|
|
ESOE Users |
I'm currently looking into implementing SSO for a wide range of web
I'm assuming that you require an appropriate SPEP instance for each
I'm just trying to piece together the big picture of how the various
1 User's first access to a protected site
1 User's subsequent access to a protected site with ticket
1 User logs off one site
1 User accesses another protected site with ticket
Cheers,
Phillip
sites such as Blackboard, Google Apps, Outlook Web Access and a
growing number of in house Ruby on Rails sites. These sites are
accessed both internally and externally by staff/students with AD
accounts and parents/agents with login details stored in various
databases. We are wanting to pull all this together and present it
within the Blackboard portal system. ESOE looks like it may have the
feature set required to bring all this together.
application server technology eg java, apache and IIS. Do you also
require separate instances for each different security scenario or is
this governed by the Service Authorization Policy for each service/
website?
components work and flow together. (sorry about the format, may
require wide screen)
Browser => Application Server SPEP ESOE LDAP/DB
2 Application Server redirects to SPEP
Browser Application Server => SPEP ESOE LDAP/DB
2a Uses integrated authentication if available
or 2b SPEP displays login screen
Browser <= Application Server <= SPEP ESOE LDAP/DB
3 SPEP validates with ESOE
Browser Application Server SPEP => ESOE LDAP/DB
4 ESOE validates against the appropriate data source
Browser Application Server SPEP ESOE <=> LDAP/DB
5 ESOE returns session ticket to SPEP
Browser Application Server SPEP <= ESOE LDAP/DB
6 SPEP returns session ticket to Application Server
Browser Application Server <= SPEP ESOE LDAP/DB
7 Application Server begins user session based on details in session
ticket
8 Application returns session ticket to browser
Browser <= Application Server SPEP ESOE LDAP/DB
9 Browser stores session ticket as cookie
Browser Application Server SPEP ESOE LDAP/DB
Browser => Application Server SPEP ESOE LDAP/DB
2 Application Server validates ticket with SPEP
Browser Application Server => SPEP ESOE LDAP/DB
3 SPEP validates ticket with ESOE
Browser Application Server SPEP <=> ESOE LDAP/DB
4 SPEP returns validated to Application Server
Browser Application Server <= SPEP ESOE LDAP/DB
5 Application returns content to browser
Browser <= Application Server SPEP ESOE LDAP/DB
Browser => Application Server SPEP ESOE LDAP/DB
2 Application Server invalidates ticket with SPEP
Browser Application Server => SPEP ESOE LDAP/DB
3 SPEP invalidates ticket with ESOE
Browser Application Server SPEP <=> ESOE LDAP/DB
4 SPEP returns in validated to Application Server
Browser Application Server <= SPEP ESOE LDAP/DB
5 Application server ends user session
Browser => Application Server SPEP ESOE LDAP/DB
2 Application Server validates ticket with SPEP
Browser Application Server => SPEP ESOE LDAP/DB
3 SPEP validates ticket with ESOE
Browser Application Server SPEP => ESOE LDAP/DB
4 ESOE returns invalidated to SPEP
Browser Application Server SPEP => ESOE LDAP/DB
5 SPEP returns invalidated to Application Server
Browser Application Server <= SPEP ESOE LDAP/DB
6 Application server ends user session
9 Application server instructs browser to destroy session ticket
Browser <= Application Server SPEP ESOE LDAP/DB