Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver"

Transcription

1 Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management & Security Kristian Lehment, May 2011 ASUG-Conference Session ID 3603

2 Agenda Introduction to Single Sign-On (SSO) Short demo of a federated SSO scenario The technology and the concepts behind SSO Introduction to the Security Assertion Markup Language (SAML) Browser-based Web single sign-on with SAML 2.0 Identity federation Web service-based SSO with SAML 2.0 and X.509 certificates 2011 SAP AG. All rights reserved. 2

3 Demo Introduction to Single Sign-On

4 Brokered Authentication A Core Security Pattern for Single Sign-On Security Token Issuer 1 proves his identity to a central Security Token Issuer by presenting his credentials. 2 The issuer verifies the correctness and trustworthiness of the credentials and issues a security token with s identity information. 3 presents the security token to the application(s) he wants to Single Sign-On. 4 The Application verifies the security token. ****** The Application associates an identity from its user store based on a unique value in the token. 4 3 Applications SAP AG. All rights reserved. 4

5 Examples for Brokered Authentication in SSO Technologies SSO Technology Security Token Issuer Token Format SAP Logon Ticket SAP Portal (AS Java) Cookie (digitally signed) Digital Certificate Certification Authority (CA) X.509 Certificate Kerberos Key Distribution Center (KDC) Kerberos Ticket 2011 SAP AG. All rights reserved. 5

6 Key Properties of SSO Technologies Cross-Domain Is it possible to use the SSO technology only within a security domain (i.e. the corporate Intranet) or can it be used across different domains (e.g.. to access a business partner system)? Domain A Security Token Issuer Domain B Application Cross-Platform Which platforms are supported by the SSO technology? Does it work in a heterogeneous system landscape? Is it based on industry standards? Token Content Model Does the security token only allow a fixed set of identity attributes or can it be extended dynamically? Security Token Issuer Application 2011 SAP AG. All rights reserved. 6

7 SSO Technologies Compared SSO Technology Cross-Domain Cross-Platform Token Content Model SAP Logon Ticket No No* Fixed Digital Certificate Yes Yes Fixed Kerberos No Yes Fixed SAML Yes Yes Extensible * Issuer running on SAP only, ticket validation also possible with non-sap applications 2011 SAP AG. All rights reserved. 7

8 Agenda Introduction to Single Sign-On (SSO) Short demo of a federated SSO scenario The technology and the concepts behind SSO Introduction to the Security Assertion Markup Language (SAML) Browser-based Web single sign-on with SAML 2.0 Identity federation Web service-based SSO with SAML 2.0 and X.509 certificates 2011 SAP AG. All rights reserved. 8

9 Security Assertion Markup Language (SAML) in a Nutshell Industry standard for cross-vendor Web-based Single Sign-On and Single Log-Out with wide adoption in the industry XML-based framework for security and identity information and exchanging it across administrative and technical domain boundaries SAML profiles describe a variety of end use cases for the framework SAML Security Token: the Assertion contains a statement about a user s authentication that happened in the past, i.e. when and how the user authenticated at the issuer who is the issuer of the assertion can contain additional information (a.k.a. attributes) about the user s identity, i.e. role information 2011 SAP AG. All rights reserved. 9

10 SAML 2.0 Terminology for Web Browser based SSO Identity Provider (IdP) Identity Provider (IdP) Authority responsible for authenticating an end user and asserting an identity for that user in a security token based on a trusted fashion to trusted partners. Synonyms: (Security Token) Issuer Service Provider (SP) Offers services/resources to users and has a trust relationship with an IdP to accept and trust vouch-for information provided by the IdP on behalf of a user Synonyms: (Web) Application, Relying Party Subject A subject is the user who has been authenticated by the IdP. Synonyms: User, Principal Subject Service Provider (SP) 2011 SAP AG. All rights reserved. 12

11 SAML 2.0 Terminology for Web Service based SSO Security Token Service (STS) Security Token Service (STS) Authority responsible for authenticating an end user and asserting an identity for that user in a security token based on a trusted fashion to trusted partners. Synonyms: (Security Token) Issuer Web Service Provider (SP) Offers services/resources to users and has a trust relationship with an IdP to accept and trust vouch-for information provided by the IdP on behalf of a user Synonyms: (Web) Application, Relying Party Subject A subject is the user who has been authenticated by the IdP. Synonyms: User, Principal Subject Service Provider (SP) 2011 SAP AG. All rights reserved. 13

