Deployment of Access Management for the City Hall Prague
Magistrát hlavního města Prahy
For our customer, the Prague City Hall (MHMP), a pilot project of open-source Access Management was implemented. The aim of the project was to verify the suitability of this platform in the environment of the Client, as an alternative to the existing technical solution.
The aim of the project was to describe the status of the implemented Access Management solution and to propose changes to make the solution more effective. The main focus was on the sustainability of the solution development (determining the strategy in this area) and on the cost side (getting rid of redundant systems).
The output of the analysis phase was a document that described the state of Access Management (AM) from the perspective of the solution architecture and connected systems, analyzed the causes of the existing deficiencies and proposed changes to overcome them and streamline the architecture in the spirit of its sustainable development.
The information in the document was developed based on meetings with ICT representatives of the Contracting Authority and analysis sessions with responsible staff.
Based on the proposed solution, Apereo CAS was subsequently deployed in pilot operation and tested in terms of the Client’s Access Management needs.
Three areas were analysed and needed to be addressed:
- Applications that authenticate against the current AM exhibit an unreasonably long time in the user login process.
- New applications find it difficult to connect to AM
- The AM solution is technically outdated
The conclusions of the analysis identified the common denominator of these difficulties as being the technical, architectural and human obsolescence of the current solution, which was implemented at a time when there was a different distribution of information systems in the Contracting Authority’s infrastructure.
A phased replacement of Access Manager with a new tool that meets the functionality requirements, is not tied to a specific manufacturer, is open source and has a vibrant community was proposed. A pilot project was conducted for this solution and a schedule for the transition from the existing to the new state was proposed.
Figure 1 – Target deployment of the CAS tool in the environment of the Customer
Central Authentication Service (CAS) is an open-source web-based Single Sign-On tool managed by the Apereo consortium. It originated in an academic environment and is widely used by universities around the world. It supports generally accepted protocols for authentication and authorization, and implements its own authentication protocol (CAS v1, CAS v2).