Implementing Identity Provider on Mobile Phone

Size: px
Start display at page:

Download "Implementing Identity Provider on Mobile Phone"

Transcription

1 Implementing Identity Provider on Mobile Phone Tsuyoshi Abe, Hiroki Itoh, and Kenji Takahashi NTT Information Sharing Platform Laboratories, NTT Corporation Midoricho, Musashino-shi, Tokyo , Japan {abe.tsuyoshi, itoh.hiroki, takahashi.kenji ABSTRACT We have implemented an identity provider (IdP), which is defined by the Liberty Alliance on a mobile phone. We propose an authentication method, which uses this personal IdP as a security token to prevent password leakage. In our method, the personal IdP on a mobile phone issues a security assertion signed by a private key on a Universal Subscriber Identifier Module (USIM). There are some authentication solutions that require special hardware tokens to prevent password leakage incidents, but their disadvantage is a higher distribution cost. In our method, there is no need for distribution of special hardware tokens because mobile phones are widespread personal devices. There are other authentication methods that use mobile phone terminals, but our method has the advantage that there is no need for installation of special software on s. In addition, users are able to carry out single sign-on (SSO) with our method by using the Liberty Alliance architecture. Compared with ordinary SSO where the IdP is a server computer, our method has a unique feature that the initial authentication is performed on a user s mobile phone with the key pad as an input device and LCD as an output device. Therefore, the credential for initial authentication is not transmitted from the mobile phone, and we can avoid the risk of password theft. If the mobile phone has its own security feature like fingerprint authentication, the feature can be used for SSO too. In this paper, we also discuss implementation issues on a mobile phone network and security issues regarding the man-in-themiddle attack. Results of the performance test of a prototype system are also described. Categories and Subject Descriptors K.6.5 [Management of Computing and Information Systems]: Security and Protection Authentication, Unauthorized access. General Terms Design, Experimentation, Security Keywords Authentication, Federated Identity, Identity Provider, Mobile Phone Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. DIM 07, November 2, 2007, Fairfax, Virginia, USA. Copyright 2007 ACM /07/ $ INTRODUCTION Usernames and passwords have been parts of major authentication methods for a long time. However, phishing has become a problem, so increasingly more usernames and passwords are being stolen today. Therefore, many business sites are using stronger authentication methods such as one-time passwords (OTP). However, to use the OTP method, a site owner has to distribute special hardware tokens to every user, and that cost is not negligible. Carrying tokens all the time is also inconvenient for users. On the other hand, mobile phone terminals have received attention as portable security devices. There are some commercial systems that use mobile phone terminals as an OTP software token [1] or connect a mobile phone terminal to a with a USB cable and use it as a hardware token [2]. Our approach is using a mobile phone terminal as an identity provider (IdP) which is defined by the Liberty Alliance [3]. Once a user is authenticated by his/her own mobile phone, the IdP on the mobile phone issues a Security Assertion Markup Language (SAML) [4] assertion signed by a private key on its Universal Subscriber Identifier Module (USIM) [5] and sends that assertion to service providers (s). As in the ordinary Liberty Alliance s single sign-on (SSO) procedure, no additional software or hardware are needed for users s to perform our method. In the next section, we will describe the details of our proposed method. In section 3, we will discuss the trust model. In section 4, we will discuss implementation issues. The possibility of a man-in-the-middle (MITM) attack on our method and conceivable countermeasures will be discussed in section 5. In section 6, we will show our prototype system, which achieves our proposed authentication method. 2. METHOD In this section, we will describe the details of our proposed method. Components of our proposed authentication method are shown in Figure 1. IdP the Internet Figure 1: Components of proposed method 46

