qaforum security structure. what’s sso single sign-on (sso) is mechanism whereby a single action...
TRANSCRIPT
![Page 1: Qaforum Security Structure. What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a](https://reader036.vdocuments.mx/reader036/viewer/2022083005/56649f285503460f94c40585/html5/thumbnails/1.jpg)
Qaforum Security Structure
![Page 2: Qaforum Security Structure. What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a](https://reader036.vdocuments.mx/reader036/viewer/2022083005/56649f285503460f94c40585/html5/thumbnails/2.jpg)
What’s SSO
• Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where he has access permission, without the need to enter multiple passwords. Single sign-on reduces human error.
• Qaforum adopt CAS (Central Authentication Service) from Jasig project as sso. It’s an open source project at http://www.jasig.org/cas/
![Page 3: Qaforum Security Structure. What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a](https://reader036.vdocuments.mx/reader036/viewer/2022083005/56649f285503460f94c40585/html5/thumbnails/3.jpg)
SSO workflow
![Page 4: Qaforum Security Structure. What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a](https://reader036.vdocuments.mx/reader036/viewer/2022083005/56649f285503460f94c40585/html5/thumbnails/4.jpg)
Security measure• Use https for login process• Before submit to login, system will encrypt the
username/password with RSA algorithm• 3 types users, users in db, users in silvercomp ldap, users in
cisco ad. For users in db, their password is encrypted by md5 algorithm. For other two types, we do not keep the password in db, query the ldap/ad directly.
• Cookie does not keep any information of users. If user want to use Remember Me feature, only one cookie is kept in user’s browser, which contains the ticket composed by uid. (TGT-114-gqP60KOfeGkxJuK4VAvkEpDviqFGX6lsPWZn7pAXUPKXYZXT2q-qaforum.webex.com)