1 / 4

Qaforum Security Structure

Qaforum Security Structure. What’s SSO.

Download Presentation

Qaforum Security Structure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Qaforum Security Structure

  2. What’s SSO • Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where he has access permission, without the need to enter multiple passwords. Single sign-on reduces human error. • Qaforum adopt CAS (Central Authentication Service) from Jasig project as sso. It’s an open source project at http://www.jasig.org/cas/

  3. SSO workflow

  4. Security measure • Use https for login process • Before submit to login, system will encrypt the username/password with RSA algorithm • 3 types users, users in db, users in silvercompldap, users in ciscoad. For users in db, their password is encrypted by md5 algorithm. For other two types, we do not keep the password in db, query the ldap/ad directly. • Cookie does not keep any information of users. If user want to use Remember Me feature, only one cookie is kept in user’s browser, which contains the ticket composed by uid. (TGT-114-gqP60KOfeGkxJuK4VAvkEpDviqFGX6lsPWZn7pAXUPKXYZXT2q-qaforum.webex.com)

More Related