2 A mobile phone is used to authenticate the user to receive a service provided from the. A user s IdP software is running on the mobile phone. Fundamentally, the sequence is the same as that of the ordinary Liberty Alliance SSO procedure, but the IdP software is running on the mobile phone terminal, not on a server computer over a network. Therefore, initial authentication can be performed directly between the user and IdP, instead of through the network. A typical sequence flow of our proposed method is shown in Figure 2. IdP (Mobile Phone) sent via User s by HTTP redirection IdP discovery 3. TRUST MODEL In the OASIS trust model guidelines [6], a variety of models that can be applied to establish trust among Liberty entities (e.g., IdPs and s) is described. The trust model taxonomy in the guidelines is shown in Figure 3. Two dimensions of trust are distinguished. The columns represent the types of authentication. Direct authentication means that entities exchange shared secret keys or public-key certificates with each other. Indirect authentication means that entities authenticate each other via intermediary entities (e.g., PKI CAs). The rows represent the types of business agreements. Direct agreements are exchanged between the participants. Indirect agreements are facilitated by business intermediaries. There could be an absence of business agreements linking participants. This figure indicates the authentication manner, and the formations of business agreements are independent of each other. Prompt for password Password (Optional) Authentication (e.g. PIN code check) Initial Authentication (if a user has not been authenticated) Authentication response with IdP signature sent via user s by HTTP POST Verify response Figure 2: Typical sequence flow When a user accesses the to receive a service, the redirects the user to the IdP on the mobile phone to authenticate the user. We will describe how the discovers the location of the IdP in section 4. If the user has not been authenticated yet, the IdP on the user s mobile phone authenticates the user. Like in an ordinary IdP on a server computer, initial authentication may be performed via a network. In addition, a user can directly input authentication information into the IdP by using the mobile phone user interface. Typically, a PIN code can be input using a keypad. If the mobile phone has its own security feature like fingerprint authentication, that can also be used for initial authentication. Then, the IdP on the mobile phone creates a SAML assertion and signs the assertion with the private key of the mobile phone. One of the mobile phone carriers in Japan ships USIMs with digital certificates and key pairs, and some mobile phone terminals can use USIMs for digital signing [2]. An authentication response that has the issued SAML assertion is sent to the through the user s by the HTTP POST method. Then, the verifies the authentication response. If the verification is successful, the provides the service to the user. Using key pairs in the USIM has security and usability merits. The security merit is that because Universal Integrated Circuit Card (UICC) is a tamper-resistant device, the private key is stored securely. In terms of usability, the same key pair can be used even if the user changes the mobile phone model. In this method, security information created on a mobile phone terminal is transferred to the user s and then sent to an using an ordinary WWW browser feature. Therefore, no additional hardware or software is needed. Business anchor list Trust anchor list Business entity in question Figure 3: Trust Model Taxonomy [6] In our proposed method, the situation represented by each cell of Figure 3 will be possible. At first we will examine authentication columns. If an end user (mobile phone IdP owner) submits a digital certificate in the USIM to the prior to SSO, the can verify the SAML assertion signed by the IdP with that digital certificate at the SSO time. This case applies to direct authentication. If the stores the mobile phone carrier s digital certificate as a root CA s certificate, the can verify the SAML assertion without prestoring each mobile phone certificate. That is because the mobile phone certificates that are signed by the mobile phone carrier will be sent with the assertion, and the verifies the mobile phone certificates with mobile phone carrier s certificate. Then, the verifies the assertion with the mobile phone certificate. This case applies to indirect authentication. Each type of business agreement may be possible. If each mobile phone user (as an IdP owner) contracts with the s, that is a direct business agreement case. In the case when each mobile phone user contracts with the mobile phone carrier, and the mobile phone carrier contracts with the s, that is an indirect business agreement. If there are no business agreements between mobile phone users and s, our method will work effectively like the OpenID [7] system. 47

