Tusker IT Department Tusker IT Architecture
|
|
- Ruth Stephens
- 8 years ago
- Views:
Transcription
1 Tusker IT Department System Overview Documents Tusker IT Department Tusker IT Architecture Single Sign On Overview Page 1
2 Document Information and Approvals VERSION HISTORY Version # Date Revised By Reason for change /05/2012 Drav Sloan (DS) Start of the rewrite of document /06/2012 DS & Chris Khalil Proof reading and rephrasing of overview /02/2014 DS Addition of SAML and process. Details of the implementation process. DOCUMENT APPROVALS Approver Name Project Role Signature/Electronic Approval Date Nicola Beard Technical Document Author 10/02/2014 Page 2
3 Contents Document Information and Approvals Overview SSO Mechanisms and Process Flow Connections Using the Proprietary SSO Mechanism Connections Using SAML Process Continuation Shared by Both Mechanisms Implementation Process Generation of Public/Private Key Pairs Assertion/Token Fields Tusker Proprietary SSO Fields Tusker SAML Fields Testing, QA and UAT Go Live of the Provider and Its SSO with Tusker Technical Details The Tusker Proprietary SSO Mechanism The Tusker SAML Mechanism (Non-Encrypted Assertion Statement) The Tusker SAML Mechanism (Encrypted Assertion Statement) Appendix A A.1 Tusker Proprietary SSO Mechanism XML Example A.2 Tusker SAML Assertion Statement Example (No Encryption) A.3 Tusker SAML assertion statement example (with encryption) Page 3
4 1.0 Overview When you create an account to access a website without Single Sign On (SSO), generally those login details will work on that site only. Websites using SSO allow you to use one account to access many websites by entering only a single set of login details. In an example case of Benefits Providers, users will log into the Benefits Provider s website and follow a link to the Tusker website. At this point the Benefits Provider s website will pass a specific SSO token to Tusker. This token allows Tusker to perform security checks, validate data integrity, and allow the benefits provider to pass on relevant data such as driver credentials and what Company the user is employed by. This is all through one webpage link. The security checks are done without user interaction, and if successful the driver will be referred to their Tusker Driver Journey Homepage. Some benefits of using SSO are: Seamless integration of two websites without requirement for more usernames and passwords Secure and encrypted login mechanisms Avoid the pitfalls of Password Fatigue. 2.0 SSO Mechanisms and Process Flow Tusker presently utilises two different mechanisms to enable the SSO process, a proprietary method and one based around the SAML 2.0 specification. Both methods follow the same basic process and achieve the same end result, but use different underlying mechanisms to deliver the data content. Security Assertion Markup Language, or SAML for short, is predominantly the preferred mechanism for SSO assertion on Windows Server platforms. This is usually because the NET framework 4.5 has native support for SSO/SAML and there are also a number of libraries which reduce the amount of work required to deliver a working product. It is also a ratified standard and as such has a specification which can be used as a guideline for understanding its mechanisms and designing systems from the ground up. There are plenty of vendor and programming language specific SAML libraries such as simplesaml.php for PHP and OpenSAML for Java. There is also a list of SAML related products maintained on Wikipedia. Both provide the same core features: Encryption of the data. Tamper-proof data validation using cryptographic key signing of the tokens. An expiry date built into the token, so the tokens inherently have a short life span. Flexible content of the data section of the token, to allow the communication of relevant user credentials, and company specific information from one service to another. Page 4
5 2.1 Connections Using the Proprietary SSO Mechanism The process flow of an external provider or service attempting connection to the Tusker Driver Journey Homepage via the proprietary SSO mechanism is as follows. A user clicks a link at the external service site which leads to Tusker. The external service creates a token specific for that user, encrypts it and submits it to Tusker via a prearranged SSO CGI URL. Tusker checks for 3 values submitted to its SSO CGI form (encrypted message, key and signature). If all three are provided, the key is validated against the public half of the cryptographic key pair that the partner generated and provided Tusker (see Section 3.0 for the steps for creation of the public/private key pair). If valid, the encrypted message is cryptographically validated against the provided signature value. This validates the integrity of the data contained inside the token. If the signature value validates, the encrypted message is then decrypted and the xml that results is processed and the user data extracted from it. The process at this point continues in Section 2.3. Figure 1: Tusker SSO input process flow. Page 5
