june 27, 2015 1 teamcenter™ security services sso dennon ison software engineer...
Post on 21-Dec-2015
212 views
TRANSCRIPT
![Page 1: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/1.jpg)
April 18, 2023 1
Teamcenter™ Security Services SSO
Dennon IsonSoftware [email protected]
Template # 99-P34884K, Rev E – 3/17/08
© 2008 General Dynamics. All Rights Reserved.
![Page 2: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/2.jpg)
April 18, 2023 2
Objective
Explain how General Dynamics C4Systems implemented a no-challenge login using the Teamcenter Security Services™.
© 2008 General Dynamics. All Rights Reserved.
![Page 3: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/3.jpg)
April 18, 2023 3
Outline
The CIO Challenge Terminology/Definitions Teamcenter Enterprise™ Login Architecture The Options The Solution Our Environment Considerations Questions
© 2008 General Dynamics. All Rights Reserved.
![Page 4: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/4.jpg)
April 18, 2023 4
The Challenge
Implement a non-challenge SSO solution for the Teamcenter™ suite of products. Solution must have IT Networking acceptance/support Solution must have IT Information Security
acceptance/support Solution must work with existing assets and resources
© 2008 General Dynamics. All Rights Reserved.
![Page 5: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/5.jpg)
April 18, 2023 5
Terminology
Authentication: Who the user really is
Authorization: What the user is allowed to do
SSO: A non-challenge login to systems after the user has been authenticated on the network domain
Teamcenter Security Services (TCSSO): Web-based application that maintains a central login for all Teamcenter applications
LdapAuth: Allow Enterprise users to login with their network login account
© 2008 General Dynamics. All Rights Reserved.
![Page 6: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/6.jpg)
April 18, 2023 6
Login Architecture (Enterprise)
Active Directory
TC Web TierTCSSO
`
User Workstation
EnterpriseServer
Web Server
Client
With TCSSOWith LdapAuth
Prompt forCredentials
© 2008 General Dynamics. All Rights Reserved.
![Page 7: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/7.jpg)
April 18, 2023 7
The Options
Network recommended
Quick
Need to use multiple machines to redirect
Security “disliked” the idea
Internet Information Services™ (IIS)
Resolve security issue
Still use IIS
Lack of windows machines
Lack of “team comfort”
Move web tier to windows
Limited customization Significant setup
Lack of experience
JBoss™ LDAP Authentication
© 2008 General Dynamics. All Rights Reserved.
![Page 8: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/8.jpg)
April 18, 2023 8
The Options
Limited customization Significant setup
Lack of experience
Apache™ LDAP Authentication
Java based (any platform)
Web service
Customization
Changes to AD
Java Authentication and Authorization Service (JAAS)
© 2008 General Dynamics. All Rights Reserved.
![Page 9: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/9.jpg)
April 18, 2023 9
The Solution
Validated against AD with Kerberos protocol
All “open” credentials are kept in the same “container” (jvm)
Works on any platform Should work on any J2EE
java application server
Only handled authentication of user, did not give Teamcenter Credentials
JCIFS (Java Common Internet File System)
(http://jcifs.samba.org)
© 2008 General Dynamics. All Rights Reserved.
![Page 10: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/10.jpg)
April 18, 2023 10
The Solution
Add JCIFS Filter to web.xml
Configure Security Services
Modify PreLoginPage.jsp
web.xml
© 2008 General Dynamics. All Rights Reserved.
![Page 11: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/11.jpg)
April 18, 2023 11
The Solution
Active Directory
TC Web TierTCSSO
`
User Workstation
EnterpriseServer
Web Server
JCIFSFilter
© 2008 General Dynamics. All Rights Reserved.
![Page 12: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/12.jpg)
April 18, 2023 12
Our Environment
DB1
web1
server1
web3web2 web4 web5
`
User Workstation
Active Directory
JBoss Cluster
JCIF AuthenticationLoad Balancing
Tc EnterpriseServer
Tc EnterpriseOracle DB
Tc EnterpriseWeb tier
© 2008 General Dynamics. All Rights Reserved.
![Page 13: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/13.jpg)
April 18, 2023 13
Considerations
Implemented with Tc Enterprise™, Tc Engineering™, Tc Reporting and Analytics™
Only addresses web-based login (Clients, TcRA™ (backend), integrations, still use server side authorization)
Only works when logging in from windows OS machines (looking into Unix)
© 2008 General Dynamics. All Rights Reserved.
![Page 14: June 27, 2015 1 Teamcenter™ Security Services SSO Dennon Ison Software Engineer Dennon.Ison@gdc4s.com Template # 99-P34884K, Rev E – 3/17/08 © 2008 General](https://reader035.vdocuments.mx/reader035/viewer/2022070323/56649d605503460f94a415c2/html5/thumbnails/14.jpg)
April 18, 2023 14
Questions?
© 2008 General Dynamics. All Rights Reserved.