Srs sso-version-1.2-stable version
Transcript of Srs sso-version-1.2-stable version
Single Sign On/Federation via AD FS/WIF/SAML Software Requirements Specification
Group Id: F1202FBFA8 (MC110403218)
Supervisor Name: Sarfraz Ahmad Awan ([email protected])
Revision HistoryDate Version Description Author
11/2/1012 1.0 Initial Draft for all the basic elements of SRS document
MC110403218
11/5/2012 1.1 Added scope for project and
Refined use cases.
MC110403218
11/5/2012 1.2 Labeled as version 1.2 send to Sarfraz Ahmad Awan as assignment no 1
MC110403218
Contents1 Overview............................................................................................................................4
1.1 Introduction.................................................................................................................4
1.2 Competitor solution.....................................................................................................4
1.3 Implementation technologies.......................................................................................4
2 Scope..................................................................................................................................5
2.1 Architecture Scope Options.........................................................................................5
2.1.1 Implementation via Federation Server for SSO...................................................5
2.1.2 Development of STS Service for SSO.................................................................5
2.1.3 Identity Providers to cover for SSO.....................................................................5
2.1.4 Service Providers to cover for SSO.....................................................................5
2.1.5 OS scope for SSO.................................................................................................5
2.1.6 SAML Implementation Scope..............................................................................5
3 Software Requirement........................................................................................................5
3.1 Functional Software Requirement...............................................................................5
3.1.1 Transparent SSO..................................................................................................5
3.1.2 Source and destination.........................................................................................6
3.1.3 Administrator Console.........................................................................................6
3.2 Non-Functional Software Requirement.......................................................................6
3.2.1 Performance Requirements..................................................................................6
3.2.2 Security Requirements.........................................................................................6
4 User Case Diagram............................................................................................................6
5 Use case Explanation.........................................................................................................7
5.1 Use Case Id 00001.......................................................................................................7
5.2 Use Case Id 00002.......................................................................................................8
5.3 Use Case Id 00003.......................................................................................................9
1 Overview
1.1 IntroductionSingle Sign On (SSO) (also known as Enterprise Single Sign On or "ESSO") is the ability for a user to enter the same id and password to logon to multiple applications within an enterprise. As passwords are the least secure authentication mechanism, single sign on has now become known as reduced sign on (RSO) since more than one type of authentication mechanism is used according to enterprise risk models.
1.2 Competitor solutionFor details, please visit:http://en.wikipedia.org/wiki/List_of_single_sign-on_implementations
1.3 Implementation technologiesMicrosoft .Net Framework / C#WIF http://en.wikipedia.org/wiki/Windows_Identity_FoundationSAML http://en.wikipedia.org/wiki/SAML_2.0WS-Trust http://en.wikipedia.org/wiki/WS-Trust
WS-Security http://en.wikipedia.org/wiki/WS-Security
2 Scope
2.1 Architecture Scope Options
2.1.1 Implementation via Federation Server for SSOFederation server can be implemented to handle federation mechanism for SSO.It would be best laid architecture. But can be out of scope for current course. A POC will be done to make sure that the current scope is properly under stood.Scope can be dependent on design phase of the project.
2.1.2 Development of STS Service for SSOAD FS will act as STS Service. Scope for AD FS can be dependent on design phase of the project.
2.1.3 Identity Providers to cover for SSOCurrently Active directory is primary scope as Identity provider.
2.1.4 Service Providers to cover for SSOASP .Net business applications like HR application will act as service provider for current implementation.
2.1.5 OS scope for SSOCurrent project will only cover Windows Server 2012 as testing and development environment for Server operating system.
Current project will only cover Windows 8 as testing and development environment for client operation system.
2.1.6 SAML Implementation ScopeWindows Identity Foundation have SAML 2.0 implementation as extension as explained in
http://connect.microsoft.com/site1168/Downloads/DownloadDetails.aspx?DownloadID=36088
This will be current scope of SAML 2.0 implementation.