12 Analogy of an Interoperable, Cross-Domain Security Token in the Real World TRUST German Government US Government ID Card Passport Citizen of Germany Passport Immigration Officer 2011 SAP AG. All rights reserved. 14

13 Agenda Introduction to Single Sign-On (SSO) Short demo of a federated SSO scenario The technology and the concepts behind SSO Introduction to the Security Assertion Markup Language (SAML) Browser-based Web single sign-on with SAML 2.0 Identity federation Web service-based SSO with SAML 2.0 and X.509 certificates 2011 SAP AG. All rights reserved. 16

14 Browser-Based Web SSO with SAML Part 1/2 1 invokes the URL of an access protected Web Application with his browser 2 The Web Application redirects the request to its trusted Security Token Issuer Identity Provider (IdP) 3 If is not already logged on at the Security Token Issuer, he will be asked to provide his credentials ****** 3 2 redirect request 1 Service Provider (SP) 2011 SAP AG. All rights reserved. 17

15 <form> with Assertion Browser-Based Web SSO with SAML Part 2/2 Identity Provider (IdP) The Security Token Issuer returns a SAML Assertion for in a <form> HTML element 5 s Web Browser (automatically) submits the SAML Assertion in the <form> element 6 The Web Browser sends the SAML Assertion with a HTTP POST Request to the Web Application 7 The Web Application validates the SAML Assertion, assigns a local user account to s session and returns the web page 6 POST <form> Service Provider (SPs) SAP AG. All rights reserved. 18

16 Support for Web SSO with SAML 2.0 in SAP NetWeaver Identity Center SAP NetWeaver Identity Management 7.20 Virtual Directory Server SAML 2.0 IdP SAML 2.0 SP AS ABAP 7.02 AS Java 7.20 WS-Trust STS Min. Java 7.0 SP 14 Min. Java 7.20 The IdP software component is independent from the other SAP NW IdM software components E.g. if you have the license for SAP NW IdM 7.20, the IdP can be used without using the other software components like Identity Center or VDS 2011 SAP AG. All rights reserved. 19

17 Support for Web SSO using IdP and older Releases than AS ABAP 7.02 / AS Java 7.20 Identity Provider (IdP) For SP with AS ABAP >= 7.02 AS Java >= 7.20 For SP with AS ABAP < 7.02 AS Java < 7.20 ABAP SP Java SP 2011 SAP AG. All rights reserved. 20

18 Summary SAML 2.0 The main benefits of SAML 2.0 are: SSO with SAML 2.0 SAML provides a standard for cross-domain Single Sign-On (SSO) SAML 2.0 supports identity-provider-initiated SSO (as in SAML 1.x) SAML 2.0 also supports service-provider-initiated SSO SLO with SAML 2.0 Single Log-Out (SLO) enables users to cleanly close all their sessions in a SAML landscape, even across domains Identity federation Identity federation provides the means to share identity information between partners 2011 SAP AG. All rights reserved. 21

19 Agenda Introduction to Single Sign-On (SSO) Short demo of a federated SSO scenario The technology and the concepts behind SSO Introduction to the Security Assertion Markup Language (SAML) Browser-based Web single sign-on with SAML 2.0 Identity federation Web service-based SSO with SAML 2.0 and X.509 certificates 2011 SAP AG. All rights reserved. 22

20 SSO and Identity Federation The challenge ****** Identity Provider (IdP) Service Provider (SPs) CRM john.do e Partner Portal sale s ERP JDO E How and where are s SP accounts linked to his central account at the IdP to enable SSO across all applications? 2011 SAP AG. All rights reserved. 23

21 SSO and Identity Federation and three solutions to solve it Use an existing common, unique NAME to map the accounts IdP SP jdoe Create a new common, unique IDENTIFIER to link the accounts IdP SP ID: abc123 SP jdoe IdP ID: abc123 Federate the accounts based on identity ATTRIBUTES and mapping rules IdP Department: Sales Department = Sales? SP sales 2011 SAP AG. All rights reserved. 24

