Alertus (Unified Security Notification)
- Jon Rice
- Andrew Levine
Basic Information
Service Name | Alertus |
|---|---|
Service URL | https://alertus.publicsafety.tufts.edu/ |
Service Owner(s) | Office of Emergency Management, Digital Communications, and Tufts Technology Services |
Authentication | Simplified Sign-On enabled - LDAP |
Who Can Use It | Tufts Public Safety personell |
Limitations | Available 24/7. |
| Vendor | Alertus |
| Vendor Contact | 202-253-7887 |
| Tufts Business Contact | Anthony Veliz |
Description
Allows Tufts to send an alert to networked computers. May be activated by Pubic Safety during a significant emergency or dangerous situation involving an immediate threat to the health or safety of the Tufts community. Alert can be triggered through TuftsAlert (emergency alert system).
Alertus authentication and access configuration
Alertus uses Shibboleth as a Single sign-on provider (SSO). Altertus uses Active Directory (AD) group membership for role assignment to authenticated users.
Steps taken to configure Alertus for SSO using Shibboleth
- Installed Shibboleth Service Provider package on WALRTAPPPRD01.tufts.ad.tufts.edu
- Downloaded shibboleth-sp-2.6.0.1-win64 from the Shibboleth site (https://shibboleth.net/downloads/service-provider/latest/win64/)
- Installed to default location (C:\opt\shibboleth-sp)
- Updated Shibboleth to define the SP/IDP
- Placed the IDP-medadata file provided by ESS in the Shibboleth config directory.
- Location: C:\opt\shibboleth-sp\etc\shibboleth
- Filename: idp-metadata.xml and placed in
- Update file C:\opt\shibboleth-sp\etc\shibboleth\shibboleth2.xml per instruction provided in install document
- Updated the Alertus configuration file to use Shibboleth
- Location: C:\alertus\conf
Filename: impl_httpd.conf
Steps take to configure Alertus to use AD groups for roles.
- Created needed AD objects
- Created service account (Alertus) for read access to AD. (tufts.ad.tufts.edu/Central/UIT/Users/alertus)
- Created AD group AlertusAdmin (tufts.ad.tufts.edu/Central/UIT/Users/AlertusAdmin).
- Created AD group AlertusUser (tufts.ad.tufts.edu/Central/UIT/Users/AlertusUser).
NOTE: AD group membership change permission was provided to Anthony Veliz to management these groups.
- Alertus Active Directory configuration
URL for updates: https://alertus.publicsafety.tufts.edu/alertusmw/viewMiddlewareSettingsForm.jsp
Field values used:
| Hostname | tufts.ad.tufts.edu |
| Port | 389 |
| Auth Mechanism | simple |
| Username | tufts.ad.tufts.edu/Central/UIT/Users/alertus |
| User DN | DC=tufts,DC=ad,DC=tufts,DC=edu |
| User ID Attribute | userPrincipalName |
| Login Attribute | userPrincipalName |
| Email Attribute | |
| Group DN | DC=tufts,DC=ad,DC=tufts,DC=edu |
| Admin Group Name | AlertusAdmin |
| User Group Name | AlertusUser |
| User Attribute | sAMAccountName |
| Group Attribute | member |
Manage “Users and Access Rights” from https://alertus.publicsafety.tufts.edu/AlertusWeb/InitEditUsersList.do
Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.