Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Implementation of Single Sign On (SSO) Technology Using SAML Standards At UNIKOM Information Systems

557 views

Published on

Implementation of Single Sign On (SSO) Technology Using SAML Standards At UNIKOM Information Systems -
International Conference on Interdisciplinary Academic Research And Innovation (IARI-2016)

Published in: Education
  • My personal experience with research paper writing services was highly positive. I sent a request to ⇒ www.HelpWriting.net ⇐ and found a writer within a few minutes. Because I had to move house and I literally didn’t have any time to sit on a computer for many hours every evening. Thankfully, the writer I chose followed my instructions to the letter. I know we can all write essays ourselves. For those in the same situation I was in, I recommend ⇒ www.HelpWriting.net ⇐.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Writing good research paper is quite easy and very difficult simultaneously. It depends on the individual skill set also. You can get help from research paper writing. Check out, please ⇒ www.WritePaper.info ⇐
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Implementation of Single Sign On (SSO) Technology Using SAML Standards At UNIKOM Information Systems

  1. 1. Implementation of Single Sign On (SSO) Technology Using SAML Standards At UNIKOM Information Systems International Conference on Interdisciplinary Academic Research And Innovation (IARI-2016) November 23-24, 2016 Taryana Suryana, Irawan Afrianto, Andri Heryandi Teknik Informatika – Fakultas Teknik dan Ilmu Komputer Universitas Komputer Indonesia
  2. 2. Backgrounds • Many Applications that require login • Many Accounts To Remember • Different username and Password • Admin Create Many Users dan Passwords • Complicate password management Lecturer Student Thrusty Online Value (NilaiOnline) E-Learning Autodebet Social Media Campus Asset Management Evaluation of Lecture Finance Academic scholarship UNIKOM'SINFORMATIONSYSTEMS Admin
  3. 3. Definitions • Single Sign On (SSO) Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. On the back end, SSO is helpful for logging user activities as well as monitoring user accounts. (http://searchsecurity.techtarget.com/definition/single-sign-on)
  4. 4. Definitions • Security Assertion Markup Language (SAML) SAML is an XML standard that facilitates the exchange of user authentication and authorization data across secure domains. SAML-based SSO services involve communications between the user, an identity provider that maintains a user directory, and a service provider. When a user attempts to access an application from the service provider, the service provider will send a request to the identity provider for authentication. The service provider will then verify the authentication and log the user in. The user will not have to log in again for the rest of his session. (http://searchsecurity.techtarget.com/definition/single-sign-on)
  5. 5. Definitions • Google Apps For Education (GAFE) Google Apps for Education core services are the heart of Google's educational offering to schools. The core services are Gmail (including Inbox by Gmail), Calendar, Classroom, Contacts, Drive, Docs, Forms, Groups, Sheets, Sites, Slides, Talk/Hangouts and Vault. SSO is available for G Suite Basic, G Suite Business, and G Suite for Education. It enables users to access all of their enterprise cloud applications—including administrators signing in to the Admin console—by signing in one time for all services. GAFE also provide a Security Assertion Markup Language (SAML)-based SSO API that you can use to integrate into your Lightweight Directory Access Protocol (LDAP), or other SSO system. LDAP is a networking protocol for querying and modifying directory services running over TCP/IP (https://support.google.com/a/answer/60224?hl=en)
  6. 6. Analysis and Design System System Architecture Of Unikom SSO
  7. 7. Analysis and Design System System Architecture Of Unikom SSO
  8. 8. Analysis and Design System Unikom Password - Single Sign On Backbone Unikom Transfer Client encrypted with SSL / TLS on the HTTPS protocol. Sensitive data such as Username and Password should be a second-tier encryption (Second Layer Encryption) Using ASecure Library (developed by Digital Center using the RSA algorithm) with the Public and Private Key are different for each session ** minimal 1024bit. Key to the delivery of data generated on the server (PHP), Key to the reception of data generated in the Browser (Javascript). The connection between the Client Apps (Score online, Trusts, Online Lecture, etc.) with the Digital Passport done on the Digital Passport Protocol and is always in a state encrypted with OpenSSL, where each client has a Public Key that is different and access permissions that vary in accordance with the needs. Apps Web-based client must include the Digital Passport Dashboard on file HTML / PHP so that users can skip and perform activities related to the account. Client Apps need not (should not) create a form to Login / Register to User Management Alone. Client Apps can directly determine the status of users who access the Web page to communicate on the Digital Passport Protocol (Or use the Digital Passport API for PHP).
  9. 9. Analysis and Design System Unikom Password - Single Sign On Backbone Unikom
  10. 10. Analysis and Design System Unikom Password - Single Sign On Backbone Unikom
  11. 11. Analysis and Design System Unikom Password - Single Sign On Backbone Unikom
  12. 12. Implementations http://account.unikom.ac.id
  13. 13. Implementations http://eis.unikom.ac.id
  14. 14. Results • User (Lecturers and Students ) more convenience to access Unikom Information System • Administrators more easily manage user and password • And More Secure in Transactions
  15. 15. Further Research • Although single sign-on is a convenience to users, it present risks to enterprise security. An attacker who gains control over a user's SSO credentials will be granted access to every application the user has rights to, increasing the amount of potential damage. In order to avoid malicious access, it's essential that every aspect of SSO implementation be coupled with identity governance. Organizations can also use two factor authentication (2FA) or multifactor authentication (MFA) with SSO to improve security.
  16. 16. Terima Kasih - Thank You - Hatur Nuhun

×