22 Identity Federation in SAP NetWeaver Identity Management 7.2 Identity federation provides the means to share identity information across company boundaries User must be unambiguous and clearly identifiable, even though different user identifiers may exist across the landscape The name identifier (name ID) is the means to establish a common identifier Once the name ID has been established, the user is said to have a federated identity Identity federation enables SSO for web browser based access (user-centric) and web services (system centric) across domains SAP s solution relies on standards for interoperability between SAP and non SAP systems For web browser based access, identity federation uses an identity provider that supports SAML 2.0 For web services, identity federation uses a security token service (STS) that supports WS-Trust 1.3, supporting X.509, SAML 1.1, and SAML 2.0 tokens 2011 SAP AG. All rights reserved. 25

23 Agenda Introduction to Single Sign-On (SSO) Short demo of a federated SSO scenario The technology and the concepts behind SSO Introduction to the Security Assertion Markup Language (SAML) Browser-based Web single sign-on with SAML 2.0 Identity federation Web service-based SSO with SAML 2.0 and X.509 certificates 2011 SAP AG. All rights reserved. 26

24 SAML Web Service SSO A service is required to transform the successful authentication into an SSO token which..can be used for authentication at the Service Provider..can transfer the authentication information beyond the domain boundary...enables the Web Service consumer to prove Doe s identity to the SAP Web Service by strong cryptographic means WS Consumer Doe SAML Issuer JDoe WS Provider 2011 SAP AG. All rights reserved. 28

25 Role of an STS in Service-Based Single Sign-On Scenarios The Security Token Service (STS) is a distinguished Web Service that issues security tokens based on a standardized protocol (WS-Trust) Security Token Service (STS) 2 Authenticate user Generate requested Token The STS enhances security tokens with identity information needed for authentication Security Token Request Authentication Data 1 3 Security Token Response The STS has broad applicability - it can be used to issue security tokens in a wide range of formats Web Service Consumer Supported Securty Tokens from SAP STS: SAML 1.1 SAML 2.0 X.509 Certificates* 2011 SAP AG. All rights reserved. *short live X.509 Certificate 29

26 Support for Web SSO with SAML 2.0 in SAP NetWeaver Identity Center SAP NetWeaver Identity Management 7.20 Virtual Directory Server SAML 2.0 IdP STS The IdP software component is independent from the other SAP NW IdM software components Min. Java 7.0 SP 14 SAML 2.0 WS- Consumer AS ABAP 7.02 / 7.30 No AS Java Min. Java 7.20 SAML 2.0 WS- Provider AS ABAP 7.02 / 7.01 No AS Java E.g. if you have the license for SAP NW IdM 7.20, the IdP can be used without using the other software components like Identity Center or VDS 2011 SAP AG. All rights reserved. 30

27 Support for Web service based SSO using STS Security Token Service (STS) 2011 SAP AG. All rights reserved. 31

28 STS Issued Token Format at a Glance 2011 SAP AG. All rights reserved. 32

29 Thank You! SAP NetWeaver goes Single Sign-On Tuesday, May 17 th, 2:30 PM in the Technology Theater on the show floor learn about the new solution: SAP NetWeaver Single Sign-On, that resulted from the acquisition of assets from the company Secude. SAP will release new Single Sign-On capabilities with this product.

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011 NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity

More information

Disclaimer. SAP 2008 / SAP TechEd 08 / SIM202 / Page 2

Disclaimer. SAP 2008 / SAP TechEd 08 / SIM202 / Page 2 SIM202 SAML 2.0 and Identity Federation Yonko Yonchev, NW PM Security SAP AG Dimitar Mihaylov, NW Security and Identity Management SAP Labs Bulgaria Tsvetomir Tsvetanov, Active Global Support SAP America

More information

First-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2

First-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2 First-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2 SAP Product Management, SAP NetWeaver Identity Management & Security Kristian

More information

Next Generation SSO for SAP Applications with SAML 2.0. SAP TG Solution Management Security April 2010

Next Generation SSO for SAP Applications with SAML 2.0. SAP TG Solution Management Security April 2010 Next Generation SSO for SAP Applications with SAML 2.0 SAP TG Solution Management Security April 2010 Disclaimer This presentation outlines our general product direction and should not be relied on in

More information

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Implementation Guide SAP NetWeaver Identity Management Identity Provider Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before

