Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
ESOE Users
+ new post
Home
About this group
Join this group
Message from discussion Getting the big picture
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Phil Gates  
View profile  
 More options Sep 26 2008, 12:36 pm
From: Phil Gates <noemailspa...@gmail.com>
Date: Thu, 25 Sep 2008 19:36:52 -0700 (PDT)
Local: Fri, Sep 26 2008 12:36 pm
Subject: Getting the big picture
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author
I'm currently looking into implementing SSO for a wide range of web
sites such as Blackboard, Google Apps, Outlook Web Access and a
growing number of in house Ruby on Rails sites. These sites are
accessed both internally and externally by staff/students with AD
accounts and parents/agents with login details stored in various
databases. We are wanting to pull all this together and present it
within the Blackboard portal system. ESOE looks like it may have the
feature set required to bring all this together.

I'm assuming that you require an appropriate SPEP instance for each
application server technology eg java, apache and IIS. Do you also
require separate instances for each different security scenario or is
this governed by the Service Authorization Policy for each service/
website?

I'm just trying to piece together the big picture of how the various
components work and flow together. (sorry about the format, may
require wide screen)

1 User's first access to a protected site
Browser         =>   Application Server              SPEP            ESOE            LDAP/DB
2 Application Server redirects to SPEP
Browser                 Application Server      =>   SPEP            ESOE            LDAP/DB
2a Uses integrated authentication if available
or 2b SPEP displays login screen
Browser         <=   Application Server      <=   SPEP            ESOE            LDAP/DB
3 SPEP validates with ESOE
Browser                 Application Server              SPEP    =>   ESOE            LDAP/DB
4 ESOE validates against the appropriate data source
Browser                 Application Server              SPEP            ESOE    <=>       LDAP/DB
5 ESOE returns session ticket to SPEP
Browser                 Application Server              SPEP    <=   ESOE            LDAP/DB
6 SPEP returns session ticket to Application Server
Browser                 Application Server      <=   SPEP            ESOE            LDAP/DB
7 Application Server begins user session based on details in session
ticket
8 Application returns session ticket to browser
Browser         <=   Application Server              SPEP            ESOE            LDAP/DB
9 Browser stores session ticket as cookie
Browser                 Application Server              SPEP            ESOE            LDAP/DB

1 User's subsequent access to a protected site with ticket
Browser         =>   Application Server              SPEP            ESOE            LDAP/DB
2 Application Server validates ticket with SPEP
Browser                 Application Server      =>   SPEP            ESOE            LDAP/DB
3 SPEP validates ticket with ESOE
Browser                 Application Server              SPEP    <=>       ESOE            LDAP/DB
4 SPEP returns validated to Application Server
Browser                 Application Server      <=   SPEP            ESOE            LDAP/DB
5 Application returns content to browser
Browser         <=   Application Server              SPEP            ESOE            LDAP/DB

1 User logs off one site
Browser         =>   Application Server              SPEP            ESOE            LDAP/DB
2 Application Server invalidates ticket with SPEP
Browser                 Application Server      =>   SPEP            ESOE            LDAP/DB
3 SPEP invalidates ticket with ESOE
Browser                 Application Server              SPEP    <=>       ESOE            LDAP/DB
4 SPEP returns in validated to Application Server
Browser                 Application Server      <=   SPEP            ESOE            LDAP/DB
5 Application server ends user session

1 User accesses another protected site with ticket
Browser         =>   Application Server              SPEP            ESOE            LDAP/DB
2 Application Server validates ticket with SPEP
Browser                 Application Server      =>   SPEP            ESOE            LDAP/DB
3 SPEP validates ticket with ESOE
Browser                 Application Server              SPEP    =>   ESOE            LDAP/DB
4 ESOE returns invalidated to SPEP
Browser                 Application Server              SPEP    =>   ESOE            LDAP/DB
5 SPEP returns invalidated to Application Server
Browser                 Application Server      <=   SPEP            ESOE            LDAP/DB
6 Application server ends user session
9 Application server instructs browser to destroy session ticket
Browser         <=   Application Server              SPEP            ESOE            LDAP/DB

Cheers,

Phillip


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google