Embed Size (px)
Citation preview
Web Single Sign-on Solution in Telekom SrbijaIvan Arsenijević
Solving the existing problem
Project goal
Build a new system as a solution for the issues of current implementation:
Slow, complex, expensive
Development of the SSO product
Protecting new applications
Resolving operational issues
Oracle Access Manager
Web Single Sign-on (SSO) solution
SECURE EXPANDABLE ADAPTIVE
Proposed solution
OAM FULFILLED ALL REQUIREMENTS AND ADDITIONALY ENABLED: • integration with Cloud services offering• offloading the staff from most tasks
• performance enhancements
The project
July 2015 - April 2016Test system - SagaTest system - Telekom SrbijaProduction system - Telekom SrbijaWeb servers with protected applications:
• Apache httpd (CentOS Linux, SuSE Linux, Windows)
• IIS (Windows)
The project
Key:
Application code expanded for unsolicited login
Unique part of the solution
End user's perspective
Web SSO in OAM
Login pageContent for
logged-out users
Protected resource- access
Protected resource(DCC)
Protected resource- logout
Protected resource(unsolicited)
1
2
,3
1,2,3
4
5
6
User login
Authentication and authorization
Dedicated login page• ECC – accessing OAM servers• DCC – accessing separate Web servers
(DDoS)Login form embedded in page (unsolicited)• using WebGate• REST API
Architecture
R-WG
OAM
LDAPDCC-WG
Application
Web server
Architecture
OAM and WebGate are Web applications• OAM - WebLogic Server• DCC - OHS (Oracle HTTP Server)• Database (used implicitly)• LDAP
WebGate is a module for Web server (httpd, IIS)• Resource WebGate• DCC WebGate
Workflows
WF 1: Login - DCC
R-WGOAM
LDAPDCC-WG
Application
Web server1
2 34 567
8
WF 2: Login - unsolicited
R-WGOAM
LDAPDCC-WG
Application
Web server1 2
3 4
56
WF 3: Subsequent access
R-WGOAM
LDAPDCC-WG
Application
Web server1
2
WF 4: Logout
R-WGOAM
LDAPDCC-WG
Application
Web server1
4
Web server
content for
logged-out users
5
2
3
Delivered system
Production run
• Manual for partners – protecting own Web applications with Web SSO (DCC, unsolicited)• Localization & Customization
• Login page• Login error handling
• Measured performance above required
• MTS Shop - first partner (DCC)• Integrated Portal - first internal application
(unsolicited)
The team
ICT Services Department (Cloud), Marketing Department, Web developers, System administrators
Proof of Concept, Solution development, Training (courses for
the product)
Solution development,Implementation, Support
Thank you!