3 4. IMPLEMENTATION ISSUES 4.1 IdP Discovery Generally speaking, if an is federated with multiple IdPs, the may show an IdP s list to users and let them select an IdP, which they use before the issues an authentication request. In our method, each user has his/her own IdP, so the IdP list that the has may be too long. Therefore, we should choose another method. One possible method is to let users input their IdP s URL on an form like using OpenID. The SSO sequence flow with IdP discovery is shown in Figure 4. Authentication response IdP (Mobile Phone) (IdP discovery) Prompt for URL of user s IdP URL of user s IdP Initial authentication (if a user has not been authenticated) Figure 4: IdP discovery Verify response 4.2 Enabling Mobile Phones to act as Servers To use a mobile phone terminal as an IdP, we should enable the mobile phone to act as a server that user s can access by HTTP(S). However, accessing a mobile phone terminal from the Internet by HTTP may not be possible because of a mobile phone carrier policy. In addition, there are few mobile phone terminals on which we can implement server sockets. Therefore, we prepared a relay server on the Internet. This approach is often used to connect clients on the Internet to a server on an Intranet. For example, the relay server will be managed by mobile phone carriers. The sequence flow of our method that uses a relay server is shown in Figure 5. IdP (Mobile Phone) Relay Server Connect Initial authentication (if a user has not been authenticated) Authentication response Allocate one time URL (Optional) maintain connection Prompt for URL of user s IdP URL of user s IdP Relay authentication request to appropriate IdP by requested URL At first, an IdP on a mobile phone terminal accesses a relay server. The relay server authenticates an IdP (e.g., using TLS mutual authentication). Then, the relay server maintains the connection and associates it with the IdP URL. There are two possible ways to allocate an IdP URL: one is static allocation, and the other is dynamic allocation. If the IdP URL is allocated dynamically when the connection begins, the URL should be sent to the IdP through the connection and displayed on the mobile phone terminal LCD. Dynamic URL allocation reduces the risk that an attacker accesses a user s IdP. However, there is the demerit that a user cannot remember the URL of his/her IdP. When a user s redirects from the to the IdP, at first the is routed to the relay server using DNS resolution, and then, the relay server connects the to an appropriate IdP through an associated connection. Therefore, a WWW browser on a user s can access an IdP on a mobile phone. Using the relay server, most of the mobile phone IdP URL may be the same as the URL of the other mobile phone IdPs (Figure 6). Therefore, the user may be able to input only the distinct part of the URL. The username part of a mobile phone e- mail address or phone number may be used for the distinct part of the URL in the case of static allocation. In the dynamic allocation case, the distinct part of the URL is issued every time the mobile phone accesses the relay server. Then, the complements the URL with the common part of the URL and sends the authentication request to the URL. static allocated IdP URL https://mobile-idp.ntt.jp/abe https://mobile-idp.ntt.jp/itoh common part distinct part (e.g. username) dynamic allocated IdP URL https://mobile-idp.ntt.jp/14ety38r common part Figure 6: IdP URL distinct part (random string) 5. DISCUSSION ABOUT MITM ATTACK In this section, we discuss MITM attacks on our proposed method and possible countermeasures. Generally speaking, even if an authentication method is not a simple username-and-password method but a multifactor authentication is also used, there is still a risk of an MITM attack. The steps of a MITM attack on the OTP method are shown in Figure 7. OTP is an effective method against password leakage incidents; however, if users are lead to an MITM, and the MITM relays the traffic between the and, the MITM may login to the. In the following subsections, we discuss two types of MITM attack. One is the MITM attack with phishing and the other is with pharming. Figure 5: Mobile phone IdP with relay server 48

4 Phishing mail (click on fake URL) Prompt for one-time password MITM Prompt for one-time password the user judge whether the peer is him/herself. For example, domain name or country name can be used for that information. Intercepting an MITM attack using the method described above is shown in Figure 9. MITM IdP (Mobile Phone) One-time password One-time password Display information of accessing machine (e.g. domain name) Figure 7: MITM attack 5.1 MITM attack with Phishing At first, we discuss the MITM attack with phishing in which an attacker leads users to the MITM by causing users to click on a fake URL link in a phishing mail. As illustrated in Figure 8, there is a possibility of an MITM attack on our proposed method as well as other multifactor authentication methods. MITM IdP (Mobile Phone) Prompt for password Password Initial Authentication Prompt for password (Optional) Password authentication on a mobile phone (e.g. PIN code check) Authentication response Figure 8: MITM attack on proposed method The attacker relays a user request for service to the. Then, the user sends his/her IdP s URL (through the MITM) to the. After that, the will redirect the user to the IdP, but indeed, the MITM accesses the IdP by means of an authentication request. At this time, the IdP on a user s mobile phone asks the user to input authentication information such as a PIN code. The user mistakes the MITM access for his access, and inputs the PIN code into the mobile phone. Then, the IdP issues an assertion for the MITM to the. The correctly verifies the assertion and allows the MITM to login. Then, we show possible countermeasures. One difference between an ordinary IdP and our IdP on a mobile phone terminal is that our IdP can communicate with users without using the network in which an MITM may exist. Using this feature, the IdP can show user information about peers that access the IdP to let Access denied User notices the difference, and refuse authentication. Figure 9: Measure against MITM attack However, this method depends on the user s judgment, so more effective ways are still required. We think the combination with risk-based authentication seems effective. The idea is shown in Figure 10. MITM IdP (Mobile Phone) Initial authentication request Risk-based analysis (if the peer is not as usual, IdP requests user to perform initial authentication directly) Access denied Initial authentication and record characteristics of... Figure 10: Combination with risk-based authentication If the peer who brings an authentication request from a is not the usual peer, the IdP alerts the user through the mobile phone display and requests him/her to access the IdP URL directly (not via the ) and perform initial authentication. When the user directly accesses the IdP and initial authentication has succeeded, the IdP saves the characteristics of the user s such as domain name, type and version of OS and browser to use for judgment later. Of course, the IdP can store characteristics of several s because a user may not have only one. There are still some possibilities that the MITM provides fake information that can be analyzed. However, this approach reduces the risk of the MITM attack. 49