3 Software Requirement
3.1 Functional Software Requirement
3.1.1 Transparent SSOFor end user there should not be any visual indicator that user is moving from one application to another. Means for end user it should be transparent SSO.
3.1.2 Source and destination Source and destination Provider should be configurable.
3.1.3 Administrator Console There should not be any hard coding for entities evolved in solution like Identity provider or
Service Provider. STS Service should not be hard coded; there must an interface to change URL for STS
Service. Service accounts for solution must be configurable via UI interface.
3.2 Non-Functional Software Requirement
3.2.1 Performance RequirementsSSO must be performed with no delays. Robust redirection should be provided from source to destination.
3.2.2 Security Requirements
The security requirements to be met by an implementation of SSO are:
SSO shall not adversely affect the resilience of the system within which it is deployed. SSO shall not adversely impact the availability of any individual system service. An SSO implementation shall audit all security relevant events which occur within the context of the
XSSO. An SSO implementation shall protect all security relevant information supplied to or generated by the
XSSO implementation such that other services may adequately trust the integrity and origin of all security information provided to them as part of a secondary sign-on operation.
The SSO shall provide protection to security relevant information when exchanged between its own constituent components and between those components and other services.
4 User Case Diagram
5 Use case ExplanationExplanation for only primary use cases (Those mainly used by actors) is written below.
5.1 Use Case Id 00001
Use Case Title Configure SSO Provider
Abbreviated Title C_SSO_Provider
Use Case Id 00001
Requirement Id 3.1.2 , 3.1.3
Description:
It is administrative task and will be performed by SSO Admin
Pre Conditions: Solution is properly installed. STS Service is already installed.
Task Sequence Exceptions
1. Open MMC for SSO
2. Identify the Source or destination - type of provider to configure.
3. Provide configuration like URL or other related info. Some provider might
not have URL
4. Provide Service account info for configuration like user name and
password
Some provider might
give anonymous
access.
.
Post Conditions: Provider is tested and returns positive response to SSO admin.
Unresolved issues:
Authority: Shahzad Sarwar
Modification history: Initial Draft
Author: Shahzad Sarwar
Description: Needs review by Course Supervisor : Sarfraz Ahmad Awan
5.2 Use Case Id 00002
Use Case Title Configure Identity Privder
Abbreviated Title C_I_Privder
Use Case Id 00002
Requirement Id 3.1.2 , 3.1.3
Description:
It is administrative task and will be performed by SSO Admin
Pre Conditions:
Solution is properly installed.
STS Service is already installed.
Identify Provider is reachable.
Task Sequence Exceptions
1. Open MMC for SSO
2. Provide Identity configuration like URL , domain name or other related
info.
Some provider might
not have URL or
domain name
3. Provide configuration like URL or other related info. Some provider might
not have URL
Post Conditions: Identity Provider is tested and returns positive response to SSO admin.
Unresolved issues:
Authority: Shahzad Sarwar
Modification history: Initial Draft
Author: Shahzad Sarwar
Description: Needs review by Course Supervisor : Sarfraz Ahmad Awan
5.3 Use Case Id 00003
Use Case Title Perform action for SSO
Abbreviated Title P_A_F_SSO
Use Case Id 00003
Requirement Id 3.1.1
Description:
User will be redirected from source application to source application.
Pre Conditions:
Solution is properly installed.
STS Service is already installed.
Identify Provider is configured.
Source Provider is configured.
Destination Provider is configured.
Task Sequence Exceptions
1. Open application for source.
2. Open application for destination.
3. Perform redirection action, that will redirect from source to destination.
Post Conditions: Transparent redirection is performed from source to destination.
Unresolved issues:
Authority: Shahzad Sarwar
Modification history: Initial Draft
Author: Shahzad Sarwar
Description: Needs review by Course Supervisor : Sarfraz Ahmad Awan