6 2.2 Connections Using SAML The process flow of an external provider or service attempting connection to the Tusker Driver Homepage via the SAML SSO mechanism is as follows. A user clicks a link at the external service site which leads to Tusker. The external service creates a SAML Assertion specific for that user, if desired, encrypts the data segment, signs the assertion and submits it to Tusker via a prearranged SAML SSO CGI URL The CGI checks for a posted variable submitted to its form (called SAMLResponse) The SAMLResponse is base64 decoded into an assertion. The assertion is decrypted if it is encrypted. The digital signature of the assertion is checked against the public half of the cryptographic key pair the provider will have provided Tusker (see Section 3.0 for the steps for creation of the public/private key pair) The assertion s data integrity is validated by checking the provided digest to the content of the assertion. If the signature is valid, the AtrtributeStatement is processed and the user s data is extracted from it. The process at this point continues in Section 2.3. Figure 2: Tusker SAML input process flow. Page 6
7 2.3 Process Continuation Shared by Both Mechanisms The timestamp field is checked to make sure the token has not expired. If the token has not reached its end of life, Tusker checks that the token has the mandatory fields present (see section 4 for details on the mandatory fields required for the SSO). The fields provided are then ratified to requirements such a maximum field size. The companycode is extracted from the token and the relevant company on Tusker s system located. This company configuration is checked to have mandatory configuration options such as a Default Fleet Manager and Default Driver Band. If the tokens values pass all tests, then either an existing user account is located or a new one is created. Accounts will be located by using the companycode and userid provided in the token data. An account will be automatically created if Tusker s system does not have a user account which matches these two credentials. This is always the case on an individual s first visit to the Tusker website. The user account is then redirected to their own personalised Tusker Driver Homepage. 3.0 Implementation Process Both Tusker and the partner will have to allocate development time to create the initial SSO link. The process of implementing the SSO involves several steps. They will both need to coordinate private/public key pair generation and exchange, discuss the requirements (if any) of inclusion of additional fields in the token, and whether the additional fields are included in the report. Tusker will also provide a URL for entry point into the Tusker SSO system. Once this initial process has been developed, tested and put into service, adding SSO links for specific companies is then a much more simple process. This consists of creating a unique identifier for a company so that Tusker can program our systems to direct the driver to the correct Driver Homepage for their company. 3.1 Generation of Public/Private Key Pairs Using OpenSSL a public/private pair can be created using the following commands. Create a certificate signing request (CSR) and a password-protected private key: openssl req -new -out provider.csr -keyout provider.pem Create a copy of the private key without password protection: openssl rsa -in provider.pem -out provider.key Generate a self-signed certificate from the CSR: openssl x509 -in provider.csr -out provider.cert -req -signkey \ provider.key -days 3650 The provider.cert is then sent to Tusker. The provider.key should be protected from visibility to the outside, as it is used in the digital signing of the tokens sent to Tusker. If an outside person were to get a copy they could use it to gain unauthorized access to SSO process. Page 7
8 Microsoft users can use makecert, SelfSSL (from the IIS 6.0 Resource Kit compatible with IIS7) or similar tools to generate a private key and public certificate pair. 3.2 Assertion/Token Fields Depending on the mechanisms being used, and the requirements of the client being implemented, the contents of the assertion will vary. For example, certain clients have a requirement to be placed in specific company bands on login, or require posted back information, or need us to store other additional information pertaining to the user being processed. These quite often require additional development for these fields to be acted upon. However, the two SSO mechanisms do have standard fields which are detailed below Tusker Proprietary SSO Fields A token generated for the Tusker Proprietary SSO mechanism requires the following XML fields: Name Mandatory? Type Length Description companycode Yes Text 100 userid Yes Text 100 firstname Yes Text 100 surname Yes Text 100 address Yes Text 100 staffnumber No Text 100 Contains a unique identifier for the company of the SSO user, which links it to the appropriate company in Tusker. Contains a unique identifier per company - of the SSO user. Contains the first name of the SSO user. Contains the surname of the SSO user. Contains the address of the SSO users Unique number, often payroll related, to the SSO user Tusker SAML Fields An assertion generated for the Tusker SAML mechanism requires the following attribute statement attributes: Page 8
9 Name Mandatory? Type Length Description companycode Yes Text 100 userid Yes Text 100 firstname Yes Text 100 surname Yes Text 100 address Yes Text Testing, QA and UAT Contains a unique identifier for the company of the SSO user, which links it to the appropriate company in Tusker. Contains a unique identifier per company - of the SSO user. Contains the first name of the SSO user. Contains the surname of the SSO user. Contains the address of the SSO users. Once keys have been exchanged, and assertion/token fields agreed and developed a test URL is created for both parties to test integration of the two sites SSO mechanism. This test site is on a test database and website, so can be tested without worry of affecting live services and customers. The aim of this part of the process is to gain sign off on Quality Assurance and to do any required User Acceptance Testing. 3.4 Go Live of the Provider and Its SSO with Tusker The next stage is to set the provider link live on Tuskers main website, which involves some configuration on our BackOffice service, pushing of any code changes and the associated public half of the key pairs to our live services. A new live URL for connections to Tusker through the SSO mechanism will then be provided. Page 9
