Identity Management. (Re)discovering authorization APIs and LDAP model binding. Clément OUDOT
|
|
- Peregrine Potter
- 8 years ago
- Views:
Transcription
1 Identity Management (Re)discovering authorization APIs and LDAP model binding Clément OUDOT OpenWorldForum - 01/12/2008
2 Speaker Clément OUDOT Work for LINAGORA Group since 2003 Take part in important LDAP projects (eg: Ministry of Finance LDAP migration) FederID Project leader Involved in many IAM free softwares : - LemonLDAP::NG - InterLDAP - LSC project - charge - OpenLDAP Technical expert for LinID, the LINAGORA IAM and Federation suite Page 2
3 LINAGORA Group With more than 160 employees, agencies in Paris, Bruxelles, San Francisco, Lyon, Marseille and Toulouse, LINAGORA Group is a French leader in free software and wishes to become one of the most important European company in this part of the IT market. Group LINAGORA defines itself as Service Oriented Editor (an SOE). Its goals : - to develop Free Software with its R&D team ; - to become a trusted bridge between Open Source communities or editors and customers/users ; - to sell them an Open Source Software Assurance ; - and finally, to be an Open Source expert. Page 3
4 IAM: a question of Identity A digital entity is a set of attributes describing an entity A subset named credentials are used for authentication An entity (a user) can own many identities Each identity has roles and rights within an application (service provider) Page 4
5 IAM: a question of Identity Services provider manage the identities : - For a service provider : 1 user = 1 identity - For an user : 1 service = 1 identity Page 5
6 IAM: a question of Identity We need Identity Management! - Referential of identities (LDAP Directory) - Provisioning services - Access control on data (LDAP ACLs) - Access control on applications (SSO rules) We need Identity Federation! - Keep different identities for private life purpose - Federate accounts to benefits from other services Page 6
7 Why use LDAP? LDAP directories: - Hierachical view - Object data model - Integrated security functions (bind, SASL, TLS) - STANDARD (LDAPv3 in 1998) - Speed, scalability, duplication,... A big offer in Open Source: - OpenLDAP - ApacheDS - OpenDS (SUN) - Fedora Directory Server - Madriva Directory Server Page 7
8 Federation standards Parallel standards: - Liberty Alliance : ID-FF, ID-WSF, ID-SIS - Shibboleth (Internet2) - WS-* (Microsoft) - SAML (OASIS) - OpenID (the newcomer) Standards convergence: - Shibboleth and Liberty Alliance will share a common standard: SAML 2.0 Page 8
9 Authorization? Authorization come after authentication Authorization covers : - Access to data - Access to applications But applications have access to data... Page 9
10 Access to data Scope : - Publish information for employees (white pages/yellow pages) - Edit information (self-service/administration) - Authentication Problem: how describe relations between actors, targets and operations? Each directory product provides its own way of writing Access Control Lists (ACLs) InterLDAP suggest one solution : LDAP Query Language (LQL) Page 10
11 LDAP Query Language For reading only Doing searches on results of a primary search LQL request can be stored as an LDAP attribute value LQL example : attribute(attribute(sup(search(ou=structs,$namingcontext, $targetrdn),1),manager),cn) Page 11
12 LDAP Query Language LQL functions: - search/list/read (DN, FILTER) - sup (DN, N): raise the tree from DN for N levels - fsup (BASE, FILTER): return the first parent of BASE selected by FILTER - and/or: union/intersection - group (DNGROUP, DNMEMBER): check if DNMEMBER belongs to DNGROUP - concat: strings concatenation Page 12
13 LDAP Query Language And some variables: - $namingcontext: suffix of the tree. - $targetdn: DN targeted by the operation. - $targetrdn: RDN targeted by the operation. - $authordn: DN of the author of the operation (as it is bound on the directory). - $authorrdn: RDN of the author of the operation. Page 13
14 LDAP Query Language LQL used to configure InterLDAP-WUI authorization framework (XML) Example : <property name="name" value="interldapdemousager_r_self"/> <property name="module" value=""/> <property name="relation"><value><![cdata[ list("${ldap.interldapdemo.usagers.ou}", "(&(mail=$principalrdn) (mail=$targetrdn))" ); ]]></value></property> <property name="targetdn" value="${ldap.interldapdemo.usagers.ou}"/> <property name="rights" value="r"/> <property name="attributes"> <list> <value>mail</value> <value>cn</value> </list> </property> Page 14
15 LinID Content Manager Page 15
16 Main components Page 16
17 Screen shot of LinID Content Manager Page 17
18 Some interesting LDAP controls Proxy-Authz control: - Before this control, need to maintain a connection on the directory per user - Now, we can use pool of connection with rootdn binds + Proxy-Authz No-op control: - Goal: know if a user can write before writing! - Need to test the alternative 'Get effective rights' Page 18
