Basic Information

Service Name	Alertus
Service URL	https://alertus.publicsafety.tufts.edu/
Service Owner(s)	Office of Emergency Management, Digital Communications, and Tufts Technology Services
Authentication	Simplified Sign-On enabled - LDAP
Who Can Use It	Tufts Public Safety personell
Limitations	Available 24/7.
Vendor	Alertus
Vendor Contact	202-253-7887
Tufts Business Contact	Anthony Veliz

Description

Allows Tufts to send an alert to networked computers. May be activated by Pubic Safety during a significant emergency or dangerous situation involving an immediate threat to the health or safety of the Tufts community. Alert can be triggered through TuftsAlert (emergency alert system).

Alertus authentication and access configuration

Alertus uses Shibboleth as a Single sign-on provider (SSO). Altertus uses Active Directory (AD) group membership for role assignment to authenticated users.

Steps taken to configure Alertus for SSO using Shibboleth

Installed Shibboleth Service Provider package on WALRTAPPPRD01.tufts.ad.tufts.edu

Downloaded shibboleth-sp-2.6.0.1-win64 from the Shibboleth site (https://shibboleth.net/downloads/service-provider/latest/win64/)
Installed to default location (C:\opt\shibboleth-sp)

Updated Shibboleth to define the SP/IDP

Placed the IDP-medadata file provided by ESS in the Shibboleth config directory.
1. Location: C:\opt\shibboleth-sp\etc\shibboleth
2. Filename: idp-metadata.xml and placed in
3. Update file C:\opt\shibboleth-sp\etc\shibboleth\shibboleth2.xml per instruction provided in install document
Updated the Alertus configuration file to use Shibboleth
1. Location: C:\alertus\conf
2. Filename: impl_httpd.conf

Steps take to configure Alertus to use AD groups for roles.

Created needed AD objects

Created service account (Alertus) for read access to AD. (tufts.ad.tufts.edu/Central/UIT/Users/alertus)
Created AD group AlertusAdmin (tufts.ad.tufts.edu/Central/UIT/Users/AlertusAdmin).
Created AD group AlertusUser (tufts.ad.tufts.edu/Central/UIT/Users/AlertusUser).

NOTE: AD group membership change permission was provided to Anthony Veliz to management these groups.

Alertus Active Directory configuration

URL for updates: https://alertus.publicsafety.tufts.edu/alertusmw/viewMiddlewareSettingsForm.jsp

Field values used:


Hostname	tufts.ad.tufts.edu
Port	389
Auth Mechanism	simple
Username	tufts.ad.tufts.edu/Central/UIT/Users/alertus
User DN	DC=tufts,DC=ad,DC=tufts,DC=edu
User ID Attribute	userPrincipalName
Login Attribute	userPrincipalName
Email Attribute	mail
Group DN	DC=tufts,DC=ad,DC=tufts,DC=edu
Admin Group Name	AlertusAdmin
User Group Name	AlertusUser
User Attribute	sAMAccountName
Group Attribute	member

Click to show screen capture...

Manage “Users and Access Rights” from https://alertus.publicsafety.tufts.edu/AlertusWeb/InitEditUsersList.do

Click to show screen capture...

Browser not supported