10 4.0 Technical Details The details of the two processes and what needs to be created/generated are detailed in this section. 4.1 The Tusker Proprietary SSO Mechanism Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Generate a random string (8-bit binary) of 24 bits length. This is known as the symmetric key (k). This should be generated for each token passed to Tusker. Generate a random string (8-bit binary) of 8 bits length. This is known as the Initialization Vector (IV). This should be generated for each token passed to Tusker. Base64 encode k and IV, and place them in a string in the form: key=xxx; iv=yyy; So you end up with something like: key=yuo1jvewd8vi44rmm/w5lzluhgcugwtk; iv=hmihgulbpr8=; Using Public key algorithm (RSA) encrypt the Base64 string using the public half of the Tusker key pair, provided in certificate form. Generate a signature of this RSA encoded string, using the private half of Providers Certificate key pair. Generate the XML token containing the user s details, including the mandatory fields set out in section Using Triple-DES Cipher, using k as the symmetric key and IV as the Initialization Vector encrypt the XML document. Base64 encode the string in Step 3, this will be known as the encryptedkey. Base64 encode the RSA encrypted string in Step 4, this will be known as the signature. Base64 encode the Triple-DES encrypted XML statement, this will be known as the encryptedmessage. POST to the Tusker SSO URL, setting the post variables encryptedkey, signature and encryptedmessage (with the values set to those detailed above). 4.2 The Tusker SAML Mechanism (Non-Encrypted Assertion Statement) Tusker s framework only supports the Security Assertion Markup Language version 2, detailed at the open oasis webpages. Page 10
11 Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Generate a saml:attributestatement with the attributes detailed in section Create a SAML Response statement (samlp:response), containing a saml:assertion, with an ID attribute unique to that specific assertion. The saml:assertion should contain a saml:condition that sets the attributes NotBefore and NotOnOrAfter, both of which are set to an ISO 8601 Zulu date format. The NotBefore attribute should set to a Zulu time 5 minutes in the past and the NotOnOrAfter attribute to the Zulu time you want the statement to be valid until (usually 10 minutes in the future). The XML fragment containing the saml:assertion is then signed using the XML Digital Signature standard. The signature must also contain a digest of the fragment being signed and the transformation method utilized. The Signature XML is inserted inside the saml:assertion statement. The samlp:response is then base64 encoded and sent to tusker using a POST submission. The contents of this base64 encoded statement should be set on the SAMLResponse POST variable. 4.3 The Tusker SAML Mechanism (Encrypted Assertion Statement) Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Generate a saml:attributestatement with the attributes detailed in section Create a SAML Response statement (samlp:response). Create a saml:assertion fragment, with an ID attribute unique to that specific assertion, and insert the saml:attributestatement. Encrypt the saml:assertion fragment using the mechanism detailed in the XML Encryption Syntax and Processing specification. Presently Tusker support the rsa-1_5 and aes256-cbc encryption methods. The symmetrical cypher key should be supplied in the saml:encryptedassertion/ EncryptedData/EncryptedKey/KeyInfo/CipherData XPath. The encrypted data should be contained inside the saml:encryptedassertion/encrypteddata/cipherdata XPath. The saml:encryptedassertion should then be inserted into the samlp:response Step 7 The XML fragment containing the saml:encryptedassertion is then signed using the XML Digital Signature standard. The signature must also contain a digest of the fragment being signed and the transformation method utilized. Step 8 The Signature XML is inserted inside the saml:assertion statement. Page 11
12 Step 9 The samlp:response is then base64 encoded and sent to tusker using a POST submission. The contents of this base64 encoded statement should be set on the SAMLResponse POST variable. Page 12
13 Appendix A A.1 Tusker Proprietary SSO Mechanism XML Example. An example of the Tusker SSO mechanism s XML before encoding is as follows: <?xml version="1.0" encoding="utf-8"?> <logindata> <userid> </userid> <companycode>xyz123</companycode> <userid> </userid> <firstname>fred</firstname> <surname>smith</surname> < address>fred.smith@example.com</ address> <timestamp> t12:40:25z</timestamp> </logindata> Page 13