5 5.2 MITM attack with Pharming In this subsection, we discuss the MITM attack with pharming. In the pharming situation, even if the correct URL is input in a user s, he/she is led to rogue sites because the DNS or hosts files are spoofed. In this situation, an attacker may send an authentication request from the via a user s (Figure 11). Then, the IdP correctly authenticates the user and tries to send an authentication response to the correct URL via a user s. However, the user has been pharmed, so the authentication response will reach the MITM. Then, the MITM shows the assertion in an authentication response sent to the and logs in using the assertion. MITM IdP (Mobile Phone) (with true s URL) MITM redirects authentication request via User s Display Information about accessing machine (e.g. domain name) authentication (e.g. PIN code check) WWW browser OS Legend: NTT DoCoMo mobile phone IdP i-appli i-appli API J2ME CLDC OS Our developed components relay server Relay Servlet Tomcat J2EE Linux pre-existent components Figure 12: System architecture J Liberty Alliance middle ware OS 6.2 Demonstration In this subsection, we illustrate the user experience in our proposed authentication method with screen shots of the prototype system. The login page of the is shown in Figure 13. The user is required to input the URL of the IdP on the mobile phone instead of the username and password. Even if IdP sends Authentication response to true URL, authentication response arrives at MITM Authentication response Figure 11: MITM attack with pharming Including an IP address of an accessing terminal in an assertion may be effective in preventing this type of attack. When an receives the assertion, the compares the IP address of the accessing terminal to the IP address contained in the assertion to confirm whether the assertion was intercepted. According to the SAML v2.0 specification, we can include the IP address of an authentication subject in the SubjectConfirmation element in a SAML assertion. This may help s confirm whether the subject is correct or incorrect. However, if the and the MITM are in the same subnet, and they access the Internet through the same Network Address Port Translation (NAPT) or HTTP proxy, IP addresses that the sees are the same. This is one of the limitations of this approach. Figure 13: Login page The user launches the IdP application on the mobile phone (Figure 14), and inputs its URL into the prompt. 6. PROTOTYPE SYSTEM In this section, we introduce our prototype system in which we implemented our proposed method explained in the previous sections. 6.1 System Architecture The system architecture of our prototype system is shown in Figure 12. We have implemented an IdP as an i-appli [8] which is a Java application for NTT DoCoMo mobile phones. Using the i-appli API, we let the IdP sign assertions by private key on a USIM. We also implemented a relay server as a Java servlet. For the, we used software of Liberty Alliance s, which our team had implemented before. We only changed site-specific Java Server Pages (J) for the. Figure 14: Launch IdP application 50

6 After the user inputs the IdP URL, the browser of the user s is redirected to the IdP on the mobile phone. Then, the IdP confirms whether it can send an assertion to the (Figure 15). If the IdP authenticates the user successfully, the IdP creates a SAML assertion, signs it, and sends it to the via the user s browser (Figure 17). Figure 15: Notification of authentication request Figure 17: Send SAML assertion If the user allows the IdP to send an assertion, the user pushes the yes button. Then, the IdP on the mobile phone authenticates the user by checking the PIN code (Figure 16). Finally, the receives the SAML assertion from the IdP on the mobile phone and verifies it using the IdP s public key. If the verification is successfully performed, the provides services to the user (Figure 18). Figure 18: Welcome page Figure 16: PIN code authentication 51

