Global ETD Search

11	Konfigurace SSO ve vnitropodnikové síti proti Active Directory / Configuration of Single Sign On against Active Directory in enterprise network Křenek, Jan January 2013 (has links) This work discusses about configuration and integration of Single Sign On against to Active Directory which serves as an authorization into web applications for Air Navigation Services, CZECH REPUBLIC by company Ifield Computer Consultancy Limited. Part of the work is performed the results of testing of the performance these two type of implementations for two different applications. For the theory part I've been using relevant literature, but for some tools, namely Scimark and JMeter, there is none, so I had to settle with internet sources. The main benefit of this thesis is the result of testing of comparison two different implementations of the Single Sign On generated using NTLMv2 and SPNEGO/Kerberos.
12	Single sign-on in heterogeneous computer environments Louwrens, Cecil Petrus 05 September 2012 (has links) M.Sc. / The aim of this dissertation (referred to as thesis in the rest of the document) is to investigate the concept of Single Sign-on (SSO) in heterogeneous computing environments and to provide guidelines and reference frameworks for the selection and successful implementation of SSO solutions. In doing so. it also provides an overview of the basic types of SSO, Secure Single Sign-on (SSSO) solutions, enabling technologies, as well as products currently available. Chapter 1 introduces the sign-on problem, the purpose and organization of the thesis and terminology and abbreviations used. The crux of the sign-on problem is that users are required to sign on to multiple systems, developed at different times and based on different technologies, each with its own set of signon procedures and passwords. This inevitably leads to frustration, loss of productivity and weakened security. Users frequently resort to writing down passwords or using trivial password that can easily be guessed. In Chapter 2 the concepts of Single Sign-on and a special subset of SSO, Secure Single Sign-on are defined. Five types of SSO solutions are identified, namely: Synchronization, Scripting, Proxies and Trusted Hosts. Trusted Authentication Server and Hybrid solutions. Of the available types of solutions, only Trusted Authentication Server and Hybrid solutions can provide Secure Single Sign-on if properly implemented. The security services for SSSO are identified as authentication, authorization, integrity, confidentiality, non-repudiation, security management and cryptographic services. Additional SSSO concepts, as well as the vulnerabilities, obstacles and pitfalls to introducing SSO solutions are discussed. Chapter 3 provides an overview of the most important SSO enabling technologies. The following technologies are discussed: OSF DCE, SESAME, Kerberos, DSSA/SPX, TESS, NetSp, Secure Tokens, GSS-API and Public key Cryptography. Chapter 4 discusses the Open Software Foundation's (OSF) Distributed Computing Environment (DCE). OSF DCE is one of the two open standards for distributed processing which are having a major influence on the development of single sign-on solutions and forms the basis of many existing SSO products. DCE is not a SSO product. but consists of specifications and software. The goal of DCE is to turn a computer network into a single, coherent computing engine. It is considered to be one of the fundamental building blocks for SSO solutions in the future. In Chapter 5 SESAME is discussed in some detail as another major enabling technology for SSO. Secure European System for Applications in a Multi-vendor Environment (SESAME) is an architecture that implements a model for the provision of security services within open systems developed by the European Computer Manufacturers Association (ECMA). The architecture was developed and implemented on a trial basis, by Bull, ICL and Siemens-Nixdorf in an initiative supported by the European Commission. Chapter 6 presents a list of 49 commercial SSO products currently available, classified according to the type of SSO solution. A few representative products are discussed in more detail to give an indication what functionality a prospective buyer could expect. The 'Ideal Single Sign-on' solution is presented in Chapter 7. Detailed requirements are listed. These requirements are uniquely identified by a code and classified as essential or recommended functionality required. Chapter 8 assimilates the information in the previous chapters into a structured evaluation, selection and implementation plan for SSO solutions, consisting of nine separate phases. It also proposes a reference framework for the evaluation and selection process. Chapter 9 concludes the thesis. Findings and conclusions are summarized as to the importance and impact of Single Sign-on as well as the expected future directions to be expected. In addition, recommendations for the future implementation of SSO and SSSO solutions in heterogeneous computing environments are made. Computers - Access control. Computers - Access control - Passwords. Single sign-on.
