+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 39
MIS Systems Thread, SIMS single sign on in Technical; Is any one using single sign on for SIMS. I'd like to get your opinions for and against please. Thanks...
  1. #1

    Join Date
    Aug 2005
    Location
    Birmingham
    Posts
    167
    Thank Post
    54
    Thanked 17 Times in 16 Posts
    Rep Power
    20

    SIMS single sign on

    Is any one using single sign on for SIMS. I'd like to get your opinions for and against please. Thanks

  2. #2

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,841
    Thank Post
    569
    Thanked 994 Times in 766 Posts
    Blog Entries
    15
    Rep Power
    460
    For. Convenience only.
    Against. Set up time. Lessened security. Don't do it.

  3. #3

    Join Date
    Jan 2014
    Location
    Isle Of Wight
    Posts
    81
    Thank Post
    85
    Thanked 7 Times in 7 Posts
    Rep Power
    2
    Yep, use it here, as mentioned above, convenience but certainly not good for security, you do need to drum it into staff to "Lock" their workstation when they are not in the classroom. Apparently you can tie it in to AD and still get them to login to SIMS with those details rather than letting it go straight in, that's what I'm trying to sort out now.

  4. #4

    Join Date
    Aug 2005
    Location
    Birmingham
    Posts
    167
    Thank Post
    54
    Thanked 17 Times in 16 Posts
    Rep Power
    20
    Quote Originally Posted by IWDave View Post
    Yep, use it here, as mentioned above, convenience but certainly not good for security, you do need to drum it into staff to "Lock" their workstation when they are not in the classroom. Apparently you can tie it in to AD and still get them to login to SIMS with those details rather than letting it go straight in, that's what I'm trying to sort out now.
    I'd prefer this way. Please post if you work it out.

  5. #5

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    2,938
    Thank Post
    361
    Thanked 354 Times in 290 Posts
    Blog Entries
    8
    Rep Power
    172
    Last time I worked in a school we had it on for about 6 months, then turned it off due to security issues.

    This is where I pushed for SAME Sign ON (SaSO) where passwords are the same as Windows, but if you leave your PC unlocked then you still need to know the password.

  6. #6
    Heebeejeebee's Avatar
    Join Date
    Nov 2006
    Location
    Intergalactic Cruise
    Posts
    1,043
    Thank Post
    68
    Thanked 75 Times in 59 Posts
    Rep Power
    34
    Quote Originally Posted by GREED View Post
    This is where I pushed for SAME Sign ON (SaSO) where passwords are the same as Windows, but if you leave your PC unlocked then you still need to know the password.
    Doesn't really help when they leave the PC open with SIMS already logged in though.

    If you go for it drum a security policy into them, make them re-sign the (amended) AUP again and set a (reasonable - not restrictive) screensaver timeout requiring a password.

    HBJB

  7. #7

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,342
    Thank Post
    367
    Thanked 624 Times in 509 Posts
    Rep Power
    156
    It doesn't "Lessened security". It adds a false layer of security.

    You're generally find the SIMS password is something unbelievably simple, never changes and normally located on a piece of paper in the laptop back, a post note stuck to the monitor or failing that, known by class.

    Windows Key + L is the only way to secure "SIMS" not to mention if your only "protecting" SIMS you've already failed.

    [/rant]

  8. #8

    Join Date
    Jan 2014
    Location
    Isle Of Wight
    Posts
    81
    Thank Post
    85
    Thanked 7 Times in 7 Posts
    Rep Power
    2
    Just opened a Case with Capita; they have said to modify the connect.ini to just connectiontype=trusted from connectiontype=trustedAuto, but this just lets them click OK and it carries on into SIMS; they're passing it on to see if I can get a login box that required their AD login; I don't fancy going back to separate SIMS username and passwords; that was our hold up when we pushed out Attendance in the Classroom years ago.

  9. #9

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    2,938
    Thank Post
    361
    Thanked 354 Times in 290 Posts
    Blog Entries
    8
    Rep Power
    172
    Quote Originally Posted by Heebeejeebee View Post
    Doesn't really help when they leave the PC open with SIMS already logged in though.

    If you go for it drum a security policy into them, make them re-sign the (amended) AUP again and set a (reasonable - not restrictive) screensaver timeout requiring a password.

    HBJB
    Not at all, and never meant to suggest it did. However it is one more layer of security than true SSO.

