Scribd Logo
Upload

Welcome to Scribd!

  • Teamcenter™ Security Services SSO: Dennon Ison Software Engineer

    Uploaded by

    Akash
    32 views14 pages

    Original Title

    5179394-LDAP

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views14 pages

    Teamcenter™ Security Services SSO: Dennon Ison Software Engineer

    Uploaded by

    Akash

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Teamcenter™ Security Services SSO

    Dennon Ison
    Software Engineer
    Dennon.Ison@gdc4s.com

    Template # 99-P34884K, Rev E – 3/17/08

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 1


    Objective

    Explain how General Dynamics C4Systems


    implemented a no-challenge login using the
    Teamcenter Security Services™.

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 2


    Outline

     The CIO Challenge


     Terminology/Definitions
     Teamcenter Enterprise™ Login Architecture
     The Options
     The Solution
     Our Environment
     Considerations
     Questions

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 3


    The Challenge

     Implement
    a non-challenge SSO solution for the
    Teamcenter™ suite of products.
     Solution must have IT Networking acceptance/support
     Solution must have IT Information Security
    acceptance/support
     Solution must work with existing assets and resources

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 4


    Terminology

    Authentication: Who the user really is


    Authorization: What the user is allowed to do
    SSO: A non-challenge login to systems after the user
    has been authenticated on the network domain
    Teamcenter Security Services (TCSSO): Web-based
    application that maintains a central login for all
    Teamcenter applications
    LdapAuth: Allow Enterprise users to login with their
    network login account

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 5


    Login Architecture (Enterprise)

    With TCSSO
    LdapAuth

    Web Server
    `

    TC Web Tier User Workstation


    TCSSO

    Prompt for
    Credentials
    Active Directory

    Enterprise
    Server Client

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 6


    The Options
    Internet Information Services™ (IIS)
    Network recommended Need to use multiple machines to
    Quick redirect
    Security “disliked” the idea

    Move web tier to windows


    Resolve security issue Lack of windows machines
    Still use IIS Lack of “team comfort”

    JBoss™ LDAP Authentication


    Limited customization Significant setup
    Lack of experience

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 7


    The Options

    Apache™ LDAP Authentication


    Limited customization Significant setup
    Lack of experience

    Java Authentication and Authorization Service (JAAS)


    Java based (any platform) Customization
    Web service Changes to AD

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 8


    The Solution
    JCIFS (Java Common Internet File System)
    (http://jcifs.samba.org)
     Validated against AD with  Only handled authentication
    Kerberos protocol of user, did not give
     All “open” credentials are Teamcenter Credentials
    kept in the same “container”
    (jvm)
     Works on any platform
     Should work on any J2EE
    java application server

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 9


    The Solution

    Configure Security Services

    Add JCIFS Filter to web.xml

    web.xml

    Modify PreLoginPage.jsp

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 10


    The Solution
    JCIFS
    Filter

    Web Server
    `

    TC Web Tier User Workstation


    TCSSO

    Active Directory

    Enterprise
    Server

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 11


    Our Environment
    JCIF Authentication
    Load Balancing

    web1 User Workstation


    Active Directory

    JBoss Cluster

    Tc Enterprise
    Web tier

    web2 web3 web4 web5

    Tc Enterprise Tc Enterprise
    Server Oracle DB

    server1 DB1

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 12


    Considerations

     Implemented with Tc Enterprise™, Tc Engineering™,


    Tc Reporting and Analytics™
     Onlyaddresses web-based login (Clients, TcRA™
    (backend), integrations, still use server side
    authorization)
     Only
    works when logging in from windows OS
    machines (looking into Unix)

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 13


    Questions?

    © 2008 General Dynamics.  All Rights Reserved. October 4, 2020 14

    You might also like