(4/13/2004 – DW)
UCFY and YBO provide current employees and annuitants access to various personalized services related to compensation and benefits over the Internet. YBO also provides services via a telephone interface. UCFY is written in Java, and YBO is written in Edify. It is a general direction of the YBO application, however, to move to a Java platform, as the need for access via telephones diminishes.
Despite the differences in their technology bases, these applications have been tailored to provide a relatively seamless user experience as people navigate through their services. In particular, they have a mechanism for exchanging the UCnetID of the current user. People log into either of these applications by providing their SSN and a PIN.
In order to avoid duplication of effort and to
capitalize on greater in-house expertise, we will implement a
Shibboleth target only in UCFY. The following diagram shows the
general structure:
A new entry point (i.e., URL) to UCFY will be defined for UCFY's Apache web server that will invoke Internet2's Shibboleth target module. When entered in this manner, UCFY will invoke an instance of the Java Authentication and Authorization Service (JAAS) that retrieves UCnetID from the Apache module, rather than prompting for SSN and PIN from the user. If the user navigates to a YBO service, the existing bridging of UCnetIDs will preserve the existing user experience.
The following tasks will be completed as part of the federated authentication project:
The use of JAAS is not absolutely necessary for this project, but we decided to include it in the project's scope, as it will greatly facilitate the use of Shibboleth in future applications.