7 6.3 Performance In this subsection, we describe the performance of our prototype system. Specifications of the mobile phone on which we had implemented an IdP are shown in Table 1. The mobile phone is one of the product models in the Japanese market which has the ability to perform digital signing. Table 1: Specifications of mobile phone Model NTT DoCoMo F903i [9] CPU SH-Mobile G1 [10] Communication speed 384 kbps We measured the processing time of our IdP, which was implemented on our mobile phone. First, we connected the mobile phone IdP to our relay server on the Internet. When the IdP receives an authentication request from an via a user s and relay server, we start measuring the processing time. When the IdP finishes sending an authentication response, we stop measuring. The processing times except for the waiting times for user interactions are shown in Table 2. Table 2: Processing time of IdP Process Time [second] Communication 3 Digital signing 3 Other 0.4 The results indicate that dominant factors are communication time and digital signing time. During the communication time, the total data size of an authentication request and response is less than 5k bytes, so transfer time may be negligible. Therefore, we think that almost 3 seconds is consumed for connection establishment overhead. The connection to the relay server is established before the start of the measuring time, but after the IdP receives an authentication request, the connection is closed. That is because our mobile phone can only communicate with the server on the Internet as an HTTP client. Hence, we transfer the authentication request on an HTTP response, and the authentication response on an HTTP request. This is similar to the Liberty reverse HTTP binding for SOAP (PAOS) [11]. However, we use our own protocol instead of SOAP. As a result, when the IdP sends an authentication response, a connection to the relay server is established again. Our IdP constructs a SAML assertion and generates a SignedInfo element of the XML-Signature [12], and signs the SignedInfo element with the RSAwithSHA1 algorithm. The data size of the SignedInfo element is approximately 700 bytes. According to Table 2, our mobile phone can sign 700 bytes of data in 3 seconds. The output data of a digital signature from our mobile phone is in the PKCS#7 [13] format, so we have to convert that to the Signature-element format of the XML-Signature specification at the relay server. The format conversion time in the relay server is less than 20 milliseconds using a Pentium III 1.2- GHz computer. 7. CONCLUSION In this paper, we have proposed an authentication method that uses a mobile phone as an IdP. To inform an about the user s IdP location, the user sends the URL to the like in the OpenID method. We prepared a relay server with which the browser of a user s can access the IdP on the user s mobile phone. Considering the MITM attack, a combination of risk-based authentication and including the information in the assertion is useful. We implemented our method on a mobile phone terminal and the method worked well with an. The prototype system works within a practical amount of time. REFERENCES [1] RSA SecureID Token for Mobile Phones, RSA Security Inc., [2] FirstPass, NTT DoCoMo Inc., (Japanese Only) [3] Liberty Alliance Project. [4] Security Assertion Markup Language (SAML) V2.0. Version 2.0. OASIS Standards. [5] Universal Subscriber Identity Module (USIM) conformance test specification. 3GPP TS [6] Trust Models Guidelines, OASIS, [7] OpenID, [8] i-appli, NTT DoCoMo Inc., tent/iappli/index.html [9] FOMA F903i, NTT DoCoMo Inc., /index.html [10] Renesas Technology s SH-Mobile G1 Chip to be Selected for FOMA 903i Series Handsets, 96.htm&fp=/company_info/news_and_events/press_releases [11] Liberty Reverse HTTP Binding for SOAP Specification, 303/file/liberty-paos-v2.0.pdf [12] XML-Signature Syntax and Processing, W3C Recommendation, [13] RFC PKCS #7: Cryptographic Message Syntax Version 1.5, 52

Enhancing Web Application Security

Enhancing Web Application Security Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

Apache Server Implementation Guide

Apache Server Implementation Guide Apache Server Implementation Guide 340 March Road Suite 600 Kanata, Ontario, Canada K2K 2E4 Tel: +1-613-599-2441 Fax: +1-613-599-2442 International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042

More information

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Perceptive Experience Single Sign-On Solutions

Perceptive Experience Single Sign-On Solutions Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Vidder PrecisionAccess

Vidder PrecisionAccess Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...