14 A.2 Tusker SAML Assertion Statement Example (No Encryption) An example of the Tusker SAML assertion, without encryption, is as follows: <?xml version="1.0"?> <saml:assertion xmlns:saml="urn:oasis:names:tc:saml:2.0:assertion" Version="2.0" ID="_faeeb326-efca-4a88-bb77-1d d13" IssueInstant=" T15:48:29Z"> <saml:issuer Format="urn:oasis:names:tc:SAML:2.0:nameidformat:entity"> > <Signature xmlns=" <SignedInfo> <CanonicalizationMethod Algorithm=" <SignatureMethod Algorithm=" <Reference URI="#_faeeb326-efca-4a88-bb77-1d d13"> <Transforms> <Transform Algorithm=" <Transform Algorithm=" <InclusiveNamespaces xmlns=" PrefixList="#default saml ds xs xsi"/> </Transform> </Transforms> <DigestMethod Algorithm=" <DigestValue>ODy9/ZBgqbLrUi2e9fdd4MpDAtQ=</DigestValue> </Reference> </SignedInfo> <SignatureValue>wRqELB7X/SMKESiDcApnzTbasw1i0eoMDbGBirGE8uSZmqhK1cSRF20EnA8 AVySXIvkEA98it45w4clDPqryUTizkeQfCyIvlk5GJR6Z13MTwBrOlbJFYnbqHHcH8Z8j7EO8EO E5GRydShLf/FpDOedUcBnqEsddvIcwOebmLsc=</SignatureValue> <KeyInfo> <X509Data> <X509Certificate>MIIB2TEyMzEyMzU5NTlaMDUxMzAxBgNVBAMeKgBUAEIAWABfAFMAQQBNAE wamgbfaekazabqaf8avablahmadabpag4azzcbnzanbgkqhkig9w0baqefaaobjqawgykcgyeaw uaghl14+0gwht8ls3w9l8l4mfuhtieaqccb3vlfyetxvgviwmqbh9k4hpw30hmyepsbdd+r3pst SJovcZ+FVDaSZEPZdb0WNT+7STMiV91xVTDbRK4zUGFoxUTu99CV/9nJvvHCeuNUAkJGgn9aVJh EbAJOlCaAe6BJUVKh8OUCAwEAAaNLMEkwRwYDVR0BBEAwPoAQEuQJLQYdHU8AjWEh3BZkY6EYMB YxFDASBgNVBAMTC1Jvb3QgQWdlbmN5ghAGN2wAqgBkihHPuNSqXDX0MA0GCSqGSIb3DQEBBAUAA 0EAMvQOfC24ELwXPgiXP3YrGUSAguSyNAyikMD+0wUuABAUVOwi1Orz2Y3RIGO8XIy/YBdq+2h5 mmi2cieopeo35g==</x509certificate> </X509Data> </KeyInfo> </Signature> <saml:subject> <saml:nameid Format="urn:oasis:names:tc:SAML:2.0:nameidformat:persistent">137371</saml:NameID> </saml:subject> <saml:conditions NotBefore=" T15:38:29Z" NotOnOrAfter=" T15:58:29Z"/> <saml:authnstatement AuthnInstant=" T15:48:29Z"> Page 14
15 <saml:authncontext> <saml:authncontextclassref>urn:oasis:names:tc:saml:2.0:ac:classes:internetp rotocolpassword</saml:authncontextclassref> </saml:authncontext> </saml:authnstatement> <saml:attributestatement> <saml:attribute Name="companyCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue>562</saml:attributevalue> </saml:attribute> <saml:attribute Name="userId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue>test019</saml:attributevalue> </saml:attribute> <saml:attribute Name="firstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue>test019</saml:attributevalue> </saml:attribute> <saml:attribute Name="surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue>test 119</saml:AttributeValue> </saml:attribute> <saml:attribute Name=" Address" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue>xx</saml:attributevalue> </saml:attribute> </saml:attributestatement> </saml:assertion> Page 15
16 A.3 Tusker SAML assertion statement example (with encryption) An example of a Tusker SAML Assertion with encryption is as follows: <?xml version="1.0"?> <samlp:response xmlns:samlp="urn:oasis:names:tc:saml:2.0:protocol" ID="_1c3bc6ec-7d4d-4495-a a440eb365" Version="2.0" IssueInstant=" T13:22:33Z" Destination=" <saml:issuer xmlns:saml="urn:oasis:names:tc:saml:2.0:assertion">urn:example_sso</saml:is suer> <Signature xmlns=" <SignedInfo> <CanonicalizationMethod Algorithm=" <SignatureMethod Algorithm=" <Reference URI="#_1c3bc6ec-7d4d-4495-a a440eb365"> <Transforms> <Transform Algorithm=" <Transform Algorithm=" <InclusiveNamespaces xmlns=" PrefixList="#default samlp saml ds xs xsi"/> </Transform> </Transforms> <DigestMethod Algorithm=" <DigestValue>aM8w7DRKsq3StzwwP3I9M75rb9A=</DigestValue> </Reference> </SignedInfo> <SignatureValue>fyRiC3zTTqF1FoHhtcBiQDmi7HN6p7JZdoGeBpuid/wHMX4HQmLw1SEtate /CWXSecftsOLpBN4N6kv+/6UqJlQ6x/DMsLL8KlJWFOea4RHhqEtpZOjRzRHuRJoFFIXdY=</Si gnaturevalue> <KeyInfo> <X509Data> <X509Certificate>MIIFIzCCBAugAwIBAgIRAILDN6EEyhbIIu7nP+AFaWMwDQYJKoZIhvcNAQ EFBQAwgYkxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVB AcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMS8wLQYDVQQDEyZDT01PRE8g SGlnaCBBc3N1cmFuY2UgU2VjdXJlIFNlcnZlciBDQTAeFw0wOTEyMTAwMDAwMDBaFw0xMTEyMTA ymzu5ntlamighmqswcqydvqqgewjhqjerma8ga1ueermirum0wsa4qkixdzanbgnvbagtbkxvbm RvbjEPMA0GA1UEBxMGTG9uZG9uMRswGQYDVQQJExI4IFNhbGlzYnVyeSBTcXVhcmUxDTALBgNVB AoTBEtQTUcxETAPBgNVBAsTCEVsaXRlU1NMMR4wHAYDVQQDExVwb3J0YWwucmV3YXJkd2lzZS5j b20wgz8wdqyjkozihvcnaqebbquy2vtzwn1cmvtzxj2zxjdqs5jcnqwjayikwybbquhmaggggh0 dha6ly9vy3nwlmnvbw9kb2nhlmnvbta7bgnvhreendayghvwb3j0ywwucmv3yxjkd2lzzs5jb22 CGXd3dy5wb3J0YWwucmV3YXJkd2lzZS5jb20wDQYJKoZIhvcNAQEFBQADggEBAEFp2OQeWyjTsD cxfnabenwmikesmngj5nzq6vl7owpnh0h9qi1lo998cgvjjptuvhrfbb12egffwpe00emb1f3ho cxo16yi9boo7zhiygwhs3zq4hfu6ersloi5mydopvyii0s4vpnuptrydnv3cpezmropa0lyzgzy r2uded7br5hpe8dpxyopaw5hju2szwkajy4pw9brpnhuvwxg9ccz3cqvqssyl6hh1dgkvi/zqwc zyq5r3ad43kq/6ipss12rmjiwo24kabgzdljaathyr9c+det70dx3p4gf3py171yoth9rq7w3me lkxfu3qth6ifxbhumcgvudrtg7egk=</x509certificate> </X509Data> </KeyInfo> Page 16
17 </Signature> <samlp:status> <samlp:statuscode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:status> <saml:encryptedassertion xmlns:saml="urn:oasis:names:tc:saml:2.0:assertion"> <EncryptedData xmlns=" Type=" <EncryptionMethod Algorithm=" <KeyInfo xmlns=" <EncryptedKey xmlns=" <EncryptionMethod Algorithm=" <KeyInfo xmlns=" <X509Data> <X509Certificate>MIIEFDCCA32gAwIBAgIJAPQZCazXco7WMA0GCSqGSIb3DQEBBQUAMIG0MQ swcqydvqqgewjhqjewmbqga1uecbmnsgvydgzvcmrzaglyzteqma4ga1uebxmhv2f0zm9yzdedm BsGA1UEChMUVHVza2VyZGlyZWN0IExpbWlkbWluQHR1c2tlcmRpcmVjdC5jb20wgZ8wDQYJKoZI hvcnaqebbqadgy0amigjaogbalqj2jk3nmbfq+iaiomfkospunoosyvzbwrczshjn4adtighejd EcLNuJR3AQlFsOjGjfvhupfmlNe0g5LNdRJtjf0b1z9h3sRtuHBQ1xGhNaJYOJRJVERO0/+Kn7G 1ZtQHXDzPqsafdT4AaHohvmiZdAfIVrv0k8QynM3z7Z+21AgMBAAGjggEqMIIBJjAdBgNVHQ4EF gqueljay6fddyft6wq5jrqukfral4iwgekga1udiwsb4tcb3oaueljay6fddyft6wq5jrqukfra