More information

SAML Security Option White Paper

SAML Security Option White Paper Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions

More information

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies

More information

The Challenges of Web single sign-on

The Challenges of Web single sign-on Serge Vereecke Security Architect IBM Security Services serge_vereecke@be.ibm.com The Challenges of Web single sign-on GSE Event September 7, 2012 Agenda Single sign-on technology Why single sign-on Challenges

More information

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper TABLE OF CONTENTS INTRODUCTION... 3 Where we came from... 3 The User s Dilemma with the Cloud... 4 The Administrator

More information

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,

More information

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

Introduction to Identity Management. Sam Lee, Outblaze Ltd.

Introduction to Identity Management. Sam Lee, Outblaze Ltd. Introduction to Identity Management Sam Lee, Outblaze Ltd. Agenda Background Identity Management Single Sign-On Federation Future s Identity management Conclusions 2 Background Why identity management?

More information

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...

More information

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole

More information

Leveraging SAML for Federated Single Sign-on:

Leveraging SAML for Federated Single Sign-on: Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams. Exam : P_ADM_SEC_70 Title : SAP Certified Technology Professional - Security with SAP NetWeaver 7.0 Version : Demo 1 / 5 1.Which of the following statements regarding SSO and SAP Logon Tickets are true?

More information

PingFederate. SSO Integration Overview

PingFederate. SSO Integration Overview PingFederate SSO Integration Overview 2006-2012 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 6.6 January, 2012 Ping Identity Corporation 1001 17th Street,

More information

Federated Identity in the Enterprise

Federated Identity in the Enterprise www.css-security.com 425.216.0720 WHITE PAPER The proliferation of user accounts can lead to a lowering of the enterprise security posture as users record their account information in order to remember

More information

Microsoft Office 365 Using SAML Integration Guide

Microsoft Office 365 Using SAML Integration Guide Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

Improve Security, Lower Risk, and Increase Compliance Using Single Sign-On

Improve Security, Lower Risk, and Increase Compliance Using Single Sign-On SAP Brief SAP NetWeaver SAP NetWeaver Single Sign-On Objectives Improve Security, Lower Risk, and Increase Compliance Using Single Sign-On Single sign-on in the SAP software architecture Single sign-on

More information

Identity Management in Telcos. Jörg Heuer, Deutsche Telekom AG, Laboratories. Munich, April 2008

Identity Management in Telcos. Jörg Heuer, Deutsche Telekom AG, Laboratories. Munich, April 2008 Identity Management in Telcos Jörg Heuer, Deutsche Telekom AG, Laboratories. Munich, April 2008 1 Agenda. Introduction User-centric Identity and Telcos Comprehensive Identity Models IDM Reference Architecture

More information

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009.

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009. MICROSOFT GENEVA SERVER AND SUN OPENSSO ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS White Paper May 2009 Abstract Interoperability between applications in heterogeneous technology

More information

Copyright: WhosOnLocation Limited

Copyright: WhosOnLocation Limited How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and

More information

Federated Identity Management Solutions

Federated Identity Management Solutions Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single

More information

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On How to implement the X.509 certificate based Single Sign-On solution from SAP Page 2 of 34 How to

More information

The Primer: Nuts and Bolts of Federated Identity Management

The Primer: Nuts and Bolts of Federated Identity Management The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.

More information

Gateway Apps - Security Summary SECURITY SUMMARY

Gateway Apps - Security Summary SECURITY SUMMARY Gateway Apps - Security Summary SECURITY SUMMARY 27/02/2015 Document Status Title Harmony Security summary Author(s) Yabing Li Version V1.0 Status draft Change Record Date Author Version Change reference

More information

September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence

September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple

More information

The Primer: Nuts and Bolts of Federated Identity Management

The Primer: Nuts and Bolts of Federated Identity Management The Primer: Nuts and Bolts of Federated Identity Management Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities. With so

More information

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple how-to whitepapers will

More information

HP Software as a Service

HP Software as a Service HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty

More information

The Role of Federation in Identity Management

The Role of Federation in Identity Management The Role of Federation in Identity Management August 19, 2008 Andrew Latham Solutions Architect Identity Management 1 The Role of Federation in Identity Management Agenda Federation Backgrounder Federation