More information

Adding Stronger Authentication to your Portal and Cloud Apps

Adding Stronger Authentication to your Portal and Cloud Apps SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well

More information

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN 1 Venkadesh.M M.tech, Dr.A.Chandra Sekar M.E., Ph.d MISTE 2 1 ResearchScholar, Bharath University, Chennai 73, India. venkadeshkumaresan@yahoo.co.in 2 Professor-CSC

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by

More information

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Federation Proxy for Cross Domain Identity Federation

Federation Proxy for Cross Domain Identity Federation Proxy for Cross Domain Identity Makoto Hatakeyama NEC Corporation, Common Platform Software Res. Lab. 1753, Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa 211-8666, Japan +81-44-431-7663 m-hatake@ax.jp.nec.com

More information

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access

More information

Setup Guide Access Manager 3.2 SP3

Setup Guide Access Manager 3.2 SP3 Setup Guide Access Manager 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE

More information

Multi Factor Authentication API

Multi Factor Authentication API GEORGIA INSTITUTE OF TECHNOLOGY Multi Factor Authentication API Yusuf Nadir Saghar Amay Singhal CONTENTS Abstract... 3 Motivation... 3 Overall Design:... 4 MFA Architecture... 5 Authentication Workflow...

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9 CA Adapter Installation and Configuration Guide for Windows r2.2.9 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0 Windows Live Cloud Identity Connector Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Windows Live Cloud Identity Connector User Guide Version 1.0 April, 2011 Ping Identity

More information

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole

More information

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment 29.4.2008 Jyväskylä University Department of Computer Science

More information

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication

More information

Endpoint Security VPN for Windows 32-bit/64-bit

Endpoint Security VPN for Windows 32-bit/64-bit Endpoint Security VPN for Windows 32-bit/64-bit E75.20 User Guide 13 September 2011 2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected

More information

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

Authentication. Authentication in FortiOS. Single Sign-On (SSO) Authentication FortiOS authentication identifies users through a variety of methods and, based on identity, allows or denies network access while applying any required additional security measures. Authentication

More information

Using Entrust certificates with VPN

Using Entrust certificates with VPN Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark

More information

SAML Security Option White Paper

SAML Security Option White Paper Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

OnCommand Performance Manager 1.1

OnCommand Performance Manager 1.1 OnCommand Performance Manager 1.1 Installation and Setup Guide For Red Hat Enterprise Linux NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1 (408) 822-6000 Fax: +1 (408) 822-4501

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

Application Note: Integrate Juniper SSL VPN with Gemalto SA Server. SASolutions@gemalto.com October 2007. www.gemalto.com

Application Note: Integrate Juniper SSL VPN with Gemalto SA Server. SASolutions@gemalto.com October 2007. www.gemalto.com Application Note: Integrate Juniper SSL VPN with Gemalto SA Server SASolutions@gemalto.com October 2007 www.gemalto.com Table of contents Table of contents... 2 Overview... 3 Architecture... 5 Configure

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

Lecture Notes for Advanced Web Security 2015

Lecture Notes for Advanced Web Security 2015 Lecture Notes for Advanced Web Security 2015 Part 6 Web Based Single Sign-On and Access Control Martin Hell 1 Introduction Letting users use information from one website on another website can in many

More information

OVERVIEW. DIGIPASS Authentication for Office 365

OVERVIEW. DIGIPASS Authentication for Office 365 OVERVIEW DIGIPASS for Office 365 Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data Security assumes no responsibility

More information

Scalable Authentication

Scalable Authentication Scalable Authentication Rolf Lindemann Nok Nok Labs, Inc. Session ID: ARCH R07 Session Classification: Intermediate IT Has Scaled Technological capabilities: (1971 2013) Clock speed x4700 #transistors

More information

Framework of Web Applications for Protection against Illegal Access

Framework of Web Applications for Protection against Illegal Access Framework of Web Applications for Protection against Illegal Access V Satoru Torii V Yoshiki Higashikado V Takayoshi Kurita (Manuscript received December 15, 2003) The use of Web-based application servers

More information

IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0

IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 International Virtual Observatory Alliance IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 IVOA Proposed Recommendation 20151029 Working group http://www.ivoa.net/twiki/bin/view/ivoa/ivoagridandwebservices

More information

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES Executive Overview U.S. Federal mandates dictates that personal with defense related initiatives must prove access