l4khgbqkgbcwgbqxczajbgnvbaytakdcmrywfaydvqqiew1izxj0zm9yzhnoaxjlmrawdgydvqq HEwdXYXRmb3JkMR0wGwYDVQQKExRUdXNrZXJkaXJlY3QgTGltaXRlZDEMMAoGA1UECxMDU1NPMS QwIgYDVQQDExtzczRjOS5iZXRhLnR1c2tlcmRpcmVjdC5jb20xKDAmBgkqhkiG9w0BCQEWGXNzb GFkbWluQHR1c2tlcmRpcmVjdC5jb22CCQD0GQms13KO1jAMBgNVHRMEBTADAQH/MAsGA1UdDwQE AwIF4DANBgkqhkiG9w0BAQUFAAOBgQB6zr2437ZvU1eRzjyg1MkkNAuvDhKH/H9/zS9IRAlv+I2 2CeCnutBFF22L85nddTMcGuW0FCe6PREm2gsprCLDqklr193DuXI7crUDo3K0Z3atXo5+zZYg0b azjb/wui7rd/lnjhvgkcya0tv1m4l6hazclimcelmfk3srhxlpzg==</x509certificate> </X509Data> </KeyInfo> <CipherData> <CipherValue>j917khlamwwnnmbcxWDjB/bpsMuZe3G1CGV4KUFugKXbnrGnaIlG+0PSqi6mLh 3YBB+zkInotcYGPl5DEwoCsKDluXF8FQB5C/aRZpdoPDcRK76XpzyGdXo2jGxrTLyePP1/OX3XN qusqw=</ciphervalue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>vvHkABqCzjdY7wIRjtV3ZHGMZN5r2Rb+6kXZSGQGIG8oE3lktjPjngsDUHCUX3 misbqthvkf3pl/ck9ml4muvufumkhrzxtzghufhwvcv0j7/qbddrzfvtpi3zt8xpswxfojddkkt Lue23H5+/nd49JALUiK97rZwnZ6jGk52AxWjsp4D3yFt0WkUkuCoDJAZAJuXeXb99Bs532SB1P7 YaS7iPGe5XjGER6rOGOF6C05jzGQSi2BAMBxeHx6NvKSSrh+lMLGCBUvKXs4AkOjYH7S3waSgKw TshajZ4BzWGII0DjBIQ+5KFPmzySJ3LsSMUXR/sRCBrsQ4q1NEL+H202myAPi7H3w8mFehN5pD7 FtW5sr3bpd1d5WKjloPzMpjN9zpTMyiUvROmcusHwsKTvh2L6y+FKqRn7TF5S4qsN1+9KG0KTy/ PRQCcC4NmKCxXkK/HnsqfcuW0xQzjeOkpGcnO+hc8klu6qGofzYLdMIXmic5jKyjOUTtig+yzjX an+xfpy3dottndyo+hqhhmqyhbutup0qxkwueeriuwvxbwgiwkei0uu/ggablpprny2admwj5fs 1Ye++PlDU86EGy6gRh0aeYE+xQwOB5CO1m2PtgBfVZ8ED3h8lCBwUI5nbmgvB3HLQa9H35JrphD WlVj2ceB3qJAutXi8PH+uJVgCZOZMcfu7lDywvJ9l/MOxy5v49DpeEVP//H8DfSu5tRf8kBAe7g Xhecfo8khP5nvi7WSoqVhSoE5jyMI+0wAGjxDhWyTLCWxveN+bQW857Uj3vGHLEPLNtPrw3TpMa yw785lmzkt8fkfpzfhue2smw284pepmeblmcokrht9mqilzpl6vr3eyaewiv9jqi2kryqnmrnlk tfrhifean3shu+nmagjy1luif06b1n8ketxvi7jmn0xztglharq4viirupispbxveat9ek7chbl OT8OyvRLam3huO1ry1ldjPAS6bNTDkJdfvPNdHvE2cclcKrQJmKV+8Rhj6fN17AVm0iFXFn43OK KqRG5WxYyjbactjD3pnXL1lhWmPufd4Y7IZVKq70VL8UU4bzmdq61q0Gy1vkaRDLE2ZwD7O1DJx Page 17
18 DoeUkvLdwBDGyBmUFHBamUJ9g0ppH8LQHW4UGcUvTtdIeAgMGFV/4cTZ+rqMpqBSFzlT4a7H/ed HtEk3CglB2Mgfw+V5mUGxedUMaIaqwDPOc/T+PFNJzFCGrlFY+wVZiauLdXQR1shMv8Cz+A==</ CipherValue> </CipherData> </EncryptedData> </saml:encryptedassertion> </samlp:response> Page 18
MLSListings Single Sign On Implementation Guide. Compatible with MLSListings Applications
MLSListings Single Sign On Implementation Guide Compatible with MLSListings Applications February 2010 2010 MLSListings Inc. All rights reserved. MLSListings Inc. reserves the right to change details in
More informationDocuSign Information Guide. Single Sign On Functionality. Overview. Table of Contents
DocuSign Information Guide Single Sign On Functionality Overview The DocuSign Single Sign On functionality allows your system administrators to maintain user information in one location and your users
More informationConfiguring SAML2 for Single Sign-On to Smartsheet (Enterprise Only)
Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only) This document is intended for technical professionals who are familiar with SAML and have access to the Identity Provider that will
More informationSingle Sign-On Implementation Guide
Single Sign-On Implementation Guide Salesforce, Winter 16 @salesforcedocs Last updated: November 4, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark
More informationSingle Sign-On Implementation Guide
Single Sign-On Implementation Guide Salesforce, Summer 15 @salesforcedocs Last updated: July 1, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of
More informationSingle Sign-On Implementation Guide
Version 27.0: Spring 13 Single Sign-On Implementation Guide Last updated: February 1, 2013 Copyright 2000 2013 salesforce.com, inc. All rights reserved. Salesforce.com is a registered trademark of salesforce.com,
More informationConfiguring SAML2 for Single Sign-On to Smartsheet (Enterprise Only)
Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only) This document is intended for technical professionals who are familiar with SAML and have access to the Identity Provider that will
More informationWeb Access Management and Single Sign-On
Web Access Management and Single Sign-On Ronnie Dale Huggins In the old days of computing, a user would sit down at his or her workstation, login to the desktop, login to their email system, perhaps pull
More informationEncryption, Signing and Compression in Financial Web Services
Danske Bank Encryption, Signing and Compression in Financial Web Services Details of how to call the Danske Bank financial web service Version 2.4.7 Encryption, Signing and Compression in Financial Web
More informationWeb Single Sign-On Authentication using SAML
IJCSI International Journal of Computer Science Issues, Vol. 2, 2009 ISSN (Online): 1694-0784 ISSN (Print): 1694-0814 41 Web Single Sign-On Authentication using SAML Kelly D. LEWIS, James E. LEWIS, Ph.D.
More informationSingle Sign on Using SAML
Single Sign on Using SAML Priyank Rajvanshi, Subhash Chand Gupta Abstract- With the proliferation of SaaS and other web-based applications, identity management is becoming a major concern for businesses.
More informationVETUMA SAML SAMPLE MESSAGES
Page 1 Version: 3.5 4.11.2015 VETUMA SAML SAMPLE MESSAGES 1 (7) Page 2 Version: 3.5 4.11.2015 Table of Contents 1. Introduction... 3 2. Authentication... 4 2.1 Single sign-on... 4 2.1.1 Request message...
More informationOIOIDWS for Healthcare Token Profile for Authentication Tokens
OIOIDWS for Healthcare Token Profile for Authentication Tokens Common Web Service Profile for Healthcare in the Danish Public Sector, version 2.0 Content Document History...3 Introduction...4 Notation...