13	Single sign-on v J2EE webových aplikacích založené na protokolu SPNEGO/Kerberos / Single Sign-On in J2EE Web Applications Based on SPNEGO/Kerberos Nečas, Tomáš Unknown Date (has links) The dissertation deals with requirements, analysis, description and integration of Single Sign-On solution based on SPNEGO/Kerberos protocol. The thesis provides an overview of the Single Sign-On basic principles and concepts and deals with the Kerberos authentication mechanism in more detail. After introducing the fundaments of the Kerberos protocol, its terminology and common implementations, attention is focused on the services and settings of Microsoft Kerberos implementation in Windows 2000/2003 environment. An authentication solution demonstration is performed on J2EE platform using the authentication filter and plug-in. The thesis also includes a brief overview of integrating the Single Sign-On solution into different architectures of corporate information systems and describes the implementation process of this solution. In conclusion, the usability of Kerberos Single Sign-On solution in today's business sector is analysed.
14	Preserving Trust Across Multiple Sessions in Open Systems Chan, Fuk-Wing Thomas 13 July 2004 (has links) (PDF) Trust negotiation, a new authentication paradigm, enables strangers on the Internet to establish trust through the gradual disclosure of digital credentials and access control policies. Previous research in trust negotiation does not address issues in preserving trust across multiple sessions. This thesis discusses issues in preserving trust between parties who were previously considered strangers. It also describes the design and implementation of trust preservation in TrustBuilder, a prototype trust negotiation system. Preserving trust information can reduce the frequency and cost of renegotiation. A scenario is presented that demonstrates that a server supporting trust preservation can recoup the cost of the trust preservation facility when approximately 25% of its requests are from repeat customers. The throughput and response time improve up to approximately 33% as the percentage of repeat customers grows to 100%. Trust negotiation single-sign-on authentication authorization security Computer Sciences
15	Analysis and Evaluation of an Integrated Web Services Framework Cai, Da 25 June 2012 (has links) No description available. Computer Science Web service Software as a Service Single sign on E-Commerce
16	Comparison of Methods of Single Sign-On : Post authentication methods in single sign on Topal, Baran January 2016 (has links) Single sign-on (SSO) is a session verification mechanism that allows a client to use a single password and name combination to be able to access multiple applications. The mechanism validates the client for all the applications and eliminates the need for authentication prompts when a user switches between applications within a session. SSO mechanisms can be classified as software versus hardware or customer-requirements oriented versus server-side arrangements. The five commonly used mechanisms of Single Sign-On currently are: Web Single Sign-On, Enterprise Single Sign-On, Kerberos (or Ticket/Token Authentication), Open ID, and Federation or Federated Identity. SSO has the main benefit of allowing a user to access many different systems without having to log on to each and every one of them separately. However, SSO introduces a security risk as once an attacker gains access to a single system, then the attacker has access to all of the systems. This thesis describes SSO technology, the Security Assertion Markup Language, and the advantages and risks involved in using SSO. It examines authentication mechanisms and their suitability for SSO integration. The main emphasis is a description of a mechanism that ameliorates some of the disadvantages of SSO by monitoring the user behavior with respect to a template. If a user performs actions that fit the defined template behavior, then the post authentication mechanism will not get activated. If, on the other hand, a user does something unforeseen, the mechanism will not perform authentication for this user, but rather trigger manual authentication. If this manual authentication succeeds, then the user will continue to interact with the system, otherwise user session will be ended. This behavior extension authentication mechanism is a method that eases the authentication process in which users