19 Access to application Legacy applications: authorize by creating/deleting accounts Open Web Applications: authorize by delegating authentication and authorization to a dedicated service : - WebSSO server - Federation Identity Provider LinID Access Manager (LemonLDAP::NG) offers a full WebSSO service, linked to LDAP directory to manage authentication and authorization : - LDAP native authentication - LDAP filters or LDAP groups to manage authorizations - LDAP Password Policy LemonLDAP::NG can delegate its own authentication to Kerberos, SSL, Liberty Alliance... Page 19
20 How WebSSO works Page 20
21 LinID Access Manager Page 21
22 Screen shot a WebSSO Manager Page 22
23 Federation standards Parallel standards: - Liberty Alliance : ID-FF, ID-WSF, ID-SIS - Shibboleth (Internet2) - WS-* (Microsoft) - SAML (OASIS) - OpenID (the newcomer) Standards convergence: - Shibboleth and Liberty Alliance will share a common standard: SAML 2.0 Page 23
24 Liberty Alliance Grounded in 2001 by SUN and 13 others partners More than 150 members Goals: - Open Federation Standard - Respect of private life in numeric space 3 frameworks: - ID-FF (Federation Framework) [now SAML 2.0]: SSO, SLO,... - ID-WSF (Web Services Framework): attributes sharing,... - ID-SIS (Service Interface Specifications): services interactions,... Page 24
25 A simple Liberty Alliance Circle of Trust (CoT) Service Provider Identity Provider User interaction Web service Page 25 Attributes Provider Service Provider
26 Identity federation workflow Page 26
27 More than one circle of trust User interaction Web service Page 27
28 LinID Federation Manager Page 28
29 Sample architecture (FederID project) Content Management [WUI] Identity Provider Authentic LDAP Directory Attribute Provider [LAAP] Circle of Trust SSO & Authorizations Standard Web application Page 29 Standard Web application Service Provider
30 Thanks for your attention
From centralized to single sign on
The LemonLDAP::NG project Abstract LemonLDAP::NG is a modular WebSSO (Web Single Sign On) software based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the
More informationFederated Identity Management Solutions
Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single
More informationFederated Identity Architectures
Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,
More informationBOF2337 Open Source Identity and Access Management Expert Panel, Part II. 23 September 2013 5:30p Hilton - Golden Gate 6/7/8 San Francisco CA
Open Source Identity and Access Management Expert Panel, Part II 23 September 2013 5:30p Hilton - Golden Gate 6/7/8 San Francisco CA slide 2 Expert Panel Emmanuel Lécharny, Apache Software Foundation Howard
More informationAuthentication Integration
Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication
More informationEnabling SAML for Dynamic Identity Federation Management
Enabling SAML for Dynamic Identity Federation Management Patricia Arias, Florina Almenárez, Andrés Marín and Daniel Díaz-Sánchez University Carlos III of Madrid http://pervasive.gast.it.uc3m.es/ WMNC 2009
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationLiberty Alliance. What's After Federation. Fulup Ar Foll Master Architect Sun Microsystems
Liberty Alliance What's After Federation Fulup Ar Foll Master Architect Sun Microsystems What's About Federation Federation of providers (CoT), a group of entities providing services who signed agreement,
More informationIdentity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH
Identity opens the participation age Open Web Single Sign- On und föderierte SSO Dr. Rainer Eschrich Program Manager Identity Management Sun Microsystems GmbH Agenda The Identity is the Network Driving
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationLSC @ LDAPCON. 2011. Sébastien Bahloul
LSC @ LDAPCON. 2011 Sébastien Bahloul About me Developer and software architect 10 years experience in IAM Recently hired as product manager by a French security editor, Dictao, providing : personal and
More informationRSA Solution Brief. Federated Identity Manager RSA. A Technical Overview. RSA Solution Brief
RSA Federated Identity Manager A Technical Overview Federated identity management extends the management of digital identities for authorization and access beyond domain and corporate boundaries to externally
More informationLinShare offer. Presentation. February 2014. Secure file sharing. LinShare 1.5
LinShare offer Secure file sharing Presentation. February 2014. LinShare 1.5 LINAGORA: Presentation of the enterprise Software and services to win the Free Open Source big projects Turnover (M ) People
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.