More informationNational Identity Exchange Federation. Web Browser User-to-System Profile. Version 1.0
National Identity Exchange Federation Web Browser User-to-System Profile Version 1.0 August 18, 2014 Table of Contents TABLE OF CONTENTS 1 1. TARGET AUDIENCE AND PURPOSE 2 2. TERMINOLOGY 2 3. REFERENCES
More informationSAML Profile for SSO in Danish Public Sector V2.0 Assertion Examples,
> SAML Profile for SSO in Danish Public Sector V2.0 Assertion Examples, Version 1.1 IT- og Telestyrelsen, Center for Serviceorienteret Infrastruktur August 2007 1 Introduction This non-normative document
More informationStandalone SAML Attribute Authority With Shibboleth
CESNET Technical Report 5/2013 Standalone SAML Attribute Authority With Shibboleth IVAN NOVAKOV Received 10. 12. 2013 Abstract The article defines what a standalone attribute authority is and how it can
More informationSingle Sign-On Implementation Guide
Salesforce.com: Salesforce Winter '09 Single Sign-On Implementation Guide Copyright 2000-2008 salesforce.com, inc. All rights reserved. Salesforce.com and the no software logo are registered trademarks,
More informationSetting Up Federated Identity with IBM SmartCloud
White Paper March 2012 Setting Up Federated Identity with IBM SmartCloud 2 Setting Up Federated Identity with IBM SmartCloud Notices Contents International Business Machines Corporation provides this publication
More informationFeide Technical Guide. Technical details for integrating a service into Feide
Feide Technical Guide Technical details for integrating a service into Feide May 2015 Document History Version Date Initials Comments 1.0 Nov 2009 TG First issue 1.2 Nov 2009 TG Added SLO description 1.3
More informationShibboleth Architecture
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Shibboleth Architecture Technical Overview Working Draft 02, 8 June 2005 Document identifier: draft-mace-shibboleth-tech-overview-02 Location: http://shibboleth.internet2.edu/shibboleth-documents.html
More informationSAML Security Analysis. Huang Zheng Xiong Jiaxi Ren Sijun
SAML Security Analysis Huang Zheng Xiong Jiaxi Ren Sijun outline The intorduction of SAML SAML use case The manner of SAML working Security risks on SAML Security policy on SAML Summary my course report
More informationSAML Single-Sign-On (SSO)
C O L A B O R A T I V E I N N O V A T I O N M A N A G E M E N T Complete Feature Guide SAML Single-Sign-On (SSO) 1. Features This feature allows administrators to setup Single Sign-on (SSO) integration
More informationSSO Eurécia. and external Applications. Purpose
SSO Eurécia Purpose This document describes the way to manage SSO connection and external applications. The users logged to the external application by entering his credentials then access to Eurécia without
More informationWeb Services Security: SAML Token Profile 1.1
1 2 3 4 5 6 7 8 9 10 11 12 13 Web Services Security: SAML Token Profile 1.1 OASIS Standard, 1 February 2006 Document Identifier: wss-v1.1-spec-os-samltokenprofile OASIS Identifier: {WSS: SOAP Message Security
More informationSecure Envelope specification
Secure Envelope specification for Corporate Access File Transfer 2/13/2015 Version 1.0.3 This document defines how a file (e.g. a payment file) which will be sent to the bank is digitally signed by the
More information23.11.2012 Martin Käser. Single Sign-on mit OpenSAML
23.11.2012 Martin Käser Single Sign-on mit OpenSAML SAML Überblick l SAML = Security Assertion Markup Language v1.1 OASIS Standard 2003 v2.0 OASIS Standard 2005 l Rollen: User agent (Principal) Identity
More informationSecurity Assertion Markup Language (SAML)
CS 595G 02/14/06 Security Assertion Markup Language (SAML) Vika Felmetsger 1 SAML as OASIS Standard OASIS Open Standard SAML V2.0 was approved in March, 2005 Blending of two earlier efforts on portable
More informationOpen Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO April 19, 2008 Pat Patterson Federation Architect pat.patterson@sun.com blogs.sun.com/superpat Agenda Web Access Management > The Problem > The Solution >
More informationQualtrics Single Sign-On Specification
Qualtrics Single Sign-On Specification Version: 2010-06-25 Contents Introduction... 2 Implementation Considerations... 2 Qualtrics has never been used by the organization... 2 Qualtrics has been used by
More informationORACLE TALEO BUSINESS EDITION SINGLE SIGN ON SERVICE PROVIDER REFERENCE GUIDE RELEASE 15.A2
ORACLE TALEO BUSINESS EDITION SINGLE SIGN ON SERVICE PROVIDER REFERENCE GUIDE RELEASE 15.A2 APR. 17 TH., 2015 Part Number: E50271-02 Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores,
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationXML Encryption Syntax and Processing. Duan,Limiao 07,12,2006
XML Encryption Syntax and Processing Duan,Limiao 07,12,2006 Agenda Introduction Encryption Overview and Examples - An XML Element - XML Element Content (Elements) - XML Element Content (Character Data)
More informationBy Koji MIYAUCHI* ABSTRACT. XML is spreading quickly as a format for electronic documents and messages. As a consequence,
Falsification Prevention and Protection Technologies and Products XML Signature/Encryption the Basis of Web Services Security By Koji MIYAUCHI* XML is spreading quickly as a format for electronic documents
More informationHow To Make A Multi-Party Communication Secure On A Microsoft Cloud (Minware) System (Plm) (For Free) (Power) (Web) (Netware) (Cloud) (Monetar) (Free) (
Nicolai M. Josuttis IT-communication.com Stand: 12/09 2009 by IT-communication.com 1 Independent consultant continuously learning since 1962 Nicolai M. Josuttis Systems Architect, Technical Manager finance,
More informationSecurity Assertion Markup Language (SAML) 2.0 Technical Overview
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Security Assertion Markup Language (SAML) 2.0 Technical Overview Working Draft 03, 20 February 2005 Document identifier:
More informationINUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE
INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user
More informationFederation architectures for mobile applications OAuth 2.0 Drivers OAuth 2.0 Overview Mobile walkthrough
Agenda Federation architectures for mobile applications OAuth 2.0 Drivers OAuth 2.0 Overview Mobile walkthrough Enter OAuth 2.0 Defines authorization & authentication framework for RESTful APIs An open
More informationHow To Use Saml 2.0 Single Sign On With Qualysguard
QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,
More informationBiometric Single Sign-on using SAML Architecture & Design Strategies
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan Java Technology Architect Sun Microsystems Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand
More informationSecurity Assertion Markup Language (SAML) V2.0 Technical Overview
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 Security Assertion Markup Language (SAML) V2.0 Technical Overview Working Draft 10, 9 October 2006 Document
More informationSAML Authentication within Secret Server
SAML Authentication within Secret Server Secret Server allows the use of SAML Identity Provider (IdP) authentication instead of the normal authentication process for single sign-on (SSO). To do this, Secret
More informationIBM WebSphere Application Server
IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application
More informationMONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY. ASR 2006/2007 Final Project. Supervisers: Maryline Maknavicius-Laurent, Guy Bernard
MONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY ASR 2006/2007 Final Project Supervisers: Maryline Maknavicius-Laurent, Guy Bernard Federated Identity Project topic Superviser: Maryline Maknavicius
More informationADFS Integration Guidelines
ADFS Integration Guidelines Version 1.6 updated March 13 th 2014 Table of contents About This Guide 3 Requirements 3 Part 1 Configure Marcombox in the ADFS Environment 4 Part 2 Add Relying Party in ADFS
More informationConfiguring ADFS 3.0 to Communicate with WhosOnLocation SAML
Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML --------------------------------------------------------------------------------------------------------------------------- Contents Overview...
