informationSamsung KNOX EMM Authentication Services. SDK Quick Start Guide
Samsung KNOX EMM Authentication Services SDK Quick Start Guide June 2014 Legal notice This document and the software described in this document are furnished under and are subject to the terms of a license
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationSP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.
Chapter 87 Configuring Smartsheet The following is an overview of the steps required to configure the Smartsheet Web application for single sign-on (SSO) via SAML. Smartsheet offers both IdP-initiated
More informationNSi Mobile Installation Guide. Version 6.2
NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...
More informationIIS SECURE ACCESS FILTER 1.3
OTP SERVER INTEGRATION MODULE IIS SECURE ACCESS FILTER 1.3 Copyright, NordicEdge, 2006 www.nordicedge.se Copyright, 2006, Nordic Edge AB Page 1 of 14 1 Introduction 1.1 Overview Nordic Edge One Time Password
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is
More informationConfiguring. SugarCRM. Chapter 121
Chapter 121 Configuring SugarCRM The following is an overview of the steps required to configure the SugarCRM Web application for single sign-on (SSO) via SAML. SugarCRM offers both IdP-initiated SAML
More informationConfiguring. SuccessFactors. Chapter 67
Chapter 67 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors
More informationConfiguring SuccessFactors
Chapter 117 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors
More informationEZcast technical documentation
EZcast technical documentation Document written by > Michel JANSENS > Arnaud WIJNS from ULB PODCAST team http://podcast.ulb.ac.be http://ezcast.ulb.ac.be podcast@ulb.ac.be SOMMAIRE SOMMAIRE 2 1. INTRODUCTION
More informationmod_auth_pubtkt a pragmatic Web Single Sign-On solution by Manuel Kasper, Monzoon Networks AG mkasper@monzoon.net
mod_auth_pubtkt a pragmatic Web Single Sign-On solution by Manuel Kasper, Monzoon Networks AG mkasper@monzoon.net The login hell Solutions use client certificates and OCSP and get killed by end users?
More informationAn overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)
Chapter 94 Intacct This section contains the following topics: "An overview of configuring Intacct for single sign-on" on page 94-710 "Configuring Intacct for SSO" on page 94-711 "Configuring Intacct in
More informationCA Nimsoft Service Desk
CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationSingle Sign-On for the UQ Web
Single Sign-On for the UQ Web David Gwynne Infrastructure Architect, ITIG, EAIT Taxonomy Authentication - Verification that someone is who they claim to be - ie, only the relevant user
More informationConnected Data. Connected Data requirements for SSO
Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated
More informationCiphermail Gateway Web LDAP Authentication Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway Web LDAP Authentication Guide June 19, 2014, Rev: 5454 Copyright 2008-2014, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 3 2 Create an LDAP configuration
More informationIntegrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies
Guideline Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies Product(s): IBM Cognos 8 BI Area of Interest: Security Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies 2 Copyright
More informationThis presentation explains how to integrate Microsoft Active Directory to enable LDAP authentication in the IBM InfoSphere Master Data Management
This presentation explains how to integrate Microsoft Active Directory to enable LDAP authentication in the IBM InfoSphere Master Data Management Collaboration Server. Before going into details, there
More informationFor details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.
Chapter 41 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:
More informationApplication Security Testing. Generic Test Strategy
Application Security Testing Generic Test Strategy Page 2 of 8 Contents 1 Introduction 3 1.1 Purpose: 3 1.2 Application Security Testing: 3 2 Audience 3 3 Test Strategy guidelines 3 3.1 Authentication
More informationhttp://cnmonitor.sourceforge.net CN=Monitor Installation and Configuration v2.0
1 Installation and Configuration v2.0 2 Installation...3 Prerequisites...3 RPM Installation...3 Manual *nix Installation...4 Setup monitoring...5 Upgrade...6 Backup configuration files...6 Disable Monitoring
More informationConfiguring Salesforce
Chapter 94 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:
More informationPingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1
PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity
More informationMcAfee One Time Password
McAfee One Time Password Integration Module Outlook Web App 2010 Module version: 1.3.1 Document revision: 1.3.1 Date: Feb 12, 2014 Table of Contents Integration Module Overview... 3 Prerequisites and System
More informationOneLogin Integration User Guide
OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...
More informationwww.novell.com/documentation Jobs Guide Identity Manager 4.0.1 February 10, 2012
www.novell.com/documentation Jobs Guide Identity Manager 4.0.1 February 10, 2012 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation,
More informationModule - Facebook PS Connect
Module - Facebook PS Connect Operation Date : October 10 th, 2013 Business Tech Installation & Customization Service If you need assistance, we can provide you a full installation and customization service
More informationThe full setup includes the server itself, the server control panel, Firebird Database Server, and three sample applications with source code.
Content Introduction... 2 Data Access Server Control Panel... 2 Running the Sample Client Applications... 4 Sample Applications Code... 7 Server Side Objects... 8 Sample Usage of Server Side Objects...
More informationCloudwork Dashboard User Manual
STUDENTNET Cloudwork Dashboard User Manual Make the Cloud Yours! Studentnet Technical Support 10/28/2015 User manual for the Cloudwork Dashboard introduced in January 2015 and updated in October 2015 with
More informationIT Exam Training online / Bootcamp
DumpCollection IT Exam Training online / Bootcamp http://www.dumpcollection.com PDF and Testing Engine, study and practice Exam : 70-534 Title : Architecting Microsoft Azure Solutions Vendor : Microsoft
More informationSCOPTEL WITH ACTIVE DIRECTORY USER DOCUMENTATION
SCOPTEL WITH ACTIVE DIRECTORY USER DOCUMENTATION Table of content ScopTel with Active Directory... 3 Software Features... 3 Software Compatibility... 3 Requirements... 3 ScopTel Configuration... 4 Prerequisites...
