AutoSignon - A Reference
Implementation of a Secure Single
Sign-On Blackboard Building Block
TM
Richesh Ruchir, Technical Manager
richesh.ruchir@blackboard.com
A Reference Implementation of a
Secure Single Signon Blackboard
Building Block™
• Introduction
• Single Sign-On
• Blackboard Authentication Framework
®
• Introduction to AutoSignon
• Implementation Details
• Demo Application
• Open Source Project
• Q&A
Single Sign-On
• Identity management is an emerging challenge at
many institutions
• Existing institutional solutions
– CAS, Shibboleth
• Industry standards tackling authentication /
authorization
– OpenID, Basic Learning Tools Interoperability/LTI
• Not all institutions are prepared to invest in complex
solutions
• Smaller institutions may not have a need
Blackboard Authentication Framework
®
• LDAP
• Internal database
• Custom authentication mechanism
– Built by clients and by Blackboard Consulting
Services(sm)
– Support for CAS, Shibboleth, and others
Introduction to AutoSignon
• Allows users who are authenticated by a trusted
system to access the Blackboard platform without
needing to log in again (Inbound SSO)
• Based on the WebCT CE/Vista Automatic Signon
Protocol
• Uses a MAC (Message Authentication Code)
generated by request parameters and shared
secret to validate incoming SSO requests before
processing
AutoSignon Workflow
Implementation Details
Implementation Details (Contd.)
Admin Settings
Demo Application
• Reference implementation application
Open Source Project
• Available at
http://projects.oscelot.org/gf/project/autosignon/
Q & As
?
Please provide feedback for this session by emailing
DevConFeedback@blackboard.com.
The subject of the email should be title of this
session:
AutoSignon - A Reference Implementation of a Secure
Single Sign-On Blackboard Building Block
TM