More informationРазработка программного обеспечения промежуточного слоя. TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet
Разработка программного обеспечения промежуточного слоя TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet Contents - SURFnet Middleware Services department: - eduroam, SURFfederatie,
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationWeb Services. Web Service Security. Copyright 2010 Davide Cerri & Srdjan Komazec
Web Services Web Service Security Copyright 2010 Davide Cerri & Srdjan Komazec 1 Where Are We? # Title 1 Distributed Information Systems 2 Middleware 3 Web Technologies 4 Web Services 5 Basic Web Service
More informationHow to create a SP and a IDP which are visible across tenant space via Config files in IS
How to create a SP and a IDP which are visible across tenant space via Config files in IS This Documentation is explaining the way to create a SP and IDP which works are visible to all the tenant domains.
More informationSAML (Security Assertion Markup Language) Security Model for RESTful Web Services
SAML (Security Assertion Markup Language) Security Model for RESTful Web Services By: Shazia Sadiq 352-FBAS/MSCS/F07 Supervised by: Prof Dr.Muhammad Sher Department of Computer Science and Software Engineering
More informationMcAfee Cloud Identity Manager
NetSuite Cloud Connector Guide McAfee Cloud Identity Manager version 2.0 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,
More informationOkta/Dropbox Active Directory Integration Guide
Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for
More informationIAM Application Integration Guide
IAM Application Integration Guide Date 03/02/2015 Version 0.1 DOCUMENT INFORMATIE Document Title IAM Application Integration Guide File Name IAM_Application_Integration_Guide_v0.1_SBO.docx Subject Document
More informationFederal Identity, Credential, and Access Management Security Assertion Markup Language (SAML) 2.0 Web Browser Single Sign-on (SSO) Profile
Federal Identity, Credential, and Access Management Security Assertion Markup Language (SAML) 2.0 Web Browser Single Sign-on (SSO) Profile Version 1.0 September 27, 2010 Document History This is the first
More informationMicrosoft Active Directory Oracle Enterprise Gateway Integration Guide
An Oracle White Paper May 2011 Microsoft Active Directory Oracle Enterprise Gateway Integration Guide 1/33 Disclaimer The following is intended to outline our general product direction. It is intended
More informationThis Working Paper provides an introduction to the web services security standards.
International Civil Aviation Organization ATNICG WG/8-WP/12 AERONAUTICAL TELECOMMUNICATION NETWORK IMPLEMENTATION COORDINATION GROUP EIGHTH WORKING GROUP MEETING (ATNICG WG/8) Christchurch New Zealand
More information2015-11-30. Web Based Single Sign-On and Access Control
0--0 Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationOIOSAML 2.0 Toolkits Test results May 2009
OIOSAML 2.0 Toolkits Test results May 2009 5. September 2008 - Søren Peter Nielsen: - Lifted and modified from http://docs.google.com/a/nemsso.info/doc?docid=dfxj3xww_7d9xdf7gz&hl=en by Joakim Recht 12.
More informationOn Breaking SAML: Be Whoever You Want to Be OWASP 7.11.2012. The OWASP Foundation http://www.owasp.org. Juraj Somorovsky and Christian Mainka
On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky and Christian Mainka 7.11.2012 Horst-Görtz Institute for IT-Security Ruhr-University Bochum Copyright The Foundation Permission is granted to
More informationKantara egov and SAML2int comparison
Kantara egov and SAML2int comparison 17.8.2010/mikael.linden@csc.fi This document compares the egovernment Implementation profile of SAML 2.0, created by the egovernment WG of Kantara Initiative, and the
More informationSecuring Web Services with WS-Security
Securing Web Services with WS-Security Demystifying WS-Security, WS-Policy, SAML, XML Signature and XML Encryption jothy Rosenberg David L. Remy SAMS Sams Publishing, 800 East 96th Street, Indianapolis,
More informationPHP Integration Kit. Version 2.5.1. User Guide
PHP Integration Kit Version 2.5.1 User Guide 2012 Ping Identity Corporation. All rights reserved. PingFederate PHP Integration Kit User Guide Version 2.5.1 December, 2012 Ping Identity Corporation 1001
More informationIntegration Overview. Web Services and Single Sign On
Integration Overview Web Services and Single Sign On Table of Contents Overview...3 Quick Start 1-2-3...4 Single Sign-On...6 Background... 6 Setup... 6 Programming SSO... 7 Web Services API...8 What is
More informationDepartment Service Integration with e-pramaan
Department Service Integration with e-pramaan How to integrate a PHP Application PHP specific integration details are provided in this document. Read e-pramaan Departments Integration Document before proceeding.
More informationSAML basics A technical introduction to the Security Assertion Markup Language
SAML basics A technical introduction to the Security Assertion Markup Language WWW2002 Eve Maler, XML Standards Architect XML Technology Center Sun Microsystems, Inc. Agenda The problem space SAML concepts
More informationOnline signature API. Terms used in this document. The API in brief. Version 0.20, 2015-04-08
Online signature API Version 0.20, 2015-04-08 Terms used in this document Onnistuu.fi, the website https://www.onnistuu.fi/ Client, online page or other system using the API provided by Onnistuu.fi. End
More informationFederal Identity, Credentialing, and Access Management Security Assertion Markup Language (SAML) 2.0 Web Browser Single Sign-on (SSO) Profile
Federal Identity, Credentialing, and Access Management Security Assertion Markup Language (SAML) 2.0 Web Browser Single Sign-on (SSO) Profile Version 1.0.2 December 16, 2011 Document History Status Release
More informationPractical Security Evaluation of SAML-based Single Sign-On Solutions
Practical Security Evaluation of SAML-based Single Sign-On Solutions Vladislav Mladenov, Andreas Mayer, Marcus Niemietz, Christian Mainka, Florian Feldmann, Julian Krautwald, Jörg Schwenk 1 Single Sign-On
More informationGetting Started with AD/LDAP SSO
Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories
More informationOpenSSL (lab notes) Definition: OpenSSL is an open-source library containing cryptographic tools.
