Welcome.
Magnolia user management and SSOfor Austrian government sectorMagnolia Conference 2012 – Technical TrackPresented by Richa...
Agenda1   About RISE & LFRZ2   SSO in Austrian government3   Requirements and challenges4   Implementation                ...
About RISE and LFRZ
About RISE and LFRZ – Partnership RISE   partner for industry LFRZ   partner for government                       User...
About RISE   Corporation, www.rise-world.com        TU Spin Off, founded 1987        TU Vienna, INSO – The Think Tank o...
About RISE - Project examples   2003 – 2006: ID Card for all Austrians + country-wide IT infrastructure    8 mio. electro...
About RISE - Clients   AMS Österreich   Oesterreichische Kontrollbank AG   Bank Austria Treasury Merger & Systemupgrade...
About LFRZ “Land-, forst- & wasserwirtschaftliches  Rechenzentrum GmbH” – www.lfrz.at IT service provider located in Vi...
About LFRZ - Clients LFRZ’s principal customer, principal website   www.lebensministerium.at                     User ma...
SSO in Austrian government
SSO in Austrian governmentPrincipal customer – “Lebensministerium” 120 editors 30+ websites different departments, diff...
SSO in Austrian governmentSSO solution “Portalverbund der Österreichischen Behörden” use is mandated by law standardize...
SSO in Austrian governmentSSO solution “Portalverbund” Systems involved:  “Proxy-based” solution, home-portal, applicatio...
SSO in Austrian governmentSSO solution “Portalverbund”                      user-infos in                      http-header...
Requirements and challenges
SSO – requirements and challengesManageable roles and groups Old CMS had SSO Integration Old CMS did not use ACLs 120 e...
SSO – requirements and challengesRequirements SSO – automatic login Roles and groups normally managed in magnolia     r...
SSO – requirements and challengesChallenges Integrating SSO How to handle Permissions (ACLs) Keeping roles and groups m...
Implementation
SSO – implementation in MagnoliaCustom modules vaadin-preintegration:  use Vaadin in Magnolia 4.4.x pvp-jaas:  SSO integ...
SSO – implementation in MagnoliaModule pvp-jaas LoginHandler PVPCallback (JAAS callback) PVPAuthenticationModule (JAAS ...
SSO – implementation in MagnoliaModule pvp-jaas                                   23
SSO – implementation in MagnoliaModule pvp-jaas Configuration  via content2bean Group & role  mappings possible Auto-up...
SSO – implementation in MagnoliaLDAP user GUI (Vaadin)                                   25
SSO – implementation in MagnoliaConclusion Working well in production Easy for editors, easy for admins Customer manage...
Thank you!
Questions?
User Management and SSO for Austrian Government
Upcoming SlideShare
Loading in...5
×

User Management and SSO for Austrian Government

719

Published on

Austrian law mandates a standardized system for user management and single-sign-on for use in Austrian government institutions. The LFRZ is one of the main providers of conformant software solutions for this sector. We show how Magnolia was integrated into this system, and the challenges faced and overcome in doing so.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
719
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "User Management and SSO for Austrian Government"

