information-rights-management , security

Sample SSO Deployment

March 2, 2010

Process / Functional Requirements

Functionality:

  • Users should login only once to their PC.  Then be able to access all applications without logging in again. If integration of Single Sign On solution is not possible with NT domain/AD, users should be able to log into one application and be automatically authenticated for others.
  • Log Out: User may log into one application, and opens other application links. Once he logs out user may remain logged into other applications.
  • User should be able to double click a desktop short-cut and Single Sign On system should allow user to open application without entering username and password.
  • Allow users to change passwords and have it propagate automatically across all applications.
  • Make the login and password changes transparent to the user.  When they select various applications within their PC, do not show them any connection dialog boxes, messages or prompts.  When they select the application they want to use, the system should take them directly to that specific system for interaction.
  • The performance of Single Sign on locally and remotely should be optimal and acceptable.  Users accessing KT applications from WAN, VPN, and Dialup should have similar performance to those that are connecting from headquarters.

Technical

SSO product/implementation must interface smoothly out of the box with Portal platform products:  IBM WebSphere, BEA WebLogic, Microsoft .NET
SSO product/implementation must interface smoothly out of the box with K-T’s Active Directory implementation.
If it does not – we must understand the delta and custom/additional coding necessary.
We must understand limitations of the tool/product relative to various “types” of applications.

User Population

1. SSO Implementation will integrate with all systems in Pilot
2. Applications: Sales Portal,
3. SSO feature functionality will be developed to the lowest common user denominator
4. All K-T will leverage SSO

Requested supported primary authentications:

            SSO

            LDAP

            Microsoft

            RSA SecureID

            Cert

            SQL

            Oracle

            Third Party

Scripting:

            Java for Web applications

Script functions:

            Launch applications

            Close applications

            Change and synchronize passwords

            Automate repetitive tasks

            Automate long navigation trails

Citrix Metaframe server

Install SSO client on Metaframe sever where the published application is running to validate user applications.

SSO client is installed on local workstation running Citrix ICA client to communicate to SSO client installed on the Citrix Metaframe server. Vdsson.dll

SSO does not support anonymous applications

Policy Server

            Data Store

User Data Store (users and groups: Either on LDAP or third party)

Policy Data Store (Apps & Groups, auth hosts, pw policies) stored in third party database

Token Data Store (Session Details: Session ID, Client IP number, UN) stored in LDAP

            Login Scripts

            Utilities (application lists)

            Log files