paper -
2 Single Sign On (SSO) project at the University of Missouri
Joseph
Heck, University of Missouri - Columbia
The SSO project at the University of Missouri -
Columbia is an effort underway to provide a single, centrally administered
account userid and password for use on centrally providing computing and
information systems. The paper is specifically on the technical and
administrative challenges involved with creating a single userid across our
four campus system, the solutions we have implemented to overcome these
challenges, and our future directions. We have built and are continuing to
improve on a system, primarily driven institutional data, that encompasses the
four major authentication methods used in desktop and server computing
environments: NT, NDS, Kerberos, and Unix. We utilize the secure connection and
authentication technology provided with Kerberos version 5 from MIT known as
the GSS API, and have custom developed an application interface to allow us to
make the inevitable changes to tweak the systems where campus needs don't
perfectly match with administrative and academic data.
We have built this system using commodity hardware and open source software to choose the pieces that best fit our needs and are capable of being replaced in a modular fashion or upgraded as we grow with the system. The application interface is delivered using Java servlets on the apache web server with SSL as an application engine to data stored in multiple instances of Oracle databases. We take advantage of the scaling properties of the Apache JSERV project, as well as persistent database connections to maintain efficient use of resources. The authentication technology driving the system is based on Kerberos5 with web server authentication provided by University of Michigan's MERIT's radius server.