More informationApproaches to Enterprise Identity Management: Best of Breed vs. Suites
Approaches to Enterprise Identity Management: Best of Breed vs. Suites 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Executive Summary 1 3 Background 2 3.1 Enterprise Identity
More informationOpen Source Identity Management
Open Source Management OpenAlt 2015 Radovan Semančík November 2015 Ing. Radovan Semančík, PhD. Software architect Co-owner of Evolveum (open source company) Architect of midpoint project Apache committer
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES
pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon
More informationBOF4803 Open source identity and access management. 1 October 2012 5:30p San Francisco CA
Open source identity and access management 1 October 2012 5:30p San Francisco CA slide 2 Expert Panel Ludovic Poitou, ForgeRock Matt Hardin, Symas Pascal Jakobi, Thales Group Shawn McKinney, JoshuaTree
More informationUpgrading User-ID. Tech Note PAN-OS 4.1. 2011, Palo Alto Networks, Inc.
Upgrading User-ID Tech Note PAN-OS 4.1 Revision B 2011, Palo Alto Networks, Inc. Overview PAN-OS 4.1 introduces significant improvements in the User-ID feature by adding support for multiple user directories,
More informationIntroduction to Identity and Access Management for the engineers. Radovan Semančík April 2014
Introduction to Identity and Access Management for the engineers Radovan Semančík April 2014 How it works now? Manager Admin Login Users Login Admin Login Login Login Theory Manager Admin Forgot password
More informationFederated Identity for Cloud Computing and Cross-organization Collaboration
Federated Identity for Cloud Computing and Cross-organization Collaboration Steve Moitozo Strategy and Architecture SIL International 20110616.2 (ICCM) Follow me @SteveMoitozo2 2 Huge Claims You want federated
More informationUsing LDAP Authentication in a PowerCenter Domain
Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,
More informationSetting up LDAP settings for LiveCycle Workflow Business Activity Monitor
Adobe Enterprise & Developer Support Knowledge Article ID: c4715 bc Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor In addition to manually creating users and user permissions,
More informationFederated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.
PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading
More informationSingle Sign-On: Reviewing the Field
Outline Michael Grundmann Erhard Pointl Johannes Kepler University Linz January 16, 2009 Outline 1 Why Single Sign-On? 2 3 Criteria Categorization 4 Overview shibboleth 5 Outline Why Single Sign-On? Why
More informationLes technologies de gestion de l identité
Commission Identité Numérique Groupe de travail Gestion des identités Les technologies de gestion de l identité ATELIER 1 Paul TREVITHICK, CEO de Parity Responsable projet Higgins Président Fondation Infocard
More informationLDAP Directory Integration with Cisco Unity Connection
CHAPTER 6 LDAP Directory Integration with Cisco Unity Connection The Lightweight Directory Access Protocol (LDAP) provides applications like Cisco Unity Connection with a standard method for accessing
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities. With so
More informationSpring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious
Spring Security 3 Secure your web applications against malicious intruders with this easy to follow practical guide Peter Mularien rpafktl Pen source cfb II nv.iv I I community experience distilled
More informationSecuring Enterprise: Employability and HR
1 Securing Enterprise: Employability and HR Federation and XACML as Security and Access Control Layer Open Standards Forum 2 Employability and HR Vertical Multiple Players - Excellent case for federation
More informationIn this chapter, we will introduce works related to our research. First, we will
Chapter 2 Related Works In this chapter, we will introduce works related to our research. First, we will present the basic concept of directory service and Lightweight Directory Access Protocol (LDAP).
More informationAPI-Security Gateway Dirk Krafzig
API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing
More informationWeb Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.
Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On
More informationConfiguring and Using the TMM with LDAP / Active Directory
Configuring and Using the TMM with LDAP / Active Lenovo ThinkServer April 27, 2012 Version 1.0 Contents Configuring and using the TMM with LDAP / Active... 3 Configuring the TMM to use LDAP... 3 Configuring
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationLinuxCon North America
LinuxCon North America Enterprise Identity Management with Open Source Tools Dmitri Pal Sr. Engineering Manager Red Hat, Inc. 09.16.2013 Context What is identity management? 2 LinuxCon North America Context
More informationFederation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015
Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding
More informationResearch and Implementation of Single Sign-On Mechanism for ASP Pattern *
Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Bo Li, Sheng Ge, Tian-yu Wo, and Dian-fu Ma Computer Institute, BeiHang University, PO Box 9-32 Beijing 100083 Abstract Software
More informationSecuring WebFOCUS A Primer. Bob Hoffman Information Builders
Securing WebFOCUS A Primer Bob Hoffman Information Builders 1 Agenda Gain an understanding of the WebFOCUS Architecture Where can security be implemented? Review the internal WebFOCUS repository and resource
More informationGetting Started with Clearlogin A Guide for Administrators V1.01
Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality
More informationSCUR203 Why Do We Need Security Standards?
SCUR203 Why Do We Need Security Standards? Cristina Buchholz Product Security, SAP Learning Objectives As a result of this workshop, you will be able to: Recognize the need for standardization Understand
More informationAbout Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack
Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer
More informationPrepared by Enea S.Teresa (Italy) Version 1.0 2006-October 24
Mersea Information System: an Authentication and Authorization System to access distributed oceanographic data. Prepared by Enea S.Teresa (Italy) Version 1.0 2006-October 24 Revision History Date Version
More informationShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie
ShibboLEAP Project Final Report: School of Oriental and African Studies (SOAS) Colin Rennie May 2006 Shibboleth Implementation at SOAS Table of Contents Introduction What this document contains Who writes
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationSAML, The Liberty Alliance, and Federation* Eve Maler eve.maler@sun.com http://www.xmlgrrl.com/blog
SAML, The Liberty Alliance, and Federation* Eve Maler eve.maler@sun.com http://www.xmlgrrl.com/blog IIWb, Mountain View, CA, 4 December 2006 1 When you distribute identity tasks and information in the
More informationDistributed Identity Management Model for Digital Ecosystems
International Conference on Emerging Security Information, Systems and Technologies Distributed Identity Management Model for Digital Ecosystems Hristo Koshutanski Computer Science Department University
More informationEnabling Applications to Use Your Identity Management System
Enabling Applications to Use Your Identity Management System Or Why Mark began losing his hair at age 23 Mark Earnes# The Pennsylvania State University Where We Are Coming From Authentication: Kerberos
More informationIdentity Management. Critical Systems Laboratory
Identity Management Critical Systems What is Identity Management? Identity: a set of attributes and values, which might or might not be unique Storing and manipulating identities Binding virtual identities
More informationNew Generation of Liberty. for Enterprise. Fulup Ar Foll, Sun Microsystems Fulup@sun.com
New Generation of Liberty TEG Federated Progress Architecture Update for Enterprise Fulup Ar Foll, Sun Microsystems fulup@sun.com 1 Identity Framework Problematic User Seamless (nothing is too simple)
More informationLDaemon. This document is provided as a step by step procedure for setting up LDaemon and common LDaemon clients.
LDaemon This document is provided as a step by step procedure for setting up LDaemon and common LDaemon clients. LDaemon... 1 What you should know before installing LDaemon:... 2 ACTIVE DIRECTORY... 2
More informationIBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide
IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices
More informationPick an Identity and Access Management Standard, Any
Pick an Identity and Access Management Standard, Any Standard Andras Cser Principal Analyst Forrester Research, Inc. O l F d ti I C bl f Only Federation Is Capable of Meeting the Identity and Access Management
More informationMobile Devices: Server and Management Lesson 06 Device Management
Mobile Devices: Server and Management Lesson 06 Device Management Oxford University Press 2007. All rights reserved. 1 Device Management (DM) Many types of devices in a mobile network Managed by a mobile
More informationFederated Identity and Single Sign-On using CA API Gateway
WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED
More informationConfiguring User Identification via Active Directory
Configuring User Identification via Active Directory Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be User Identification Overview User Identification allows you to create security policies based
More informationSession Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo
Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple how-to whitepapers will
More informationPGP Desktop LDAP Enterprise Enrollment
PGP Desktop LDAP Enterprise Enrollment This document provides a technical, experiential, and chronological overview of PGP Desktop s LDAP enterprise enrollment process. Each step of the enrollment process
More informationApache Authentication, Authorization, and Access Control Concepts Version 2.2
Apache Authentication, Authorization, and Access Control Concepts Version 2.2 Overview The Apache web server software has a respectable history relative to providing and supporting authentication, authorization,
More informationConfiguring Sponsor Authentication
CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five
More informationAuthentication and Single Sign On
Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationSeptember 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence
September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple
More informationDesigning a Windows Server 2008 Applications Infrastructure
Designing a Windows Server 2008 Applications Infrastructure Course 6437A : Three days; Instructor-Led Introduction This three day course will prepare IT professionals for the role of Enterprise Administrator.