are not expected to remember any username and password that can be forgotten easily or have a biometric attribute that can change over time. This method can be integrated to existing web application without a major risk and increase in cost. / Single sign-on (SSO) är en sessionkontrollmekanism som gör det möjligt för en kund att använda en ett enda par av lösenord och namn för att kunna få tillgång till flera olika program. Mekanismen validerar klienten för alla anrop och eliminerar behovet av ytterligare inloggningsdialoger när en användare växlar mellan program inom en session. SSO-mekanismer kan klassificeras enligt olika kriterier, såsom programvara kontra hårdvara eller kunder krav orienterade mot serversidan arrangemang. De fem vanligen använda mekanismerna för Single Sign-On är närvarande: Web Single Sign-On Enterprise Single Sign-On, Kerberos (eller Token autentisering), Open ID och Federation eller Federated Identity. SSO har den stora fördelen att en användare kan få tillgång till många olika system utan att behöva logga in på vart och ett av dem separat. Men SSO inför också en säkerhetsrisk i och med att tillgång till ett enda av systemen också automatiskt innebär tillgång till samtliga. Denna avhandling beskriver SSO-teknik, Security Assertion Markup Language, och fördelarna och riskerna med att använda SSO, samt undersöker autentiseringsmekanismer och deras lämplighet för SSO integration. Tyngdpunkten är en beskrivning av en mekanism som minskar några av nackdelarna med SSO genom att övervaka användarnas beteende med avseende på en mall. Om en användare utför åtgärder som passar det beteende som beskrivs av mallen, då den föreslagna mekanismen kommer att hantera autentiseringen automatiskt. Om, å andra sidan, en användare gör något oförutsett, kommer mekanismen inte att automatiskt utföra autentisering för den här användaren, utan utlöser manuellt autentisering. Om denna manuella autentiseringen lyckas, så kan användare fortsätta att fortsätta att interagera med systemet, annars kommer användarsessionen att avslutas. Denna beteendebaserade utvidgning av autentiseringsmekanismen är en lovande metod som minskar behovet av att komma ihåg många namn och lösenord, utan att lämna delsystem öppna till de säkerhetsproblem som uppstår i ren SSO, och utan att vara beroende av biometriska egenskaper som kan förändras över tiden. Denna metod kan integreras med befintliga webbaserade lösningar utan ökad risk och ökade kostnader. SSO Single sign-on SAML authentication security behavior risk SSO Single sign-on SAML autentisering säkerhet beteende risk Communication Systems Kommunikationssystem
17	Verteilte Autorisierung innerhalb von Single Sign-On-Umgebungen : Analyse, Architektur und Implementation eines Frameworks für verteilte Autorisierung in einer ADFS-Umgebung / Distributed authorization within single sign on environments : analysis, architecture, and implementation of a framework for distributed authorization within an ADFS environment Kirchner, Peter January 2007 (has links) Aktuelle Softwaresysteme erlauben die verteilte Authentifizierung von Benutzern über Ver-zeichnisdienste, die sowohl im Intranet als auch im Extranet liegen und die über Domänen-grenzen hinweg die Kooperation mit Partnern ermöglichen. Der nächste Schritt ist es nun, die Autorisierung ebenfalls aus der lokalen Anwendung auszulagern und diese extern durchzu-führen – vorzugsweise unter dem Einfluss der Authentifizierungspartner. Basierend auf der Analyse des State-of-the-Art wird in dieser Arbeit ein Framework vorges-tellt, das die verteilte Autorisierung von ADFS (Active Directory Federation Services) authenti-fizierten Benutzern auf Basis ihrer Gruppen oder ihrer persönlichen Identität ermöglicht. Es wird eine prototypische Implementation mit Diensten entwickelt, die für authentifizierte Be-nutzer Autorisierungsanfragen extern delegieren, sowie ein Dienst, der diese Autorisierungs-anfragen verarbeitet. Zusätzlich zeigt die Arbeit eine Integration dieses Autorisierungs-Frameworks in das .NET Framework, um die praxistaugliche Verwendbarkeit in einer aktuel-len Entwicklungsumgebung zu demonstrieren. Abschließend wird ein Ausblick auf weitere Fragestellungen und Folgearbeiten gegeben. / Current software systems allow distributed authentication of users using directory services, which are located both in the intranet and in the extranet, to establish cooperation with part-ners over domain boundaries. The next step