ActioNet is a federal government contractor responsible for the development and maintenance of
the US Department of Energy's PARS2 web site. PARS2 leverages Microsoft SharePoint to manage documents and deliver web content to PARS2 users, some of whom are DOE employees and many of whom work with affiliates organizations outside the DOE.
June to November 2016
DOE and ActioNet had recently adopted BIRST, an enterprise business intelligence platform, for the purpose of creating and delivering reports. ActioNet was seeking a secure solution that would allow BIRST users to leverage their login to the PARS2 web site, requiring only a single identity and login for each user and enforcing the same security standards including multi-factor authentication, security policy acceptance, and password expiration reminders.
If a new authentication scheme were required, there was a strong possibility was that a separate A&A review would be required, greatly increasing costs and time to implement.
Like many products today, BIRST supports many kinds of authentication. By default, BIRST maintains its own database of users and passwords. However, it also supports the SAML authentication standard. Beowulf Identity Server also supports SAML authentication. Through configuration of the existing identity solution in place for SharePoint, we were successfully able to extend our identity solution to incorporate BIRST in a single-sign-on configuration, potentially opening the door to provide authentication services for other systems as well.
- Users of PARS2 system only need to login once, and only need to remember one login credential.
- All policies in place for accessing PARS2 on the SharePoint servers now also carry over to BIRST's servers as well.
- Successfully proved a single-sign-on configuration with two relying parties both using Beowulf as their identity provider in a production scenario.
- Extended Beowulf feature-set to include native support for the SAML2P protocol.
- Though BIRST and SharePoint implement SAML2 support quite differently, we were able to create a solution that would account for this.
- Extended and streamlined our product to allow for more rapid deployment and federation to a new SharePoint farm.
- During the course of this effort, Beowulf's development team also fully updated from .NET 3.5 to .NET 4.5.2, which eliminated any dependency on Windows Identity Framework. A new configuration service API was also added, greatly simplifying configuration.
The Bottom Line
This project represents a significant investment in security infrastructure. Nevertheless, we were able to accomplish all project goals within six months, and our solution was cost effective compared to other options.
Total project cost was approximately $35,000, including labor and software licenses for additional servers.
Talk to the Client
ActioNet's Marc Cree has gone on record to sing our praises on many occasions. Here's one such example:
In case you're on a mobile phone, Marc Cree writes, "Outstanding customer service/support. Highly knowledgeable. Good company! People. Responsive! Dedicated." Thank you, Marc, for your kind words!
If you'd like to speak with Marc directly, please contact us and we'll be happy to arrange an introduction.