More informationCentrify Mobile Authentication Services for Samsung KNOX
Centrify Mobile Authentication Services for Samsung KNOX SDK Quick Start Guide 3 October 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationCSCI110 Exercise 4: Database - MySQL
CSCI110 Exercise 4: Database - MySQL The exercise This exercise is to be completed in the laboratory and your completed work is to be shown to the laboratory tutor. The work should be done in week-8 but
More informationPortal User Guide. Customers. Version 1.1. May 2013 http://www.sharedband.com 1 of 5
Portal User Guide Customers Version 1.1 May 2013 http://www.sharedband.com 1 of 5 Table of Contents Introduction... 3 Using the Sharedband Portal... 4 Login... 4 Request password reset... 4 View accounts...
More informationHow To Set Up A Webmin Account On A Libc (Libc) On A Linux Server On A Windows 7.5 (Amd) With A Password Protected Password Protected (Windows) On An Ubuntu 2.5.2 (Amd
Webmin using AD to stored users and groups. Overview Webmin is a wonderful interface to manage Linux servers and Webmin can use an LDAP server to store users and groups so you can share those information
More informationPriveonLabs Research. Cisco Security Agent Protection Series:
Cisco Security Agent Protection Series: Enabling LDAP for CSA Management Center SSO Authentication For CSA 5.2 Versions 5.2.0.245 and up Fred Parks Systems Consultant 3/25/2008 2008 Priveon, Inc. www.priveonlabs.com
More informationCloud Elements ecommerce Hub Provisioning Guide API Version 2.0 BETA
Cloud Elements ecommerce Hub Provisioning Guide API Version 2.0 BETA Page 1 Introduction The ecommerce Hub provides a uniform API to allow applications to use various endpoints such as Shopify. The following
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationConfiguring ADFS 3.0 to Communicate with WhosOnLocation SAML
Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML --------------------------------------------------------------------------------------------------------------------------- Contents Overview...
More informationIBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide
IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices
More informationAdministrator's Guide
Active Directory Module 1.2 for CMS 7.2-8.0 Administrator's Guide Rev. 141225 Active Directory Module 1.2 for CMS 7.2-8.0 Administrator's Guide How to install, configure, and use the AD module Table of
More informationIntegrating EJBCA and OpenSSO
Integrating EJBCA and OpenSSO EJBCA is an Enterprise PKI Certificate Authority issuing certificates to users, servers and devices. In an organization certificate can be used for strong authentication.
More informationIdentity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect
Identity Federation: Bridging the Identity Gap Michael Koyfman, Senior Global Security Solutions Architect The Need for Federation 5 key patterns that drive Federation evolution - Mary E. Ruddy, Gartner
More informationUser-ID Best Practices
User-ID Best Practices PAN-OS 5.0, 5.1, 6.0 Revision A 2011, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents PAN-OS User-ID Functions... 3 User / Group Enumeration... 3 Using LDAP Servers
More informationesoc SSA DC-I Part 1 - Single Sign-On and Access Management ICD
esoc European Space Operations Centre Robert-Bosch-Strasse 5 64293 Darmstadt Germany Tel: (49)615190-0 Fax: (49)615190485 www.esa.int SSA DC-I Part 1 - Single Sign-On and Access Management ICD Prepared
More informationPortals and Hosted Files
12 Portals and Hosted Files This chapter introduces Progress Rollbase Portals, portal pages, portal visitors setup and management, portal access control and login/authentication and recommended guidelines
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More informationComputer Services Documentation
Computer Services Documentation Shibboleth Documentation {Shibboleth & Google Apps Integration} John Paul Szkudlapski June 2010 Note: These case studies, prepared by member organisations of the UK federation,
More informationFERMILAB CENTRAL WEB HOSTING SINGLE SIGN ON (SSO) ON CWS LINUX WITH SAML AND MOD_AUTH_MELLON
FERMILAB CENTRAL WEB HOSTING SINGLE SIGN ON (SSO) ON CWS LINUX WITH SAML AND MOD_AUTH_MELLON Contents Information and Security Contacts:... 3 1. Introduction... 4 2. Installing Module... 4 3. Create Metadata
More informationCreating a generic user-password application profile
Chapter 4 Creating a generic user-password application profile Overview If you d like to add applications that aren t in our Samsung KNOX EMM App Catalog, you can create custom application profiles using
More informationSymplified I: Windows User Identity. Matthew McNew and Lex Hubbard
Symplified I: Windows User Identity Matthew McNew and Lex Hubbard Table of Contents Abstract 1 Introduction to the Project 2 Project Description 2 Requirements Specification 2 Functional Requirements 2
More informationSetting Up Resources in VMware Identity Manager
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationHow To Configure The Active Directory Module In Sitecore Cms 6.2.2 (For A Web.Com User)
Active Directory Module for CMS 6.2-6.5 Administrator's Guide Rev. 120620 Active Directory Module for CMS 6.2-6.5 Administrator's Guide How to install, configure, and use the AD module Table of Contents
More informationSingle Sign-On Guide for Blackbaud NetCommunity and The Patron Edge Online
Single Sign-On Guide for Blackbaud NetCommunity and The Patron Edge Online 062212 2012 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationOracle Communications Unified Communications Suite
Oracle Communications Unified Communications Suite Schema Reference Release 8.0 July 2015 Oracle Communications Unified Communications Suite Schema Reference, Release 8.0 Copyright 2007, 2015, Oracle and/or
More information