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications Collaboration Technology Support Center - Microsoft - Collaboration Brief March 2005 Using SAP Logon Tickets for Single Sign on to Microsoft based web applications André Fischer, Project Manager CTSC,

More information

TIB 2.0 Administration Functions Overview

TIB 2.0 Administration Functions Overview TIB 2.0 Administration Functions Overview Table of Contents 1. INTRODUCTION 4 1.1. Purpose/Background 4 1.2. Definitions, Acronyms and Abbreviations 4 2. OVERVIEW 5 2.1. Overall Process Map 5 3. ADMINISTRATOR

More information

Single Sign-on (SSO) technologies for the Domino Web Server

Single Sign-on (SSO) technologies for the Domino Web Server Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145

More information

SAP Single Sign-On 2.0 Overview Presentation

SAP Single Sign-On 2.0 Overview Presentation SAP Single Sign-On 2.0 Overview Presentation March 2016 Public Agenda SAP security portfolio Overview SAP Single Sign-On Single sign-on main scenarios Capabilities Summary 2016 SAP SE or an SAP affiliate

More information

Security Assertion Markup Language (SAML)

Security Assertion Markup Language (SAML) CS 595G 02/14/06 Security Assertion Markup Language (SAML) Vika Felmetsger 1 SAML as OASIS Standard OASIS Open Standard SAML V2.0 was approved in March, 2005 Blending of two earlier efforts on portable

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Logout Support on SP and Application

Logout Support on SP and Application Logout Support on SP and application Logout Support on SP and Application Possibilities and and Limitations SWITCHaai Team aai@switch.ch Single Logout: Is it possible? Single Logout will work only in some

More information

SAML SSO Configuration

SAML SSO Configuration SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting

More information

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment 29.4.2008 Jyväskylä University Department of Computer Science

More information

SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS

SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS Applies to: SAP Gateway 2.0 Summary This guide describes how you install and configure SAML 2.0 on Microsoft ADFS server and SAP NetWeaver

More information

SAM Context-Based Authentication Using Juniper SA Integration Guide

SAM Context-Based Authentication Using Juniper SA Integration Guide SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

OIOSAML Rich Client to Browser Scenario Version 1.0

OIOSAML Rich Client to Browser Scenario Version 1.0 > OIOSAML Rich Client to Browser Scenario Version 1.0 Danish Agency for Digitization December 2011 Contents > 1 Introduction 4 1.1 Purpose 1.2 Background 4 4 2 Goals and Assumptions 5 3 Scenario Details

More information

USING FEDERATED AUTHENTICATION WITH M-FILES

USING FEDERATED AUTHENTICATION WITH M-FILES M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication

More information

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions Introduction This paper provides an overview of the integrated solution and a summary of implementation options

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Administration guide version 1.0.1 Publication history Date Description Revision 2015.09.24 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:

More information

Eliminating Authentication Pop- Ups in SAP Landscapes

Eliminating Authentication Pop- Ups in SAP Landscapes Eliminating Authentication Pop- Ups in Landscapes Cristina Buchholz, Patrick Hildenbrand Product Security, Learning Objectives As a result of this workshop, you will be able to: Understand Authentication

More information

Contents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in

Contents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in at a Glance 1 Introduction 17 2 Basic Principles of IT Security 23 3 Authentication and Authorization in SAP NetWeaver Application Server Java 53 4 Single Sign-On 151 5 Identity Provisioning 289 6 Secure

More information

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion. Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On

More information

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps Sofia Event Center 14-15 May 2014 Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps Radi Atanassov SharePoint MCM & MVP

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

2015-11-30. Web Based Single Sign-On and Access Control

2015-11-30. Web Based Single Sign-On and Access Control 0--0 Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking

More information

Unleash the Power of Single Sign-On with Microsoft and SAP

Unleash the Power of Single Sign-On with Microsoft and SAP Collaboration Technology Support Center Microsoft Collaboration Brief September 2007 Unleash the Power of Single Sign-On with Microsoft and SAP White Paper Authors Tilo Boettcher, Microsoft Corp (tiloboet@microsoft.com)

