TLS Support for EA

Background

Redbox Extended Architecture (EA) utilises ADFS and Azure AD to authenticate users logging into the EA. The process of authenticating against Azure AD involves sending login credentials to Azure AD and receiving an authentication token. Azure AD currently allows the response token to be returned via an unsecure link. There is a concern that Microsoft may suddenly deprecate this feature and that Azure AD will require that all authentication tokens are returned only via Transport Layer Security (TLS) . When this happens, all Redbox’s resources in Azure cloud and vSphere will be unable to login to EA. It will also cause failure of automated tests. The purpose of this requirement is to ensure that neither Redbox nor any of its clients suffer service or operational disruptions as a result of this.

Business Case

• The sudden deprecation of this feature will result in clients being unable to access EA. Failing to take a proactive approach to dealing with this could impact negatively on Redbox’s reputation as a reliable service provider.
• Support for end-to-end TLS authentication will demonstrate Redbox’s commitment to providing secure products/services in which client information is not compromised.
• The sudden deprecation of this feature will result in denied access to EA which will cause disruption of development and QA activities within the company.

Personas effected

• Annette Curtains - Contact Centre Team Lead
• Gary Baldi - Customer Experience/ Contact Centre Manager
• Penn Gwynn - Head of Contact Centre
• Ron Westly - Head of Command and Control
• Redbox Developer
• Redbox QA Analyst

Requirements

1. Develop and document a solution to mitigate the possibility of denied access to EA by Redbox developers and QA
2. Identify all possible scenarios where this may affect a current or future client
3. Develop and document a solution to cater for each identified scenario

User stories

1. As a Redbox Developer/QA Analyst, I would like all resources in Azure cloud and vSphere to support end-to-end TLS encryption while authenticating against Azure AD, so that when Microsoft deprecates support for non-TLS authentication there will be no disruption to my work.
2. As a user of EA, I would like the entire authentication process to be carried out securely via TLS, so that all information pertaining to my authentication is secure.

Sign Off

• Anthony Commander (Unlicensed) Team lead to review and sign off
• Simon Jolly (Unlicensed) Technical Architect to review and sign off
• Mark Smith (Unlicensed) Development Manager to review and sign off 
•  QA to review and sign off