SUNGARD SUMMIT 2007 sungardsummit.com 1 Luminis to Banner Single Sign-On Presented by: Rajesh Kumar Les von Holstein SunGard Higher Education Tuesday 8:30 AM March 20, 2007 A Community of Learning
Session Rules of Etiquette Please turn off your cell phone/pager If you must leave the session early, please do so as discreetly as possible Please avoid side conversation during the session Thank you for your cooperation! 2
Agenda Session goal: Introduction to SSO Configuring SSO to Banner INB/SSB SSO flow for Banner INB/SSB Luminis IV Support 3
SUNGARD SUMMIT 2007 sungardsummit.com 4 Introduction to SSO A Community of Learning
Introduction to SSO CPIP Campus Pipeline Integration Protocol Used in integration with third party applications Banner SSB/INB Banner Xtender Solutions WorkFlow 5
Introduction to SSO Many servers and configs involved, and many layers Luminis Server App Server Database Server Client Browser 6
SUNGARD SUMMIT 2007 sungardsummit.com 7 Configuring SSO to INB A Community of Learning
Banner SSO-INB Steps Configuring SSO INB Create an Encryption Key Used in DES Encryption with DBMS_OBFUSCATION_TOOLKIT Create Entries in LDAP to Store Configuration Import ldif files Configure Parameters using GUAUPRF Update New Entries in LDAP for INB Update LDAP using LDAP browser 8
Banner SSO-INB Steps Configuring SSO INB Configure Parameters using GUAUPRF 9
Banner SSO-INB Steps Configuring SSO INB Update New Entries in LDAP for INB Update LDAP using LDAP browser 10
Banner SSO-INB Steps Configuring SSO INB Create DADs for Running SSO Normal DAD Special DAD Verify Configuration Steps in BannerConfigure Parameters Debug scripts can be run to print and verify configuration parameters Configure your Luminis Server Add sctinb as es application to Luminis Test Create a test Link to confirm SSO 11
Banner SSO-INB Overview PLSQL web packages GOKSSSO, GOKCSSO, GOKKSSO Implements CPIP Protocol to interact with Luminis Cptool option used to add a filter that tells Luminis to send the Luminis ID/Password sctinb config url specified to point to GOKSSSO in Luminis 12
SUNGARD SUMMIT 2007 sungardsummit.com 13 Configuring SSO to Banner Self-Service A Community of Learning
Banner SSO Banner Self-Service Steps for Configuring SSO Banner Self-Service Create Entries in LDAP to Store Configuration Values Import sso_parms_sserv.ldif Update New Entries in LDAP for SSB Update entries using LDAP browser 14
Banner SSO Banner Self-Service Steps for Configuring SSO Banner Self-Service Configure WebTailor for LDAP Server Update twgbldap table Used in LDAP Bind 15
Banner SSO Banner Self-Service Steps for Configuring SSO Banner Self-Service Update WebTailor Parameters Import sso_parms_sserv.ldif Verify Configuration Steps in Self-Service Update entries using LDAP browser Configure your Luminis Server 16
Banner SSO-SSB Luminis Config PLSQL web packages GOKSSSO, GOKCSSO, GOKKSSO Implements CPIP Protocol to interact with Luminis sctssb added as es application to Luminis Cptool option used to add a filter that tells Luminis to send the Luminis ID/Password sctssb config url specified to point to GOKSSSO in Luminis 17
Banner SSO-SSB GOKSSSO provides URLs required by CPIP using LDAP parameters to build them GetConfig URL provides the rest in a response Authenticate key routine routine in GOKSSSO Gets ID/Password from Luminis Attempts bind Encrypts into a pipe named randomly Passes value back to Luminis for redirect or pickup 18
Banner SSO-SSB Luminis pickup URL sent to browser and redirected back to App Server Decrypts user/password off pipe Maps to Banner SSB ID Create SSB Login cookie CPSESSID vs SESSID Redirect to SSB page 19
SUNGARD SUMMIT 2007 sungardsummit.com 20 SSO Flow for INB A Community of Learning
Browser A Luminis INB DB A simple diagram B C D Yeah, right! E F G H I J K M L N O P Q R 21
Browser A Luminis INB DB A Client clicks on Banner INB link, Luminis receives request B D E C F G H I J K M L N O P Q R 22
