\documentclass[12pt]{kuthesis}
\title{Design and Implementation of a Single Sign-on Solution}
\author{Kevin L. Helpingstine}
\department{Computer Science}
\sponsor{Mika Systems, Inc}
\gdate{June 10, 2006}

\begin{document}
\maketitle
\begin{preface}
\begin{doublespace}
	This thesis represents the capstone of my five years combined academic 
work at Kettering University and job experience at Mika Systems, Inc.
Academic experience in Computer Science, proved to be valuable assets 
while I developed this thesis and addressed the problem it concerns.
Although this thesis represents the compilation of my own efforts, I 
would like to acknowledge and extend my sincere gratitude to the 
following persons for their valuable time and assistance, without whom 
the completion of this thesis would not have been possible:
\end{doublespace}
\end{preface}


\singlespacing
\tableofcontents
\listofillustrations

\begincontent

\chapter{INTRODUCTION}
\section{Problem Topic}
As Sallie Mae Home Loans grows as a company, their computer networks
must also expand to meet the needs of their employees and customers.  
Their recent rapid growth has led to requiring several different 
usernames and passwords from each user.  This increase in complexity
has caused a general decrease in productivity among the information
technology staff and the loan officers they provide service to.

\section{Background}
Within the past year, Sallie Mae Home Loans (SMHL) acquired offices in
both Arizona, and Massachusetts greatly expanding the number of loan 
officers who needed access to their applications.  This increased the 
amount of services that the information technology group needed to 
provide as well as the technical support load.  Unfortunately, not all
computer systems are designed to easily interoperate.  Integrating 
the authentication of these disparate applications with one central 
database presented a great challenge for SMHL's IT staff so they 
requested that Mika Systems design a single sign-on solution for their
network.

\section{Criteria and Parameter Restrictions}
In order for the project to be considered a technical success users must
be able to log in to their workstation with a SecurID keyfob and
automatically be able to access multiple computer systems and applications.
Specifically, they must be able to access the corporate Contact 
Resource Management (CRM) application, Microsoft Windows data shares, and
Open-Xchange Groupware.  Secondly, the administration of the system must
be centralized and easy to maintain.  Finally, a preferred solution would 
only duplicate a user's data in a minimum of locations, or in one central
Oracle database.

\section{Methodology}
The process used for the development of this software borrows heavily 
from the Waterfall Model of software engineering.  The steps of this 
model are: 
\begin{enumerate}
\item Requirements
\item Specification
\item Planning
\item Design
\item Implementation
\item Integration 
\item Maintenance
\end{enumerate}
The preceding seven steps are divided into four stages.  The first 
stage, "Analysis," encompasses the gathering of requirements and 
creation of a simple specification by the software engineer.  A number of
possible solutions will be considered in this stage and the software 
engineer will discuss the options with the customer to determine the best
option to pursue.  The second stage, "Design," contains the next two steps,
planning and design, in the waterfall model.  In the design stage, the 
software engineer takes the specification created in the analysis stage and 
creates a methodology to solve the problem.  Next the third stage, 
"Implementation," contains the implementation and integration.  One very 
important part of this stage is continuous testing of code and software.  
Finally, the code is placed into the last stage, maintenance.  Maintenance 
is generally for solving any problems that might occur during the life of the 
solution, such as hardware upgrades related software upgrades, or regulatory
changes.  

The waterfall model and the four stages are not monolithic and will almost 
always be deviated from in some way.  A developer may have to revisit the 
design and planning stages at any time during the development cycle.  For 
example, problems might arise in the implementation stage that cannot be 
solved in a cost efficient way and a revision to the design may need 
necessary.  This pattern also tends to restart when new features are requested.
    
\section{Primary Purpose}
This thesis presents the results of investigating potential single sign-on solutions.  
\section{Overview}
Chapter II contains an analysis of the requirements devised by MIKA Systems,
Sallie Mae Home Loans, and the author.  Next, Chapter III contains design and 
related information for the project.  Chapter IV discusses the implementation,
 testing, and integration of the final solution.  Finally, Chapter V contains 
conclusions, recommendations and possible future developments.   

\chapter{REQUIREMENTS AND ANALYSIS}
\section{Overview}
The following section begins with the primary requirements of the solution.
The problems encountered in the requirements phase are also discussed.
\section{Features}
Sallie Mae Home Loans most important request for the single sign-on is for the
system to be easily maintainable.  This means primarily that there be a 
minimum number of steps required for management of users and computers.  
Currently, their entire user database is stored in Microsoft Active Directory 
(AD) and authentication is handled by RSA Ace Server (ACE).  Users are created 
in AD and regularly synchronized with ACE.  Unfortunately, this only allows for
users to log into the Microsoft Windows network and not to applications such as
their CRM or email. 

A key feature required of SMHL's single sign-on solution is the ease of 
maintenence of access lists.  This is the most important feature to the 
customer.  Currently they maintain no less than four user databases on 
different servers running different operating systems.  The single sign-on 
will replace these four separate databases with only the Windows Active 
Directory ideally.  Microsoft provides great GUI tools for administration of
user accounts and permissions so it is used for the primary user database.  
\section{Problems Encountered}

\chapter{DESIGN AND SPECIFICATION}
\section{Overview}
This chapter details the design of the single sign-on system.  A detailed description
of the architecture of Sallie Mae's network is discussed first, followed by an 
explanation of the processes triggered by the single sign-on.

\chapter{IMPLEMENTATION, INTEGRATION, AND TESTING}
\section{Overview}

\chapter{CONCLUSIONS AND RECOMMENDATIONS}
\section{Conclusions}
The system met all of the criteria set forth in Chapter 1.  Every user who has
been issued a SecurID keyfob is able to log into their local workstation and 
access multiple servers and applications.  The intranet and CRM applications are
integrated into the system along with Open-Xchange.  User administration is 
performed through the central Microsoft and RSA utilities which already were in 
use, reducing necessary system administration time.  Unfortunately due to more 
control of the SMHL Information Technology department being taken over by 
Sallie May directly the single sign-on was placed on an indefinate hold before
 on site beta testing could begin.  

\section{RECOMMENDATIONS}
\section{Future Development}
Due to the lack of on site beta testing the number of recomendations for future
development are limited to observations of the author during development and 
alpha testing.  If beta testing is ever allowed some of these suggestions may be
considered.

In the interest of keeping the system as simple as possible for initial testing
more advanced features of the Kerberos V authentication protocol were not utilized.
Some of these features like ticket delegation would allow for finer grained access
control in SMHL's custom applications.  This would be a very deirable feature and 
potentially could potentially improve the security and flexability of all of the 
target networked applications. 

Another potential expansion of the project which the management at SMHL expressed 
interest was with biometrics.  Replacing or supplimenting the SecurID keyfob with
a fingerprint scanner in order to further reduce the 

\end{document}