is to outsource the authorization out of the local applications and to delegate the authorization decisions to external parties. In particular the authorization request is back delegated to the authentication partner. Based on an analysis of the state of the art this paper presents a framework which allows the distributed authorisation of ADFS authenticated users. The authorization decisions are based on the user’s identity and groups. In this work there will be developed a prototypical imple-mentation of services which are capable of delegating authorization requests. Additionally, this work points out the integration of these services into the .NET framework to demonstrate the usability in a modern development environment. Finally there will be a prospect of further questions and work. Single Sign On Autorisierung SSO ADFS Active Directory Federation Services Single Sign On Authorization SSO ADFS Active Directory Federation Services Data processing Computer science
18	Authentifizierungs- und Informationsdienst Wegener, Jens 27 September 2004 (has links) (PDF) Es werden Systeme zur Realisierung einer einheitlichen Authentifizierung von Nutzern im Hinblick auf WWW-Anwendungen an der Technischen Universtät Chemnitz und der damit verbundenen Übermittlung von Nutzerdaten untersucht. Shibboleth wird als ein prinzipiell mögliches System zur Lösung dieser Aufgabe in Form eines Tests näher betrachtet. Identitätsmanagement Liberty Alliance Passport Shibboleth ddc:004 CAS Datenschutz Identität Single Sign-On
19	Mecanismos de autenticação e autorização em redes sociais virtuais: o caso futweet ANDRADE, Marcos Tadeu de 31 January 2010 (has links) Made available in DSpace on 2014-06-12T15:56:41Z (GMT). No. of bitstreams: 2 arquivo2964_1.pdf: 2832258 bytes, checksum: ebe11e2d78c78120b2413077dd92b9c7 (MD5) license.txt: 1748 bytes, checksum: 8a4605be74aa9ea9d79846c1fba20a33 (MD5) Previous issue date: 2010 / A crescente penetração da internet entre os mais diversos setores e camadas da sociedade favoreceu a popularização de novas formas de interação entre as pessoas que a utilizam. Dentre estas novas formas de interação, podemos destacar as redes sociais virtuais, que podem agregar usuários com interesses em comum. Várias redes sociais virtuais disponibilizam APIs de acesso às suas funcionalidades, o que gera a necessidade da existência de mecanismos de autenticação e autorização para os usuários ou aplicações que utilizam tais APIs. Alguns mecanismos são sustentados por protocolos já conhecidos e validados tanto no âmbito acadêmico quanto no profissional, como é o caso do Kerberos, que pode ser utilizado no processo de Single Sign-On, em que o usuário é autenticado uma única vez e acessa vários serviços a partir dessa autenticação. Um protocolo que tem sido adotado pelas principais redes sociais é o OAuth, que enfatiza a segurança das credenciais do usuário. Nesse contexto, um problema existente é o de como integrar as diversas formas de autenticação existentes nas mais variadas redes sociais virtuais em uma única aplicação web. Com o objetivo de prover uma solução para esse problema, foram adicionados mecanismos que tratam da autenticação de usuários provindos de redes sociais diversas ao jogo Futweet, que originalmente utilizava somente a rede social Twitter. Este trabalho descreve as formas de autenticação das principais redes sociais, indica uma possível solução para o problema citado anteriormente e descreve a implementação utilizada no Futweet Redes Sociais Virtuais Autenticação Autorização Kerberos Single Sign-On OAuth Segurança Futweet API
20	Single sign-on : Kerberos i webbapplikationer Gustafsson Westman, Hans January 2010 (has links) Detta arbete undersöker ett par olika tekniker för att implementera single sign on med Kerberos i webbapplikationer. Undersökningen har gjorts på HTTP-autentisering som bygger på Microsofts NegotiateAuth och Cosign från University of Michigan. Dessa två tekniker har undersökts för att se hur de står sig mot varandra på kriterier såsom komplexitet, arbetsinsats och mjukvarukrav.Resultatet visar att HTTP-autentisering är väldigt simpel att implementera men kräver dock att användarens webbläsare konfigureras för den. Cosign är mer komplext men använder sig av Cookies vilket gör att de flesta webbläsare stödjer tekniken utan extra konfiguration. Single sign on Kerberos NegotiateAuth HTTP-autentisering Cosign Computer Sciences Datavetenskap (datalogi)

Search results