More informationSSM6437 DESIGNING A WINDOWS SERVER 2008 APPLICATIONS INFRASTRUCTURE
SSM6437 DESIGNING A WINDOWS SERVER 2008 APPLICATIONS INFRASTRUCTURE Duration 5 Days Course Outline Module 1: Designing IIS Web Farms The students will learn the process of designing IIS Web Farms with
More informationAuthentication and access control in Sympa mailing list server
Authentication and access control in Sympa mailing list server February 2004 Serge Aumont & Olivier Salaün Comité Réseau des Universités http://www.cru.fr Campus de Beaulieu, Rennes France 1 Introduction
More informationX.500 and LDAP Page 1 of 8
X.500 and LDAP Page 1 of 8 Introduction OCLC has completed its investigation of the two proposed electronic access protocols for the ILL Policies Directory. The first is X.500, a directory protocol standard
More informationHow To Get A Single Sign On (Sso)
Single Sign-On Vijay Kumar, CISSP Agenda What is Single Sign-On (SSO) Advantages of SSO Types of SSO Examples Case Study Summary What is SSO Single sign-on is a user/session authentication process that
More informationIdentity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE
Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication
More informationIdentity Management im Liberty Alliance Project
Rheinisch-Westfälische Technische Hochschule Aachen Lehrstuhl für Informatik IV Prof. Dr. rer. nat. Otto Spaniol Identity Management im Liberty Alliance Project Seminar: Datenkommunikation und verteilte
More informationFinal Project Report December 9, 2012. Cloud-based Authentication with Native Client Server Applications. Nils Dussart 0961540
Final Project Report December 9, 2012 Cloud-based Authentication with Native Client Server Applications. Nils Dussart 0961540 CONTENTS Project Proposal... 4 Project title... 4 Faculty Advisor... 4 Introduction...
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More informationWebLogic Server 7.0 Single Sign-On: An Overview
WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of
More informationImporting data from Linux LDAP server to HA3969U
Importing data from Linux LDAP server to HA3969U Application Notes Abstract: This document describes how to import data and records from Linux LDAP servers to Storageflex HA3969U systems, and by doing
More informationUsing Kerberos for Web Authentication. Wesley Craig University of Michigan
Using Kerberos for Web Authentication Wesley Craig University of Michigan Outline Basic Auth WebSSO SASL & HTTP Kerberos & TLS SPNEGO PKI, PKI, PKI For each technology, a brief over view, drawbacks, and
More informationLiberty Alliance. CSRF Review. .NET Passport Review. Kerberos Review. CPSC 328 Spring 2009
CSRF Review Liberty Alliance CPSC 328 Spring 2009 Quite similar, yet different from XSS Malicious script or link involved Exploits trust XSS - exploit user s trust in the site CSRF - exploit site s trust
More informationFrom the Intranet to Mobile. By Divya Mehra and Stian Thorgersen
ENTERPRISE SECURITY WITH KEYCLOAK From the Intranet to Mobile By Divya Mehra and Stian Thorgersen PROJECT TIMELINE AGENDA THE OLD WAY Securing monolithic web app relatively easy Username and password
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationIdentity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect
Identity Federation: Bridging the Identity Gap Michael Koyfman, Senior Global Security Solutions Architect The Need for Federation 5 key patterns that drive Federation evolution - Mary E. Ruddy, Gartner
More informationOkta/Dropbox Active Directory Integration Guide
Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for
More informationChapter 3 Authenticating Users
Chapter 3 Authenticating Users Remote users connecting to the SSL VPN Concentrator must be authenticated before being allowed to access the network. The login window presented to the user requires three
More informationOpenLDAP Oracle Enterprise Gateway Integration Guide
An Oracle White Paper June 2011 OpenLDAP Oracle Enterprise Gateway Integration Guide 1 / 29 Disclaimer The following is intended to outline our general product direction. It is intended for information
More informationDirectory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107
Okta White paper Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-dint-053013 Table of Contents