Browser A Luminis INB DB B through G are only performed once per startup of the Luminis System. This is when Luminis calls its config routines. B Luminis calls the configurl set in the Luminis configuration for the INB system defined in the es.systems parameter. This url calls the database procedure gokssso.p_getconfig Version2. N O R B G H M D E J K C F I L P Q 23
Browser A Luminis INB DB C P_GetConfigVersion2 is a database call which tells Luminis which URLs to call for login and logout. B G H D E C F I J K M L N O P Q R 24
Browser A Luminis INB DB D The procedure calls back to the Luminis server LDAP for configuration data B D E C F G H I J K M L N O P Q R 25
Browser A Luminis INB DB E Configuration data returned to database and URLs built to be sent back to Luminis B D E C F G H I J K M L N O P Q R 26
Browser A Luminis INB DB F URLs passed back to INB server for transfer to Luminis B D E C F G H I J K M L N O P Q R 27
Browser A Luminis INB DB G Data sent to Luminis Server B D C E F G H I J K M L N O P Q R 28
Browser A Luminis INB DB H Luminis server uses config data received to build logon request. B D E C F G H I J K M L N O P Q R 29
Browser A Luminis INB DB I procedure gokssso.p_cp_login called to process login B D E C F G H I J K M L N O P Q R 30
Browser A Luminis INB DB J procedure revalidates the credentials received B D E C F G H I J K M L N O P Q R 31
Browser A Luminis INB DB K if credentials are valid, process continues B D E C F G H I J K M L N O P Q R 32
Browser A Luminis INB DB L procedure encrypts the credentials, generates a token and creates a database pipe containing the data. The token is also the pipe name. B G H D E C F I J K M L N O P Q R 33
Browser A Luminis INB DB M URL sent back to Luminis as the pickup url which includes the token. B D E C F G H I J K M L N O P Q R 34
Browser A Luminis INB DB N Luminis communicates the pickup url back to the browser as a redirect B D E C F G H I J K M L N O P Q R 35
Browser A Luminis INB DB O Browser redirects to the pickup url, which is a call to procedure gokcsso.p_call_banner B D E C F G H I J K M L N O P Q R 36
Browser A Luminis INB DB P INB startup Java Applet receives authentication info from Database Pipe B D E C F G H I J K M L N O P Q R 37
Browser A Luminis INB DB Q Authentication information passed in memory to the Oracle forms applet B D E C F G H I J K M L N O P Q R 38
Browser A Luminis INB DB R Forms applet starts and Banner session is started. B D E C F G H I J K M L N O P Q R 39
SUNGARD SUMMIT 2007 sungardsummit.com 40 SSO flow for Banner Self- Service A Community of Learning
B/C Luminis calls the configurl calls the database procedure gokssso.p_getconfigver sion2_sserv. P_GetConfigVersion2 _sserv is a database call which tells Luminis which URLs to call for login and logout. Browser A Luminis B G H D E J SSB C F I DB I procedure gokssso.p_cp_login_sserv called to process login N M K L P SSB session is started due to existence of CPSESSID cookie O P 41
SUNGARD SUMMIT 2007 sungardsummit.com 42 Luminis IV Support A Community of Learning
Luminis IV Support Banner General 7.4.1 Luminis IV and III.3.3 will be supported Changes were to support LoginID changes Luminis Channels For Banner 7.2 Luminis IV and III.3.3 will be supported Support for Locale Deployment Descriptors were modified for Luminis IV support 43
Questions & Answers 44
Thank You! Les von Holstein Rajesh Kumar Rajesh.Kumar@SungardHE.com Les.vonHolstein@SungardHE.com Please complete the online class evaluation form SunGard, the SunGard logo, Banner, Campus Pipeline, Luminis, PowerCAMPUS, Matrix, and Plus are trademarks or registered trademarks of SunGard Data Systems Inc. or its subsidiaries in the U.S. and other countries. Third-party names and marks referenced herein are trademarks or registered trademarks of their respective owners. 2007 SunGard. All rights reserved. 45