10/25/20151 single sign-on web service supervisors: viktor kulikov alexander sherman liana lipstov...
TRANSCRIPT
04/20/2304/20/23 11
Single Sign-On Web Single Sign-On Web ServiceService
Supervisors: Viktor Kulikov Supervisors: Viktor Kulikov Alexander ShermanAlexander Sherman
Liana LipstovLiana Lipstov
Pavel BilenkoPavel Bilenko
04/20/2304/20/23 22
BackgroundBackground
Multiple applications at the faculty use Multiple applications at the faculty use different sign on systems to identify the different sign on systems to identify the users. users.
All users are students, staff or faculty All users are students, staff or faculty members that have accounts on members that have accounts on department server or at the main Technion department server or at the main Technion systems such as T2, TX, Department systems such as T2, TX, Department Active Directory etc. Active Directory etc.
04/20/2304/20/23 33
Why BotherWhy Bother?? Each application must identify the user by creating Each application must identify the user by creating
and managing user profiles. and managing user profiles. User that uses several applications has independent User that uses several applications has independent
profile at each application (username, password, user profile at each application (username, password, user information). information).
When changing some profile details user must do so When changing some profile details user must do so at all existing profiles, which makes that simple at all existing profiles, which makes that simple update complex time consuming operation .update complex time consuming operation .
It also results in users that prefer not to update their It also results in users that prefer not to update their profiles at all or to update profile on only some of the profiles at all or to update profile on only some of the profiles. profiles.
As a result several profiles of the same user contain As a result several profiles of the same user contain different (not updated) information about the user. different (not updated) information about the user. More over, user has different passwords for each More over, user has different passwords for each profile. profile.
04/20/2304/20/23 44
Project goalsProject goals Create a managed single sign-on web service which will Create a managed single sign-on web service which will
manage:manage:• allowed software modulesallowed software modules• authentication settings per moduleauthentication settings per module
Make the web service configuration we page user Make the web service configuration we page user friendly:friendly:• Easy, self explainable interface .Easy, self explainable interface .• Comfortable designComfortable design• No more new administrator=new applicationNo more new administrator=new application
"Correct" programming"Correct" programming• High cohesionHigh cohesion• Low couplingLow coupling
04/20/2304/20/23 55
ConceptConcept Module calls web serviceModule calls web service Web service verify that application with Web service verify that application with
given ID exist at configuration DBgiven ID exist at configuration DB If application exists, web service retrieves If application exists, web service retrieves
application settings from configuration DBapplication settings from configuration DB Web service retrieves from application data Web service retrieves from application data
sources ID or profile data and returns it to sources ID or profile data and returns it to calling application calling application
04/20/2304/20/23 66
TermsTerms SOAP - Simple Object Access Protocol a protocol SOAP - Simple Object Access Protocol a protocol
specification for exchanging structured information in the specification for exchanging structured information in the implementation of Web Services implementation of Web Services
Web Service – Web Application Programming Interface Web Service – Web Application Programming Interface (API) that can be accessed over a network and executed (API) that can be accessed over a network and executed on a remote system hosting the requested services. on a remote system hosting the requested services.
LDAP - Lightweight Directory Access Protocol an LDAP - Lightweight Directory Access Protocol an application protocol for querying and modifying directory application protocol for querying and modifying directory services running over TCP/IP services running over TCP/IP
Active Directory - is a directory structure used on Microsoft Active Directory - is a directory structure used on Microsoft Windows based computers and servers to store information Windows based computers and servers to store information and data about networks and domainsand data about networks and domains
LINQ-Language Integrated Query is a Microsoft .NET LINQ-Language Integrated Query is a Microsoft .NET Framework component that adds native data querying Framework component that adds native data querying capabilities to .NET languages.capabilities to .NET languages.
04/20/2304/20/23 77
Main architecture diagramMain architecture diagram
Web service
LDAP
LINQ to SQL
Configuration DB
Data sourcesSSLSSLSOAPSOAP
ApplicationsApplications
04/20/2304/20/23 88
Class diagramClass diagram
Builds proper URL for LDAP direcory
Gets user ID from data sources for cpecified application
Gets user data from data sources for cpecified application
Varifies that provided ID is valid
Adds provided message to Log table
04/20/2304/20/23 99
Sequence diagramSequence diagram When application asks web service for identification of a When application asks web service for identification of a
user the following actions happen:user the following actions happen:
04/20/2304/20/23 99
Application
WebService
GetUserID/GetUserData
IsValidModule(ApplicationID)
buildURL(URL, baseDN)
writeToLog(ApplicationID, msg)
04/20/2304/20/23 1010
Web page FeaturesWeb page Features Easy, self explainable interface :home page Easy, self explainable interface :home page
with instructions, tooltips, intuitive fields, with instructions, tooltips, intuitive fields, confirmation request before deletion.confirmation request before deletion.
Comfortable design :inactive fields, visual Comfortable design :inactive fields, visual partition of attributes, pleasant colors.partition of attributes, pleasant colors.
A special Log tab that contains all the A special Log tab that contains all the important errors received by webservice: important errors received by webservice: helps the administrator to track those errors helps the administrator to track those errors and understand their origin.and understand their origin.
04/20/2304/20/23 1111
SnapshotsSnapshots
04/20/2304/20/23 1212
SnapshotsSnapshots
04/20/2304/20/23 1313
SnapshotsSnapshots
04/20/2304/20/23 1414
SnapshotsSnapshots
04/20/2304/20/23 1515
SnapshotsSnapshots
04/20/2304/20/23 1616
What have we learnedWhat have we learned??
Work With: LDAP, SOAP, XML files, Work With: LDAP, SOAP, XML files, LINQ, Active directory.LINQ, Active directory.
04/20/2304/20/23 1717
Thank youThank you..