  1. 1. Welcome.
  2. 2. Magnolia user management and SSOfor Austrian government sectorMagnolia Conference 2012 – Technical TrackPresented by Richard Unger and Rihard Monovic
  3. 3. Agenda1 About RISE & LFRZ2 SSO in Austrian government3 Requirements and challenges4 Implementation Presentation Title 3
  4. 4. About RISE and LFRZ
  5. 5. About RISE and LFRZ – Partnership RISE  partner for industry LFRZ  partner for government User management and SSO for Austrian government 5
  6. 6. About RISE Corporation, www.rise-world.com  TU Spin Off, founded 1987  TU Vienna, INSO – The Think Tank of RISE, 40 PhDs Competences  More than 300 world-class IT-engineers & architects  Highly acknowledged R&D-enterprise in Europe  Top-Developer (e.g. part of the world-wide Java-Eclipse provider community, component delivery)  Specialists in IT-Infrastructure and IT-Integration  Top-Experts in e.g. IT-Architecture, IT-Strategy, IT-Security, Usability, Transport IT, System-Performance Locations  HQ in Schwechat/Airport and Vienna  offices in several countries  RISE personell works world-wide User management and SSO for Austrian government 6
  7. 7. About RISE - Project examples 2003 – 2006: ID Card for all Austrians + country-wide IT infrastructure 8 mio. electronic ID-Cards, 24.000 specially designed components for offices, delivered in 24 months 2005 – 2008: overall health network in Germany, architecture, planning and project/program management for the at that time largest IT project in Europe (1,8 billion €), design at CeBit 2005, leaded till 2008 2009 – 2012: country-wide ticketing for railway / public transport in Austria, 10 million tickets/year, highly complex interoperability, all access channels (clerk counter, pos-automat, internet, travel agent, mobile phone) 2007 – 2008: design and architecture of the government network plus the school&health network of Qatar, including NOC (network operating center) and SOC (security operating center) 1993 – today: IT infrastructure, software projects, rollouts, IT architec- tures for e.g. MoI, MoH, MoF, MoA, MoS, MoX… in several countries User management and SSO for Austrian government 7
  8. 8. About RISE - Clients AMS Österreich Oesterreichische Kontrollbank AG Bank Austria Treasury Merger & Systemupgrades Österreichische Universitäten – IT-Gesamtstrategie Bundesrechenzentrum – Test- und Multiprojektmanagement Bundesverwaltung – ELAK Einführung IT-Portfolio – Die Presse Dresdner Bank Bundesministerium für Gesundheit Berlin Justizministerium United Arabic Emirates ICT Qatar (gesamtes IKT-Portfolio) Usability- und Web-Strategie der indischen Regierung Qatar Foundation (Infrastruktur-Planung) e-Governement-Strategie Libyen User management and SSO for Austrian government 8
  9. 9. About LFRZ “Land-, forst- & wasserwirtschaftliches Rechenzentrum GmbH” – www.lfrz.at IT service provider located in Vienna owned by Austrian „ministry of agriculture“, which is also the principal customer approx. 30 employees + external consultants focus is on GIS, SSO, custom application development in Java, data integration, IT operations  and CMS User management and SSO for Austrian government 9
  10. 10. About LFRZ - Clients LFRZ’s principal customer, principal website  www.lebensministerium.at User management and SSO for Austrian government 10
  11. 11. SSO in Austrian government
  12. 12. SSO in Austrian governmentPrincipal customer – “Lebensministerium” 120 editors 30+ websites different departments, different offices in different cities existing SSO solution windows login enables access to all assigned applications 12
  13. 13. SSO in Austrian governmentSSO solution “Portalverbund der Österreichischen Behörden” use is mandated by law standardized protocols, different implementations de-central rights management different portal providers, different application providers 13
  14. 14. SSO in Austrian governmentSSO solution “Portalverbund” Systems involved: “Proxy-based” solution, home-portal, application-portal Role model: similar to J2EE: users have roles in an application PVP protocol: SSO-information provided in HTTP headers 14
  15. 15. SSO in Austrian governmentSSO solution “Portalverbund” user-infos in http-headers user-infos in http-headers application-portal application home-portal 15
  16. 16. Requirements and challenges
  17. 17. SSO – requirements and challengesManageable roles and groups Old CMS had SSO Integration Old CMS did not use ACLs 120 editors needed 700 groups !!! Synchronization of Portalverbund LDAP and CMS Incredibly confusing! 17
  18. 18. SSO – requirements and challengesRequirements SSO – automatic login Roles and groups normally managed in magnolia  roles and groups also via PVP headers, mappings Permissions (ACLs) managed in magnolia Automatic user creation on login “Preemptive” user creation from LDAP  GUI 18
  19. 19. SSO – requirements and challengesChallenges Integrating SSO How to handle Permissions (ACLs) Keeping roles and groups manageable Implementing GUIs in magnolia 19
  20. 20. Implementation
  21. 21. SSO – implementation in MagnoliaCustom modules vaadin-preintegration: use Vaadin in Magnolia 4.4.x pvp-jaas: SSO integration, LDAP integration 21
  22. 22. SSO – implementation in MagnoliaModule pvp-jaas LoginHandler PVPCallback (JAAS callback) PVPAuthenticationModule (JAAS module) and: LDAP user page (Vaadin based GUI) 22
  23. 23. SSO – implementation in MagnoliaModule pvp-jaas 23
  24. 24. SSO – implementation in MagnoliaModule pvp-jaas Configuration via content2bean Group & role mappings possible Auto-update of user infos (marriage, change of office, etc…) 24
  25. 25. SSO – implementation in MagnoliaLDAP user GUI (Vaadin) 25
  26. 26. SSO – implementation in MagnoliaConclusion Working well in production Easy for editors, easy for admins Customer manages users LFRZ manages groups, roles & ACLs Magnolia is now “Portalverbund”-compatible 26
  27. 27. Thank you!
  28. 28. Questions?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×