+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 39
MIS Systems Thread, SIMS single sign on in Technical; Is any one using single sign on for SIMS. I'd like to get your opinions for and against please. Thanks...
  1. #1

    Join Date
    Aug 2005
    Location
    Birmingham
    Posts
    171
    Thank Post
    55
    Thanked 19 Times in 18 Posts
    Rep Power
    22

    SIMS single sign on

    Is any one using single sign on for SIMS. I'd like to get your opinions for and against please. Thanks

  2. #2

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,255
    Thank Post
    604
    Thanked 1,110 Times in 849 Posts
    Blog Entries
    15
    Rep Power
    488
    For. Convenience only.
    Against. Set up time. Lessened security. Don't do it.

  3. #3

    Join Date
    Jan 2014
    Location
    Isle Of Wight
    Posts
    86
    Thank Post
    96
    Thanked 8 Times in 8 Posts
    Rep Power
    3
    Yep, use it here, as mentioned above, convenience but certainly not good for security, you do need to drum it into staff to "Lock" their workstation when they are not in the classroom. Apparently you can tie it in to AD and still get them to login to SIMS with those details rather than letting it go straight in, that's what I'm trying to sort out now.

  4. #4

    Join Date
    Aug 2005
    Location
    Birmingham
    Posts
    171
    Thank Post
    55
    Thanked 19 Times in 18 Posts
    Rep Power
    22
    Quote Originally Posted by IWDave View Post
    Yep, use it here, as mentioned above, convenience but certainly not good for security, you do need to drum it into staff to "Lock" their workstation when they are not in the classroom. Apparently you can tie it in to AD and still get them to login to SIMS with those details rather than letting it go straight in, that's what I'm trying to sort out now.
    I'd prefer this way. Please post if you work it out.

  5. #5

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    3,123
    Thank Post
    381
    Thanked 390 Times in 315 Posts
    Blog Entries
    8
    Rep Power
    180
    Last time I worked in a school we had it on for about 6 months, then turned it off due to security issues.

    This is where I pushed for SAME Sign ON (SaSO) where passwords are the same as Windows, but if you leave your PC unlocked then you still need to know the password.

  6. #6
    Heebeejeebee's Avatar
    Join Date
    Nov 2006
    Location
    Intergalactic Cruise
    Posts
    1,059
    Thank Post
    69
    Thanked 79 Times in 62 Posts
    Rep Power
    36
    Quote Originally Posted by GREED View Post
    This is where I pushed for SAME Sign ON (SaSO) where passwords are the same as Windows, but if you leave your PC unlocked then you still need to know the password.
    Doesn't really help when they leave the PC open with SIMS already logged in though.

    If you go for it drum a security policy into them, make them re-sign the (amended) AUP again and set a (reasonable - not restrictive) screensaver timeout requiring a password.

    HBJB

  7. #7

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,450
    Thank Post
    369
    Thanked 650 Times in 531 Posts
    Rep Power
    160
    It doesn't "Lessened security". It adds a false layer of security.

    You're generally find the SIMS password is something unbelievably simple, never changes and normally located on a piece of paper in the laptop back, a post note stuck to the monitor or failing that, known by class.

    Windows Key + L is the only way to secure "SIMS" not to mention if your only "protecting" SIMS you've already failed.

    [/rant]

  8. #8

    Join Date
    Jan 2014
    Location
    Isle Of Wight
    Posts
    86
    Thank Post
    96
    Thanked 8 Times in 8 Posts
    Rep Power
    3
    Just opened a Case with Capita; they have said to modify the connect.ini to just connectiontype=trusted from connectiontype=trustedAuto, but this just lets them click OK and it carries on into SIMS; they're passing it on to see if I can get a login box that required their AD login; I don't fancy going back to separate SIMS username and passwords; that was our hold up when we pushed out Attendance in the Classroom years ago.

  9. #9

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    3,123
    Thank Post
    381
    Thanked 390 Times in 315 Posts
    Blog Entries
    8
    Rep Power
    180
    Quote Originally Posted by Heebeejeebee View Post
    Doesn't really help when they leave the PC open with SIMS already logged in though.

    If you go for it drum a security policy into them, make them re-sign the (amended) AUP again and set a (reasonable - not restrictive) screensaver timeout requiring a password.

    HBJB
    Not at all, and never meant to suggest it did. However it is one more layer of security than true SSO.

