june 27, 2015 1 teamcenter™ security services sso dennon ison software engineer...

April 18, 2023 1

Teamcenter™ Security Services SSO

Dennon IsonSoftware [email protected]

Template # 99-P34884K, Rev E – 3/17/08

© 2008 General Dynamics. All Rights Reserved.

April 18, 2023 2

Objective

Explain how General Dynamics C4Systems implemented a no-challenge login using the Teamcenter Security Services™.


April 18, 2023 3

Outline

The CIO Challenge Terminology/Definitions Teamcenter Enterprise™ Login Architecture The Options The Solution Our Environment Considerations Questions


April 18, 2023 4

The Challenge

Implement a non-challenge SSO solution for the Teamcenter™ suite of products. Solution must have IT Networking acceptance/support Solution must have IT Information Security

acceptance/support Solution must work with existing assets and resources


April 18, 2023 5

Terminology

Authentication: Who the user really is

Authorization: What the user is allowed to do

SSO: A non-challenge login to systems after the user has been authenticated on the network domain

Teamcenter Security Services (TCSSO): Web-based application that maintains a central login for all Teamcenter applications

LdapAuth: Allow Enterprise users to login with their network login account


April 18, 2023 6

Login Architecture (Enterprise)

Active Directory

TC Web TierTCSSO

`

User Workstation

EnterpriseServer

Web Server

Client

With TCSSOWith LdapAuth

Prompt forCredentials


April 18, 2023 7

The Options

Network recommended

Quick

Need to use multiple machines to redirect

Security “disliked” the idea

Internet Information Services™ (IIS)

Resolve security issue

Still use IIS

Lack of windows machines

Lack of “team comfort”

Move web tier to windows

Limited customization Significant setup

Lack of experience

JBoss™ LDAP Authentication


April 18, 2023 8

The Options

Limited customization Significant setup

Lack of experience

Apache™ LDAP Authentication

Java based (any platform)

Web service

Customization

Changes to AD

Java Authentication and Authorization Service (JAAS)


April 18, 2023 9

The Solution

Validated against AD with Kerberos protocol

All “open” credentials are kept in the same “container” (jvm)

Works on any platform Should work on any J2EE

java application server

Only handled authentication of user, did not give Teamcenter Credentials

JCIFS (Java Common Internet File System)

(http://jcifs.samba.org)


April 18, 2023 10

The Solution

Add JCIFS Filter to web.xml

Configure Security Services

Modify PreLoginPage.jsp

web.xml


April 18, 2023 11

The Solution

Active Directory

TC Web TierTCSSO

`

User Workstation

EnterpriseServer

Web Server

JCIFSFilter


April 18, 2023 12

Our Environment

DB1

web1

server1

web3web2 web4 web5

`

User Workstation

Active Directory

JBoss Cluster

JCIF AuthenticationLoad Balancing

Tc EnterpriseServer

Tc EnterpriseOracle DB

Tc EnterpriseWeb tier


April 18, 2023 13

Considerations

Implemented with Tc Enterprise™, Tc Engineering™, Tc Reporting and Analytics™

Only addresses web-based login (Clients, TcRA™ (backend), integrations, still use server side authorization)

Only works when logging in from windows OS machines (looking into Unix)


April 18, 2023 14

Questions?


june 27, 2015 1 teamcenter™ security services sso dennon ison software engineer...

Documents

general dynamics c4systems

nonchallenge login

login architecture enterprise

solution jcifs filter

central login

nonchallenge sso solution

webbased login clients

network login account