  10. #10

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,698
    Thank Post
    143
    Thanked 542 Times in 486 Posts
    Rep Power
    148
    Hmmm - how about a small .NET program that the SIMS shortcut points to - this then asks for the user's AD credentials (obviously their AD and SIMS usernames would need to be the same) then if they check out it loads SIMS, using connectiontype=trustedauto

    Not mega secure (e.g. if you create a new shortcut on the desktop and point it to Pulsar it'll still load) - but if you have redirected Start Menus then swapping out should cover most bases.

    In fact - we'll try this and report back.

  11. Thanks to 3s-gtech from:

    vikpaw (12th February 2014)

  12. #11

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,843
    Thank Post
    671
    Thanked 1,381 Times in 1,143 Posts
    Rep Power
    349
    Quote Originally Posted by 3s-gtech View Post
    Hmmm - how about a small .NET program that the SIMS shortcut points to - this then asks for the user's AD credentials (obviously their AD and SIMS usernames would need to be the same) then if they check out it loads SIMS, using connectiontype=trustedauto

    Not mega secure (e.g. if you create a new shortcut on the desktop and point it to Pulsar it'll still load) - but if you have redirected Start Menus then swapping out should cover most bases.

    In fact - we'll try this and report back.
    Great idea and much quicker than getting SIMS to use SaSO.

    We use Trusted in our central connect.ini but it's only configured for admin and management as they use the same PCs and have physical security. Plus i can go anywhere and still login with backup credentials for troubleshooting, so no need to log off or switch user.

    The real benefit of linking to AD is you have more control over complexity and renewal, plus it's one less thing for them to remember.

    It's all useless unless you can drill in best practise like locking the PC though.

    We're looking at upping the game on password policy, and although complexity is a big deal these days, it's far easier for users and more beneficial to have a longer password. They'll remember it and won't write it down -> xkcd: Password Strength

  13. #12

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,698
    Thank Post
    143
    Thanked 542 Times in 486 Posts
    Rep Power
    148
    Riiiiiiiiiiiiiight. For some unknown reason, SIMS pulls the domain\username from the logged on session as the SIMS username (specifically so) meaning that it's looking for usernames that can't exist in our scenario. Can't think of any way round it at present. It may work fine if you have a single domain though, but that is not the case for us.

    Edit: found the threads on EG about changing SIMS usernames to domain\user, our little program then works nicely. We'll have to go through and change every teacher username, then push out updated connect.ini files, but that's easy enough.
    Last edited by 3s-gtech; 13th February 2014 at 11:07 AM.

  14. #13

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,843
    Thank Post
    671
    Thanked 1,381 Times in 1,143 Posts
    Rep Power
    349
    When you configure users in system manager you have a dropdown for domain, is it available there? The server would need to be able to see both domains. Not sure if the client needs to, but presumably the domain they are on, is the right one for access.

  15. #14

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,698
    Thank Post
    143
    Thanked 542 Times in 486 Posts
    Rep Power
    148
    Yeah just played around and sorted it, see above post.

  16. #15
    SovietRussia's Avatar
    Join Date
    Mar 2013
    Location
    Powys, Wales
    Posts
    605
    Thank Post
    65
    Thanked 130 Times in 101 Posts
    Rep Power
    43
    So, as @3s-tech mentioned, we were going to test it and get back to you.

    Whipped up a small EXE which does a LDAP Bind to verify your credentials are correct, if they are then passes you onto Pulsar, which you should have set your connect.ini to "connectiontype=trustedauto" (You can use trustedauto without this, but you get signed in automatically, for extra security - placing this EXE over the top will ensure that a password is inputted AND the user is verified to AD)

    SIMSLauncher.png

    It can be configured using a XML config file included in the directory with things like Domain, Pulsar Location, School Name etc

    I will release it soon after some more testing.

    (Feedback on the design would also be helpful)
    Last edited by SovietRussia; 13th February 2014 at 11:14 AM.

  17. 2 Thanks to SovietRussia:

    jcs808 (13th February 2014), vikpaw (13th February 2014)

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Moodle - Single Sign on
    By ceebster in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 18th June 2014, 11:28 AM
  2. Single Sign on software
    By localzuk in forum General Chat
    Replies: 36
    Last Post: 17th July 2008, 10:25 AM
  3. Moodle Single Sign On with CMS
    By monkeyx in forum Virtual Learning Platforms
    Replies: 0
    Last Post: 26th November 2007, 08:39 AM
  4. ePortal and CC3 Single Sign On
    By budgester in forum MIS Systems
    Replies: 3
    Last Post: 21st June 2007, 10:26 AM
  5. CMIS ePortal Single Sign-on
    By markberry in forum MIS Systems
    Replies: 12
    Last Post: 26th March 2007, 11:27 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •