Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product...
-
date post
21-Dec-2015 -
Category
Documents
-
view
220 -
download
2
Transcript of Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product...
![Page 1: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/1.jpg)
Blackboard Building Blocks
Authentication Overview
Tuesday, April 18, 2023
Tom Joyce, Product Manager, Platform Architecture & Database
![Page 2: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/2.jpg)
Road Map
Authentication/Security OverviewRelease 6 Authentication OptionsCustom AuthenticationAuthentication DemosReview/Open Discussion
![Page 3: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/3.jpg)
Authentication Concepts
Ensures that you are who you say you are!Most schemes require the user to present
a set of credentialsIn the form of a username/password, or
others Referred to as End User Authentication
(EUA)
![Page 4: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/4.jpg)
EUA Options in Release 6
![Page 5: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/5.jpg)
EUA Options in Release 6
Blackboard Learning and Community Portal System™ (Release 6) offers several options “out of the box” solutions
One option for all VlsSet in authentication.
Properties (file)
![Page 6: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/6.jpg)
EUA Options
Blackboard Default (RDBMS)
LDAPWebserver
DelegationPassportCustom
![Page 7: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/7.jpg)
Default Authentication (RDBMS)
Standard with Blackboard Learning System™(Release 6)
Form to enter in their user id and password
![Page 8: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/8.jpg)
Default Authentication
Customization Options– Users can customize login page via UI– Direct Portal Entry
MD5 Passwords are stored in Bb Database
Uses a challenge/response mechanism for increased security
![Page 9: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/9.jpg)
Challenge/Response Mechanism
Does not send the password over the network in “clear text” form
Prevents “sniffing” of passwords
![Page 10: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/10.jpg)
Challenge/Response Mechanism
IDC
User Requests Login Page
Server sends login page with
Challenge
User Enters Credentials;Credentials are
submitted with Challenge and MD5 Encrypted
Server receives credentials, uses
challenge to compare the password with the MD5 password stored in the Bb5 database
![Page 11: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/11.jpg)
EUA Option: LDAP
Can configure to go against an external LDAP directory
Standard Bb Login Screen UsedMatches against the user id in the
Blackboard databaseSSL enabling Blackboard strongly
encouraged
![Page 12: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/12.jpg)
EUA Option:Webserver
Authenticates information based on the user passed via HTTP to the authentication module.
Checks for the existence of the “remote-user” variable.
User is reconciled with users already in the Bb Database (more on this later)
Windows—Automatically installs an ISAPI filter to add this information based on the Windows Domain (Windows Integrated)
UNIX—Add-ins for Apache are required
![Page 13: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/13.jpg)
EUA Option: Passport
Requires users to login using a Microsoft Passport
Functionally similar to Webserver auth
![Page 14: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/14.jpg)
User Reconciliation Options
User is received from external system
What to do if user is not found in system
In Release 6:– Webserver and
Passport
![Page 15: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/15.jpg)
Reconciliation Process
The Auth module receives the external credential– Windows Auth: Windows Domain/User ID
(e.g. DC/tjoyce)– Passport: PUID (Passport Unique ID)
The User Registry is searched for the external credential
If found, then the user is authenticated
![Page 16: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/16.jpg)
Reconciliation Process, Cont’d
If user is not found, depends on user_account setting:– Reconcile: Present the user with a form– Create: Create the user based on external ID– Deny: Do not authenticate the user
![Page 17: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/17.jpg)
User Option: Reconcile
User is presented with a screen and prompted to enter in Bb Credentials
MUST exist in the Blackboard database!The external user is associated with that
Blackboard user
![Page 18: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/18.jpg)
User Option: Create
User is automatically created in the Blackboard database based on the external credential– Webserver: webserver-user-xxxx– Passport: passport-user-xxxx
User or Admin can change personal info
![Page 19: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/19.jpg)
User Option: Deny
User not in User Registry = No access
![Page 20: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/20.jpg)
Reconciliation Option Pitfalls
Info is stored in the User RegistryNot accessible by Snapshot or UI.Non-Public methods exist to get the data
via the Java APIMay be addressed in 6.2
![Page 21: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/21.jpg)
EUA Option: Custom
Authentication APIJavaAPI is part of B2 programB2 Developers should use this for custom
authentication modules
![Page 22: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/22.jpg)
Authentication API (HttpAuthModule)
void init(ConfigurationService cfg) boolean isAuthenticated(HttpServletRequest request)
throws BbSecurityException; String doAuthenticate(HttpServletRequest request,
HttpServletResponse response) void doLogout(HttpServletRequest request,
HttpServletResponse response) void requestAuthenticate(HttpServletRequest request,
HttpServletResponse response) public String getAuthType(); public String[] getPropKeys(); public void setConfig( HttpAuthConfig config );
![Page 23: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/23.jpg)
API Details
void init(ConfigurationService cfg)– Called upon Tomcat initialization
public String getAuthType();– Must return a String (i.e., “customauth”)
public String[] getPropKeys();– Return an array of properties for this authentication– At a minimum, “impl” should be returned here to
specify the class name of the custom module
![Page 24: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/24.jpg)
API Details (cont’d)
public void setConfig( HttpAuthConfig config );– Handle to the configuration properties for the
autentication
void requestAuthenticate (HttpServletRequest request, HttpServletResponse response)– Called when Blackboard requires authentication– Can set this to a web page, login form, or do nothing.
![Page 25: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/25.jpg)
API Details (cont’d)
String doAuthenticate (HttpServletRequest request, HttpServletResponse response)– Does the implementation-specific work of
authenticating the user– Return the user id if successful, null if not (can
also throw a BbSecurityException)
![Page 26: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/26.jpg)
API Details (cont’d)
boolean isAuthenticated (HttpServletRequest request) throws BbSecurityException;– This is deprecated; can return true here
Caveat: As of 6.0.10, you MUST subclass BaseAuthenticationModule!– This has been identified as a bug and will
be fixed in a future release
![Page 27: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/27.jpg)
Authentication Configuration
2 Files:– bb-config.properties– authentication.properties
Run PushConfigUpdates after changing any values
Load Balanced Systems
![Page 28: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/28.jpg)
Config File: bb-config.properties
bbconfig.auth.type=– rdbms, ldap, webserver, passport, or “custom”
![Page 29: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/29.jpg)
Config File: authentication.properties
Entries in the form:– auth.type.<auth type>.<property
name>=<property value>
Example:– auth.type.rdbms.use_challenge=true– auth.type.ldap.error_fallback_to_bb=false
![Page 30: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/30.jpg)
Demo: Custom Auth
Code CustomAuthModule.java– Implement HttpAuthModule.java– MUST subclass BaseAuthenticationModule
(this is a bug)– Build jar, move jar to Tomcat lib/apps
(windows)– Edit authentication.properties, bb-
config.properties– Restart Tomcat
![Page 31: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/31.jpg)
Summary
Several Different Authentication Options are available for Release 6
B2 Developers can develop Custom Authentication modules
Numerous Possibilities exist for custom authentication modules (SSO, Kerberos, etc.)
![Page 32: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/32.jpg)
Q&A/Open Discussion
Tom Joyce, Product Manager, Platform, Architecture and Database
BBDN
![Page 33: Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649d6c5503460f94a4c8ac/html5/thumbnails/33.jpg)
Thank You
Demos to Follow >