Your SlideShare is downloading. ×
Srs sso-version-1.2-stable version
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Srs sso-version-1.2-stable version

316
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
316
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Single Sign On/Federation via AD FS/WIF/SAML Software Requirements SpecificationGroup Id: F1202FBFA8 (MC110403218)Supervisor Name: Sarfraz Ahmad Awan (sawan@vu.edu.pk)
  • 2. Revision History Date Version Description Author11/2/1012 1.0 Initial Draft for all the basic MC110403218 elements of SRS document11/5/2012 1.1 Added scope for project and MC110403218 Refined use cases.11/5/2012 1.2 Labeled as version 1.2 send to MC110403218 Sarfraz Ahmad Awan as assignment no 1
  • 3. Contents1 Overview ............................................................................................................................ 4 1.1 Introduction ................................................................................................................. 4 1.2 Competitor solution ..................................................................................................... 4 1.3 Implementation technologies ...................................................................................... 42 Scope .................................................................................................................................. 5 2.1 Architecture Scope Options ........................................................................................ 5 2.1.1 Implementation via Federation Server for SSO ................................................... 5 2.1.2 Development of STS Service for SSO ................................................................. 5 2.1.3 Identity Providers to cover for SSO ..................................................................... 5 2.1.4 Service Providers to cover for SSO ..................................................................... 5 2.1.5 OS scope for SSO ................................................................................................ 5 2.1.6 SAML Implementation Scope ............................................................................. 53 Software Requirement ....................................................................................................... 5 3.1 Functional Software Requirement ............................................................................... 5 3.1.1 Transparent SSO .................................................................................................. 5 3.1.2 Source and destination ......................................................................................... 6 3.1.3 Administrator Console ......................................................................................... 6 3.2 Non-Functional Software Requirement ...................................................................... 6 3.2.1 Performance Requirements .................................................................................. 6 3.2.2 Security Requirements ......................................................................................... 64 User Case Diagram ............................................................................................................ 65 Use case Explanation ......................................................................................................... 7 5.1 Use Case Id 00001....................................................................................................... 7 5.2 Use Case Id 00002....................................................................................................... 8 5.3 Use Case Id 00003....................................................................................................... 9
  • 4. 1 Overview1.1 Introduction Single Sign On (SSO) (also known as Enterprise Single Sign On or "ESSO") is the ability for a user to enter the same id and password to logon to multiple applications within an enterprise. As passwords are the least secure authentication mechanism, single sign on has now become known as reduced sign on (RSO) since more than one type of authentication mechanism is used according to enterprise risk models.1.2 Competitor solution For details, please visit: http://en.wikipedia.org/wiki/List_of_single_sign-on_implementations1.3 Implementation technologies Microsoft .Net Framework / C# WIF http://en.wikipedia.org/wiki/Windows_Identity_Foundation SAML http://en.wikipedia.org/wiki/SAML_2.0 WS-Trust http://en.wikipedia.org/wiki/WS-Trust
  • 5. WS-Security http://en.wikipedia.org/wiki/WS-Security 2 Scope 2.1 Architecture Scope Options2.1.1 Implementation via Federation Server for SSO Federation server can be implemented to handle federation mechanism for SSO. It would be best laid architecture. But can be out of scope for current course. A POC will be done to make sure that the current scope is properly under stood. Scope can be dependent on design phase of the project.2.1.2 Development of STS Service for SSO AD FS will act as STS Service. Scope for AD FS can be dependent on design phase of the project.2.1.3 Identity Providers to cover for SSO Currently Active directory is primary scope as Identity provider.2.1.4 Service Providers to cover for SSO ASP .Net business applications like HR application will act as service provider for current implementation.2.1.5 OS scope for SSO Current project will only cover Windows Server 2012 as testing and development environment for Server operating system. Current project will only cover Windows 8 as testing and development environment for client operation system.2.1.6 SAML Implementation Scope Windows Identity Foundation have SAML 2.0 implementation as extension as explained in http://connect.microsoft.com/site1168/Downloads/DownloadDetails.aspx?DownloadID=360 88 This will be current scope of SAML 2.0 implementation. 3 Software Requirement 3.1 Functional Software Requirement3.1.1 Transparent SSO For end user there should not be any visual indicator that user is moving from one application to another. Means for end user it should be transparent SSO.