Network security MSc IDL (GLIA) and MSc HIT / Isima Academic year 2012-2013 OpenSSL (lab notes) Definition: OpenSSL is an open-source library containing cryptographic tools. 1. OpenSSL usage Exercice 1.1
More informationSalesforce1 Mobile Security Guide
Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationSAML 2.0 INT SSO Deployment Profile
1 2 3 4 5 6 SAML 2.0 INT 7 8 9 Version: 0.1 Date: 2011-12-2 10 Editor: TBD 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Contributors: The full list of contributors can be referenced here: URL Status: This
More informationitds OAuth Integration Paterva itds OAuth Integration Building and re-using OAuth providers within Maltego 2014/09/22
Paterva itds OAuth Integration itds OAuth Integration Building and re-using OAuth providers within Maltego AM 2014/09/22 Contents Maltego OAuth Integration... 3 Introduction... 3 OAuth within the Maltego
More informationUnifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway
Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...
More informationCA Nimsoft Service Desk
CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationSingle Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites
Single Sign On (SSO) Implementation Manual For Connect 5 & MyConnect Sites Version 6 Release 5.7 September 2013 1 What is Blackboard Connect Single Sign On?... 3 How it Works... 3 Drawbacks to Using Single
More informationWebService Security. A guide to set up highly secured client-server communications using WS-Security extensions to the SOAP protocol
WebService Security A guide to set up highly secured client-server communications using WS-Security extensions to the SOAP protocol Jam Hamidi Senior Technical Analyst BCcampus, Victoria, British Columbia,
More informationSingle Sign-on. Overview. Using SSO with the Cisco WebEx and Cisco WebEx Meeting. Overview, page 1
Overview, page 1 Using SSO with the Cisco WebEx and Cisco WebEx Meeting Applications, page 1 Requirements, page 2 Configuration of in Cisco WebEx Messenger Administration Tool, page 3 Sample Installation
More informationKMx Enterprise: Integration Overview for Member Account Synchronization and Single Signon
KMx Enterprise: Integration Overview for Member Account Synchronization and Single Signon KMx Enterprise includes two api s for integrating user accounts with an external directory of employee or other
More informationBrainshark/Salesforce.com Integration Installation Procedures
Page1 Brainshark/Salesforce.com Integration Installation Procedures The Brainshark/Salesforce integration allows Salesforce users to send emails containing links to Brainshark presentations from a contact
More informationSingle Sign-On Scheme using XML for Multimedia Device Control in Children s Game Network based on OSGi service Platform
Single Sign-On Scheme using XML for Multimedia Device Control in Children s Game Network based on OSGi service Platform Dongkyoo Shin and Dongil Shin Department of Computer Engineering, Sejong University
More informationCICS Identity and Security
CICS Identity and Security Leigh Y Compton IBM zgrowth Team Insert Custom Session QR if Desired. lcompton@us.ibm.com Abstract User identity and security is critical to businesses today. This session will
More informationUsing Foundstone CookieDigger to Analyze Web Session Management
Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.
More informationSECURITY FOR XML MESSAGES
EAN UCC Implementation Guidelines ebmethodology Group Working Group 4 - WG4 DOCUMENT STATUS: DISCUSSION DRAFT DOCUMENT 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationDepartment Service Integration with e-pramaan
Department Service Integration with e-pramaan How to integrate a.net Application.NET specific integration details are provided in this document. Read e-pramaan Departments Integration Document before proceeding.
More informationGENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK
Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment 29.4.2008 Jyväskylä University Department of Computer Science
More informationAS DNB banka. DNB Link specification (B2B functional description)
AS DNB banka DNB Link specification (B2B functional description) DNB_Link_FS_EN_1_EXTSYS_1_L_2013 Table of contents 1. PURPOSE OF THE SYSTEM... 4 2. BUSINESS PROCESSES... 4 2.1. Payment for goods and services...
More informationGFIPM Web Browser User-to-System Profile Version 1.2
About the Document Justice organizations are looking for ways to provide secured access to multiple agency information systems with a single logon. The Global Federated Identity and Privilege Management
More informationSAML and XACML Overview. Prepared by Abbie Barbir, abbieb@nortel.com Nortel Canada April 25, 2006
SAML and XACML Overview Prepared by Abbie Barbir, abbieb@nortel.com Nortel Canada April 25, 2006 Acknowledgements Some slides are provided by > Eve Maler, Sun Microsystems > Hal Lockhart, BEA 2 Agenda
More informationHTTPS Configuration for SAP Connector
HTTPS Configuration for SAP Connector 1993-2015 Informatica LLC. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) without
More informationHP Software as a Service
HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty
More informationSingle Sign-On in PHP & HATS Applications using Hashed Cookies
Single Sign-On in PHP & HATS Applications using Hashed Cookies Royal Cyber Inc. Modernized e-business solutions 1 Modernized e-business solutions Royal Cyber Inc. Overview This white paper focuses on how
More informationHow to Order and Install Odette Certificates. Odette CA Help File and User Manual
How to Order and Install Odette Certificates Odette CA Help File and User Manual 1 Release date 28.07.2014 Contents Preparation for Ordering an Odette Certificate... 3 Step 1: Prepare the information you
More informationHP ProtectTools Embedded Security Guide
HP ProtectTools Embedded Security Guide Document Part Number: 364876-001 May 2004 This guide provides instructions for using the software that allows you to configure settings for the HP ProtectTools Embedded
More informationJVA-122. Secure Java Web Development
JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard
More informationCMP3002 Advanced Web Technology
CMP3002 Advanced Web Technology Assignment 1: Web Security Audit A web security audit on a proposed eshop website By Adam Wright Table of Contents Table of Contents... 2 Table of Tables... 2 Introduction...
More informationMcAfee Cloud Identity Manager
SAML2 Cloud Connector Guide McAfee Cloud Identity Manager version 1.2 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,
More information