More information

Single Sign-On between SAP Portal and SuccessFactors

Single Sign-On between SAP Portal and SuccessFactors Single Sign-On between SAP Portal and SuccessFactors Dimitar Mihaylov 7/1/2012 Contents 1. Overview... 3 2. Trust between SAP Portal 7.3 and SuccessFactors... 5 2.1. Initial configuration in SAP Portal

More information

Single Sign On. SSO & ID Management for Web and Mobile Applications

Single Sign On. SSO & ID Management for Web and Mobile Applications Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

More information

Connected Data. Connected Data requirements for SSO

Connected Data. Connected Data requirements for SSO Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated

More information

SAP NetWeaver AS Java

SAP NetWeaver AS Java Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is

More information

Extending DigiD to the Private Sector (DigiD-2)

Extending DigiD to the Private Sector (DigiD-2) TECHNISCHE UNIVERSITEIT EINDHOVEN Department of Mathematics and Computer Science MASTER S THESIS Extending DigiD to the Private Sector (DigiD-2) By Giorgi Moniava Supervisors: Eric Verheul (RU, PwC) L.A.M.

More information

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to ServiceNow Table of Contents

More information

Architecture of Enterprise Applications III Single Sign-On

Architecture of Enterprise Applications III Single Sign-On Architecture of Enterprise Applications III Single Sign-On Haopeng Chen REliable, INtelligent and Scalable Systems Group (REINS) Shanghai Jiao Tong University Shanghai, China e-mail: chen-hp@sjtu.edu.cn

More information

How to create a SP and a IDP which are visible across tenant space via Config files in IS

How to create a SP and a IDP which are visible across tenant space via Config files in IS How to create a SP and a IDP which are visible across tenant space via Config files in IS This Documentation is explaining the way to create a SP and IDP which works are visible to all the tenant domains.

More information

Why Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity)

Why Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity) Why Identity Management Identity Management Claudiu Duma Identity crisis Privacy concerns Identity theft Terrorist threat Department of Computer and Information Science cladu@ida.liu.se What We Cover Digital

More information

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

DocuSign Single Sign On Implementation Guide Published: March 17, 2016 DocuSign Single Sign On Implementation Guide Published: March 17, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents

More information

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access

More information

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................

More information

Single Sign-On: Reviewing the Field

Single Sign-On: Reviewing the Field Outline Michael Grundmann Erhard Pointl Johannes Kepler University Linz January 16, 2009 Outline 1 Why Single Sign-On? 2 3 Criteria Categorization 4 Overview shibboleth 5 Outline Why Single Sign-On? Why

More information

PingFederate. Integration Overview

PingFederate. Integration Overview PingFederate Integration Overview 2008 Ping Identity Corporation. All rights reserved. Part Number 3007-321 January, 2008 Ping Identity Corporation 1099 18th Street, Suite 2950 Denver, CO 80202 U.S.A.

More information

Perceptive Experience Single Sign-On Solutions

Perceptive Experience Single Sign-On Solutions Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark

More information

Logout in Single Sign-on Systems

Logout in Single Sign-on Systems Logout in Single Sign-on Systems Sanna Suoranta, Asko Tontti, Joonas Ruuskanen, Tuomas Aura IFIP IDMAN, London, UK, 8-9.4.2013 Logout in Single Sign-on Systems Motivation Single sign-on (SSO) systems SSO

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Authentication and Single Sign-On. Patrick Hildenbrand NW PM Security, SAP AG

Authentication and Single Sign-On. Patrick Hildenbrand NW PM Security, SAP AG Authentication and Single Sign-On Patrick Hildenbrand NW PM Security, SAP AG Agenda Authentication and Identities Authentication with SAP in a Web Based Scenario At the SAP GUI for Windows Summary SAP

More information

Application Gateway with Apache

Application Gateway with Apache Application Gateway with Apache Multi-backend scenarios Nghia Nguyen SAP NetWeaver RIG Americas, SAP Labs, LLC Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring

More information

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation

More information

IT@Intel. Improving Security and Productivity through Federation and Single Sign-on

IT@Intel. Improving Security and Productivity through Federation and Single Sign-on White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing

More information

Using Shibboleth for Single Sign- On

Using Shibboleth for Single Sign- On Using Shibboleth for Single Sign- On One Logon to Rule them all.. Kirk Yaros Director, Enterprise Services Mott Community College 1 Agenda Overview of Mott Overview of Shibboleth and Mott s Project Review

More information

Liberty Alliance. CSRF Review. .NET Passport Review. Kerberos Review. CPSC 328 Spring 2009

Liberty Alliance. CSRF Review. .NET Passport Review. Kerberos Review. CPSC 328 Spring 2009 CSRF Review Liberty Alliance CPSC 328 Spring 2009 Quite similar, yet different from XSS Malicious script or link involved Exploits trust XSS - exploit user s trust in the site CSRF - exploit site s trust

More information

Single Log-Out. Andreas Åkre Solberg Malaga, June 2009

Single Log-Out. Andreas Åkre Solberg Malaga, June 2009 Single Log-Out Andreas Åkre Solberg Malaga, June 2009 Sessions On Web HTTP originally stateless Using Cookies to keep state Cookies in RFC2965 Set a session ID first time user visits, sent back to site

More information

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 May 2015 About this guide Prerequisites and requirements NetWeaver configuration Legal notices About

More information

Setup Guide Central Monitoring of SAP NetWeaver Proces Integration 7.3 with SAP Solution Manager 7.1. Active Global Support February 2011

Setup Guide Central Monitoring of SAP NetWeaver Proces Integration 7.3 with SAP Solution Manager 7.1. Active Global Support February 2011 Setup Guide Central Monitoring of SAP NetWeaver Proces Integration 7.3 with SAP Solution Manager 7.1 Active Global Support February 2011 Agenda Overview Landscape Setup Recommended Setup SLD/LMDB Synchronization

More information

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1 PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity

More information

Identity Server Guide Access Manager 4.0

Identity Server Guide Access Manager 4.0 Identity Server Guide Access Manager 4.0 June 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF

More information

Authentication Methods

Authentication Methods Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the

More information

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On Public Speakers Las Vegas, Oct 19-23 Christian Cohrs, Area Product Owner Barcelona, Nov 10-12 Regine Schimmer, Product Management

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

F5 BIG-IP: Configuring v11 Access Policy Manager APM

F5 BIG-IP: Configuring v11 Access Policy Manager APM coursemonster.com/uk F5 BIG-IP: Configuring v11 Access Policy Manager APM View training dates» Overview This three day course gives networking professionals a functional understanding of the BIG-IPÂ APM

More information

IBM WebSphere Application Server

IBM WebSphere Application Server IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application

More information

Cybersecurity and Secure Authentication with SAP Single Sign-On

Cybersecurity and Secure Authentication with SAP Single Sign-On Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle

More information

FTP-Stream Integrating Active Directory Federation Services

FTP-Stream Integrating Active Directory Federation Services FTP-Stream Integrating Active Directory Federation Services 1 Overview Active Directory Federation Services (ADFS) is a standards-based service that allows the secure sharing of identity information between

More information

Using SAML for Single Sign-On in the SOA Software Platform

Using SAML for Single Sign-On in the SOA Software Platform Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software

More information

Single Sign On Integration Guide. Document version: 20.01.12

Single Sign On Integration Guide. Document version: 20.01.12 Single Sign On Integration Guide Document version: 20.01.12 Table of Contents About this document... 3 Purpose... 3 Target... 3 Support... 3 Overview... 4 SAML... 5 SAML in general... 5 How SAML is used

More information

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved. DualShield Integration Guide Copyright 2011 Deepnet Security Limited Copyright 2011, Deepnet Security. All Rights Reserved. Page 1 Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID,

More information

Siebel CRM On Demand Single Sign-On. An Oracle White Paper December 2006

Siebel CRM On Demand Single Sign-On. An Oracle White Paper December 2006 Siebel CRM On Demand Single Sign-On An Oracle White Paper December 2006 Siebel CRM On Demand Single Sign-On Introduction... 3 Single Sign-On with Siebel CRM On Demand... 4 Customer Requirements... 4 SSO

More information

Integration Guide. SafeNet Authentication Manager. Using SAM SAML-based Authentication with Citrix NetScaler Gateway 10.1

Integration Guide. SafeNet Authentication Manager. Using SAM SAML-based Authentication with Citrix NetScaler Gateway 10.1 SafeNet Authentication Manager Integration Guide Using SAM SAML-based Authentication with Citrix NetScaler Gateway 10.1 Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright

More information