  10. #10

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,935
    Thank Post
    155
    Thanked 605 Times in 544 Posts
    Rep Power
    160
    Hmmm - how about a small .NET program that the SIMS shortcut points to - this then asks for the user's AD credentials (obviously their AD and SIMS usernames would need to be the same) then if they check out it loads SIMS, using connectiontype=trustedauto

    Not mega secure (e.g. if you create a new shortcut on the desktop and point it to Pulsar it'll still load) - but if you have redirected Start Menus then swapping out should cover most bases.

    In fact - we'll try this and report back.

  11. Thanks to 3s-gtech from:

    vikpaw (12th February 2014)

  12. #11

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,817
    Thank Post
    731
    Thanked 1,447 Times in 1,200 Posts
    Rep Power
    361
    Quote Originally Posted by 3s-gtech View Post
    Hmmm - how about a small .NET program that the SIMS shortcut points to - this then asks for the user's AD credentials (obviously their AD and SIMS usernames would need to be the same) then if they check out it loads SIMS, using connectiontype=trustedauto

    Not mega secure (e.g. if you create a new shortcut on the desktop and point it to Pulsar it'll still load) - but if you have redirected Start Menus then swapping out should cover most bases.

    In fact - we'll try this and report back.
    Great idea and much quicker than getting SIMS to use SaSO.

    We use Trusted in our central connect.ini but it's only configured for admin and management as they use the same PCs and have physical security. Plus i can go anywhere and still login with backup credentials for troubleshooting, so no need to log off or switch user.

    The real benefit of linking to AD is you have more control over complexity and renewal, plus it's one less thing for them to remember.

    It's all useless unless you can drill in best practise like locking the PC though.

    We're looking at upping the game on password policy, and although complexity is a big deal these days, it's far easier for users and more beneficial to have a longer password. They'll remember it and won't write it down -> xkcd: Password Strength

  13. #12

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,935
    Thank Post
    155
    Thanked 605 Times in 544 Posts
    Rep Power
    160
    Riiiiiiiiiiiiiight. For some unknown reason, SIMS pulls the domain\username from the logged on session as the SIMS username (specifically so) meaning that it's looking for usernames that can't exist in our scenario. Can't think of any way round it at present. It may work fine if you have a single domain though, but that is not the case for us.

    Edit: found the threads on EG about changing SIMS usernames to domain\user, our little program then works nicely. We'll have to go through and change every teacher username, then push out updated connect.ini files, but that's easy enough.
    Last edited by 3s-gtech; 13th February 2014 at 12:07 PM.

  14. #13

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,817
    Thank Post
    731
    Thanked 1,447 Times in 1,200 Posts
    Rep Power
    361
    When you configure users in system manager you have a dropdown for domain, is it available there? The server would need to be able to see both domains. Not sure if the client needs to, but presumably the domain they are on, is the right one for access.

  15. #14

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,935
    Thank Post
    155
    Thanked 605 Times in 544 Posts
    Rep Power
    160
    Yeah just played around and sorted it, see above post.

  16. #15
    SovietRussia's Avatar
    Join Date
    Mar 2013
    Location
    Powys, Wales
    Posts
    687
    Thank Post
    76
    Thanked 157 Times in 122 Posts
    Rep Power
    49
    So, as @3s-tech mentioned, we were going to test it and get back to you.

    Whipped up a small EXE which does a LDAP Bind to verify your credentials are correct, if they are then passes you onto Pulsar, which you should have set your connect.ini to "connectiontype=trustedauto" (You can use trustedauto without this, but you get signed in automatically, for extra security - placing this EXE over the top will ensure that a password is inputted AND the user is verified to AD)

    SIMSLauncher.png

    It can be configured using a XML config file included in the directory with things like Domain, Pulsar Location, School Name etc

    I will release it soon after some more testing.

    (Feedback on the design would also be helpful)
    Last edited by SovietRussia; 13th February 2014 at 12:14 PM.

  17. 2 Thanks to SovietRussia:

    jcs808 (13th February 2014), vikpaw (13th February 2014)



SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Moodle - Single Sign on
    By ceebster in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 18th June 2014, 12:28 PM
  2. Single Sign on software
    By localzuk in forum General Chat
    Replies: 36
    Last Post: 17th July 2008, 11:25 AM
  3. Moodle Single Sign On with CMS
    By monkeyx in forum Virtual Learning Platforms
    Replies: 0
    Last Post: 26th November 2007, 09:39 AM
  4. ePortal and CC3 Single Sign On
    By budgester in forum MIS Systems
    Replies: 3
    Last Post: 21st June 2007, 11:26 AM
  5. CMIS ePortal Single Sign-on
    By markberry in forum MIS Systems
    Replies: 12
    Last Post: 27th March 2007, 12:27 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •