User Management and SSO for Austrian Government
Upcoming SlideShare
Loading in...5
×
 

User Management and SSO for Austrian Government

on

  • 758 views

Austrian law mandates a standardized system for user management and single-sign-on for use in Austrian government institutions. The LFRZ is one of the main providers of conformant software solutions ...

Austrian law mandates a standardized system for user management and single-sign-on for use in Austrian government institutions. The LFRZ is one of the main providers of conformant software solutions for this sector. We show how Magnolia was integrated into this system, and the challenges faced and overcome in doing so.

Statistics

Views

Total Views
758
Views on SlideShare
554
Embed Views
204

Actions

Likes
0
Downloads
4
Comments
0

4 Embeds 204

http://www.magnolia-cms.com 187
http://new-author.magnolia-cms.com 9
http://author.magnolia-cms.com 7
http://test-mgnl1 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

User Management and SSO for Austrian Government User Management and SSO for Austrian Government Presentation Transcript

  • Welcome.
  • Magnolia user management and SSOfor Austrian government sectorMagnolia Conference 2012 – Technical TrackPresented by Richard Unger and Rihard Monovic
  • Agenda1 About RISE & LFRZ2 SSO in Austrian government3 Requirements and challenges4 Implementation Presentation Title 3
  • About RISE and LFRZ
  • About RISE and LFRZ – Partnership RISE  partner for industry LFRZ  partner for government User management and SSO for Austrian government 5
  • About RISE Corporation, www.rise-world.com  TU Spin Off, founded 1987  TU Vienna, INSO – The Think Tank of RISE, 40 PhDs Competences  More than 300 world-class IT-engineers & architects  Highly acknowledged R&D-enterprise in Europe  Top-Developer (e.g. part of the world-wide Java-Eclipse provider community, component delivery)  Specialists in IT-Infrastructure and IT-Integration  Top-Experts in e.g. IT-Architecture, IT-Strategy, IT-Security, Usability, Transport IT, System-Performance Locations  HQ in Schwechat/Airport and Vienna  offices in several countries  RISE personell works world-wide User management and SSO for Austrian government 6
  • About RISE - Project examples 2003 – 2006: ID Card for all Austrians + country-wide IT infrastructure 8 mio. electronic ID-Cards, 24.000 specially designed components for offices, delivered in 24 months 2005 – 2008: overall health network in Germany, architecture, planning and project/program management for the at that time largest IT project in Europe (1,8 billion €), design at CeBit 2005, leaded till 2008 2009 – 2012: country-wide ticketing for railway / public transport in Austria, 10 million tickets/year, highly complex interoperability, all access channels (clerk counter, pos-automat, internet, travel agent, mobile phone) 2007 – 2008: design and architecture of the government network plus the school&health network of Qatar, including NOC (network operating center) and SOC (security operating center) 1993 – today: IT infrastructure, software projects, rollouts, IT architec- tures for e.g. MoI, MoH, MoF, MoA, MoS, MoX… in several countries User management and SSO for Austrian government 7
  • About RISE - Clients AMS Österreich Oesterreichische Kontrollbank AG Bank Austria Treasury Merger & Systemupgrades Österreichische Universitäten – IT-Gesamtstrategie Bundesrechenzentrum – Test- und Multiprojektmanagement Bundesverwaltung – ELAK Einführung IT-Portfolio – Die Presse Dresdner Bank Bundesministerium für Gesundheit Berlin Justizministerium United Arabic Emirates ICT Qatar (gesamtes IKT-Portfolio) Usability- und Web-Strategie der indischen Regierung Qatar Foundation (Infrastruktur-Planung) e-Governement-Strategie Libyen User management and SSO for Austrian government 8
  • About LFRZ “Land-, forst- & wasserwirtschaftliches Rechenzentrum GmbH” – www.lfrz.at IT service provider located in Vienna owned by Austrian „ministry of agriculture“, which is also the principal customer approx. 30 employees + external consultants focus is on GIS, SSO, custom application development in Java, data integration, IT operations  and CMS User management and SSO for Austrian government 9
  • About LFRZ - Clients LFRZ’s principal customer, principal website  www.lebensministerium.at User management and SSO for Austrian government 10
  • SSO in Austrian government
  • SSO in Austrian governmentPrincipal customer – “Lebensministerium” 120 editors 30+ websites different departments, different offices in different cities existing SSO solution windows login enables access to all assigned applications 12
  • SSO in Austrian governmentSSO solution “Portalverbund der Österreichischen Behörden” use is mandated by law standardized protocols, different implementations de-central rights management different portal providers, different application providers 13
  • SSO in Austrian governmentSSO solution “Portalverbund” Systems involved: “Proxy-based” solution, home-portal, application-portal Role model: similar to J2EE: users have roles in an application PVP protocol: SSO-information provided in HTTP headers 14
  • SSO in Austrian governmentSSO solution “Portalverbund” user-infos in http-headers user-infos in http-headers application-portal application home-portal 15
  • Requirements and challenges
  • SSO – requirements and challengesManageable roles and groups Old CMS had SSO Integration Old CMS did not use ACLs 120 editors needed 700 groups !!! Synchronization of Portalverbund LDAP and CMS Incredibly confusing! 17
  • SSO – requirements and challengesRequirements SSO – automatic login Roles and groups normally managed in magnolia  roles and groups also via PVP headers, mappings Permissions (ACLs) managed in magnolia Automatic user creation on login “Preemptive” user creation from LDAP  GUI 18
  • SSO – requirements and challengesChallenges Integrating SSO How to handle Permissions (ACLs) Keeping roles and groups manageable Implementing GUIs in magnolia 19
  • Implementation
  • SSO – implementation in MagnoliaCustom modules vaadin-preintegration: use Vaadin in Magnolia 4.4.x pvp-jaas: SSO integration, LDAP integration 21
  • SSO – implementation in MagnoliaModule pvp-jaas LoginHandler PVPCallback (JAAS callback) PVPAuthenticationModule (JAAS module) and: LDAP user page (Vaadin based GUI) 22
  • SSO – implementation in MagnoliaModule pvp-jaas 23
  • SSO – implementation in MagnoliaModule pvp-jaas Configuration via content2bean Group & role mappings possible Auto-update of user infos (marriage, change of office, etc…) 24
  • SSO – implementation in MagnoliaLDAP user GUI (Vaadin) 25
  • SSO – implementation in MagnoliaConclusion Working well in production Easy for editors, easy for admins Customer manages users LFRZ manages groups, roles & ACLs Magnolia is now “Portalverbund”-compatible 26
  • Thank you!
  • Questions?