More informationAccelerate Without Fear: Extend Your Enterprise with Identity Federation. Kirk Brown CTO, Identity Management Sun Microsystems
Accelerate Without Fear: Extend Your Enterprise with Identity Federation Kirk Brown CTO, Identity Management Sun Microsystems 1 Welcome to the Participation Age Enterprise Collaborative Industry Networks,
More informationInteroperable Provisioning in a Distributed World
Interoperable Provisioning in a Distributed World Mark Diodati, Burton Group Ramesh Nagappan, Sun Microsystems Sampo Kellomaki, SymLabs 02/08/07 IAM 302 Contacts Mark Diodati (mdiodati@burtongroup.com)
More informationThe Role of Federation in Identity Management
The Role of Federation in Identity Management August 19, 2008 Andrew Latham Solutions Architect Identity Management 1 The Role of Federation in Identity Management Agenda Federation Backgrounder Federation
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationIdentity Management. Audun Jøsang University of Oslo. NIS 2010 Summer School. September 2010. http://persons.unik.no/josang/
Identity Management Audun Jøsang University of Oslo NIS 2010 Summer School September 2010 http://persons.unik.no/josang/ Outline Identity and identity management concepts Identity management models User-centric
More informationSkyward LDAP Launch Kit Table of Contents
04.30.2015 Table of Contents What is LDAP and what is it used for?... 3 Can Cloud Hosted (ISCorp) Customers use LDAP?... 3 What is Advanced LDAP?... 3 Does LDAP support single sign-on?... 4 How do I know
More informationSecuring Web Services With SAML
Carl A. Foster CS-5260 Research Project Securing Web Services With SAML Contents 1.0 Introduction... 2 2.0 What is SAML?... 2 3.0 History of SAML... 3 4.0 The Anatomy of SAML 2.0... 3 4.0.1- Assertion
More informationOn A-Select and Federated Identity Management Systems
On A-Select and Federated Identity Management Systems Joost Reede August 4, 2007 Master s Thesis Information Systems Chair Computer Science Department University of Twente ii This thesis is supervised
More informationExtend and Enhance AD FS
Extend and Enhance AD FS December 2013 Sponsored By Contents Extend and Enhance AD FS By Sean Deuby Introduction...2 Web Service SSO Architecture...3 AD FS Overview...5 Ping Identity Solutions...7 Synergy
More informationVMware Identity Manager Integration with Active Directory Federation Services 2.0
VMware Identity Manager Integration with Active Directory Federation Services 2.0 VMware Identity Manager J ULY 2015 V 2 Table of Contents Active Directory Federation Services... 2 Configuring AD FS Instance
More informationCA SiteMinder. Directory Configuration - OpenLDAP. r6.0 SP6
CA SiteMinder Directory Configuration - OpenLDAP r6.0 SP6 This documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationOpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.
OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere. OpenAM, the only all-in-one open source access management solution, provides the
More informationConnecting Users with Identity as a Service
Ping Identity has demonstrated support for multiple workforce and external identity use cases, as well as strong service provider support. Gregg Kreizman Gartner 1 Connecting Users with Identity as a Service
More informationMicrosoft Active Directory Authentication with SonicOS 3.0 Enhanced and SonicOS SC 1.0 (CSM 2100CF)
Microsoft Active Directory Authentication with SonicOS 3.0 Enhanced and SonicOS SC 1.0 (CSM 2100CF) Introduction SonicWALL Unified Threat Management (UTM) appliances running SonicOS Enhanced 3.0 support
More informationNetwork Identity. 1. Introduction. Kai Kang Helsinki University of Technology Networking Laboratory kkang@cc.hut.fi
Network Identity Kai Kang Helsinki University of Technology Networking Laboratory kkang@cc.hut.fi Abstract: This paper is concerning on modern Network Identity issues, emphasizing on network identity management,
More informationDirectory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.
Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta
More informationCA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam
CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam (CAT-140) Version 1.4 - PROPRIETARY AND CONFIDENTIAL INFORMATION - These educational materials (hereinafter referred to as
More information