Versions Compared

Old Version 5

changes.mady.by.user Greg Vogl (colostate.edu)

Saved on

compared with

New Version 6

changes.mady.by.user Greg Vogl (colostate.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • CSU eID (electronic identity) is a locally-developed system that currently manages identities of most Fort Collins internal identities, including members and affiliates.
    • Data comes from two sources:
      • The Human Resources Management System (HRMS) contains faculty, staff and affiliate data in Oracle HR. (Data is retrieved through the CSU Operational Data Store (ODS).)
      • Banner is the Student Information System which contains instructor, student, course, and enrollment data in Oracle.
    • Data is stored in a SQL Server database
    • Data is accessed via an ASP.NET/C# web application.
  • COmanage currently stores both internal and external identities.
  • The CSU Patron Registry is a locally-developed system that currently manages library patrons who are community members but not CSU members.
    • Alma is the library catalog, which also stores and manages patron accounts.
    • Primo is a website to search the library catalog, request, borrow and renew books and materials, pay fines and fees.
    • Library patrons can also log in with their patron ID to use library computers and printers.
  • MidPoint is expected to replace eID, the Patron Registry, and COmanage to store internal identities for members and affiliates of all three campuses in 2019 or 2020.
  • Shibboleth is used for single sign-on to log in to CSU systems using CSU eID.
  • The Cirrus Identity Social-SAML Gateway is used by external users to log in to CSU systems using their social accounts (Google, Microsoft and/or Facebook).
  • Active Directory and OpenLDAP are LDAP implementations used for authentication and storing local credentials and group memberships.
  • Grouper is increasingly used by CSU applications for authorization and distributed group management.
  • Microsoft Azure Service Bus and RabbitMQ are cloud-based message queue systems used in COmanage, Grouper and LDAP provisioning.
  • Visual Cron is process scheduling software that is run on Windows Server.

CSU Invitation Management System

...

  1. A CSU member uses a CSU application to request that an an external person be granted access to a CSU application.
  2. The CSU application sends a message to the message queue.
  3. A console application processes each message in the message queue. It validates the message data, creates an invitation in the database, and sends an invitation email to the external person.
  4. The external person reviews the invitation email and clicks the invitation link.
  5. A web page prompts the external person to log in using either their CSU eID or their social account.
  6. A web page displays a brief summary of the invitation (requester, invitee, application, and status).
  7. The external person checks a box accepting the terms of use, and clicks a button to accept the invitation.
  8. The application stores the acceptance in the database, checks for an existing record, creates or updates a COmanage account, creates or updates an LDAP record, and displays a link to the application.
  9. The external person clicks the link to the application and logs in (if not already logged in).

Architecture

  • The Invitations message listener processes and validates message queue requests, creates invitations, and sends invitations via email. It is a C# console application.
  • The Invitations website displays and accepts  can create, display, and accept user invitations, and allows application and Middleware admins to view and manage the invitations, requesters, invitees and applications for which they are authorized. It is an ASP.NET/C# web application.The Invitations C# console application processes and validates message queue requests, creates invitations, and sends invitations via email.
  • The Invitations database is a SQL Server database which stores information about invitations, requesters, invitees, and applications.
  • Visual Cron is used to run the message listener every minute.
  • The Microsoft Azure Service Bus is used to receive, queue and dequeue messages containing invitation requests.
  • Shibboleth and the Cirrus Social-SAML Gateway allow users to sign in using their CSU or non-CSU credentials.
  • COmanage and OpenLDAP store data about the external person, including names, CSU and non-CSU identifiers and email addresses, and groups.
  • Grouper contains a group of admins for each CSU application using the invitation system, and a group listing Middleware admins of those groups.

...