  • 6. 3.1.2 Source and destination Source and destination Provider should be configurable.3.1.3 Administrator Console There should not be any hard coding for entities evolved in solution like Identity provider or Service Provider. STS Service should not be hard coded; there must an interface to change URL for STS Service. Service accounts for solution must be configurable via UI interface. 3.2 Non-Functional Software Requirement3.2.1 Performance Requirements SSO must be performed with no delays. Robust redirection should be provided from source to destination.3.2.2 Security Requirements The security requirements to be met by an implementation of SSO are: SSO shall not adversely affect the resilience of the system within which it is deployed. SSO shall not adversely impact the availability of any individual system service. An SSO implementation shall audit all security relevant events which occur within the context of the XSSO. An SSO implementation shall protect all security relevant information supplied to or generated by the XSSO implementation such that other services may adequately trust the integrity and origin of all security information provided to them as part of a secondary sign-on operation. The SSO shall provide protection to security relevant information when exchanged between its own constituent components and between those components and other services. 4 User Case Diagram
  • 7. Single Sign On/Federation via AD FS/WIF/SAML Configure Source «uses» «extends» Provider «uses» Provide System Provide Service Configuration Account Info Configure SSO * Provider «uses» * «extends» * Configure Destination Provider SSO Admin * * «uses» * Configure Identity * Privder Test Provider * STS Service «uses» Passing Token from Source «uses» Perform action for Notification for Provider to Destination SSO Provider change Provider * * SSO End User5 Use case ExplanationExplanation for only primary use cases (Those mainly used by actors) is written below.5.1 Use Case Id 00001Use Case Title Configure SSO ProviderAbbreviated Title C_SSO_ProviderUse Case Id 00001Requirement Id 3.1.2 , 3.1.3Description:It is administrative task and will be performed by SSO AdminPre Conditions: Solution is properly installed. STS Service is already installed.Task Sequence Exceptions1. Open MMC for SSO2. Identify the Source or destination - type of provider to configure.3. Provide configuration like URL or other related info. Some provider might not have URL4. Provide Service account info for configuration like user name and Some provider mightpassword give anonymous
  • 8. access..Post Conditions: Provider is tested and returns positive response to SSO admin.Unresolved issues:Authority: Shahzad SarwarModification history: Initial DraftAuthor: Shahzad SarwarDescription: Needs review by Course Supervisor : Sarfraz Ahmad Awan5.2 Use Case Id 00002Use Case Title Configure Identity PrivderAbbreviated Title C_I_PrivderUse Case Id 00002Requirement Id 3.1.2 , 3.1.3Description:It is administrative task and will be performed by SSO AdminPre Conditions:Solution is properly installed.STS Service is already installed.Identify Provider is reachable.Task Sequence Exceptions1. Open MMC for SSO2. Provide Identity configuration like URL , domain name or other related Some provider might info. not have URL or domain name3. Provide configuration like URL or other related info. Some provider might not have URLPost Conditions: Identity Provider is tested and returns positive response to SSO admin.Unresolved issues:Authority: Shahzad SarwarModification history: Initial DraftAuthor: Shahzad Sarwar
  • 9. Description: Needs review by Course Supervisor : Sarfraz Ahmad Awan5.3 Use Case Id 00003Use Case Title Perform action for SSOAbbreviated Title P_A_F_SSOUse Case Id 00003Requirement Id 3.1.1Description:User will be redirected from source application to source application.Pre Conditions:Solution is properly installed.STS Service is already installed.Identify Provider is configured.Source Provider is configured.Destination Provider is configured.Task Sequence Exceptions1. Open application for source.2. Open application for destination.3. Perform redirection action, that will redirect from source to destination.Post Conditions: Transparent redirection is performed from source to destination.Unresolved issues:Authority: Shahzad SarwarModification history: Initial DraftAuthor: Shahzad SarwarDescription: Needs review by Course Supervisor : Sarfraz Ahmad Awan

×