More information

Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps

Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps May 2015 This guide includes: What is OAuth v2.0? What is OpenID Connect? Example: Providing OpenID Connect SSO to a Salesforce.com

More information

Enabling SSL and Client Certificates on the SAP J2EE Engine

Enabling SSL and Client Certificates on the SAP J2EE Engine Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine

More information

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access With IDENTIKEY Server / Axsguard IDENTIFIER Integration Guidelines Disclaimer Disclaimer of Warranties and Limitations

More information

Identity Implementation Guide

Identity Implementation Guide Identity Implementation Guide Version 35.0, Winter 16 @salesforcedocs Last updated: October 27, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of

More information

2X SecureRemoteDesktop. Version 1.1

2X SecureRemoteDesktop. Version 1.1 2X SecureRemoteDesktop Version 1.1 Website: www.2x.com Email: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious

More information

Federated Identity Management for Protecting Users from ID Theft

Federated Identity Management for Protecting Users from ID Theft Federated Identity Management for Protecting Users from ID Theft Paul Madsen NTT Advanced Technology 250 Cambridge Avenue, Suite 104, Palo Alto, CA 94306, USA paulmadsen@ntt-at.com Yuzo Koga NTT Information

More information

WebNow Single Sign-On Solutions

WebNow Single Sign-On Solutions WebNow Single Sign-On Solutions Technical Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2015 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact,

More information

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September 2007. Trianz 2008 White Paper Page 1

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September 2007. Trianz 2008 White Paper Page 1 White Paper Authentication and Access Control - The Cornerstone of Information Security Vinay Purohit September 2007 Trianz 2008 White Paper Page 1 Table of Contents 1 Scope and Objective --------------------------------------------------------------------------------------------------------

More information

How CA Arcot Solutions Protect Against Internet Threats

How CA Arcot Solutions Protect Against Internet Threats TECHNOLOGY BRIEF How CA Arcot Solutions Protect Against Internet Threats How CA Arcot Solutions Protect Against Internet Threats we can table of contents executive summary 3 SECTION 1: CA ArcotID Security

More information

Installing and Configuring vcenter Support Assistant

Installing and Configuring vcenter Support Assistant Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

Authentication Methods

Authentication Methods Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the

More information

Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0

Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0 Flexible Identity Multi-Factor Authentication Tokenless authenticators guide version 1.0 Publication History Date Description Revision 2014.02.07 initial release 1.0 Copyright Orange Business Services

More information

DIGIPASS as a Service. Google Apps Integration

DIGIPASS as a Service. Google Apps Integration DIGIPASS as a Service Google Apps Integration April 2011 Table of Contents 1. Introduction 1.1. Audience and Purpose of this Document 1.2. Available Guides 1.3. What is DIGIPASS as a Service? 1.4. About

More information

Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

Cloud Computing. Chapter 5 Identity as a Service (IDaaS) Cloud Computing Chapter 5 Identity as a Service (IDaaS) Learning Objectives Describe challenges related to ID management. Describe and discuss single sign-on (SSO) capabilities. List the advantages of

More information

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet

More information

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user

More information

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011 NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity

More information

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................

More information

SAML single sign-on configuration overview

SAML single sign-on configuration overview Chapter 46 Configurin uring Drupal Configure the Drupal Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with a Drupal-based web application. Configuration also specifies

More information

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics

More information

Cloud Authentication. Getting Started Guide. Version 2.1.0.06

Cloud Authentication. Getting Started Guide. Version 2.1.0.06 Cloud Authentication Getting Started Guide Version 2.1.0.06 ii Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

Server based signature service. Overview

Server based signature service. Overview 1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...

More information

Research Article. Research of network payment system based on multi-factor authentication

Research Article. Research of network payment system based on multi-factor authentication Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor

More information

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 May 2015 About this guide Prerequisites and requirements NetWeaver configuration Legal notices About

More information

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

WHITE PAPER Citrix Secure Gateway Startup Guide

WHITE PAPER Citrix Secure Gateway Startup Guide WHITE PAPER Citrix Secure Gateway Startup Guide www.citrix.com Contents Introduction... 2 What you will need... 2 Preparing the environment for Secure Gateway... 2 Installing a CA using Windows Server

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

Protected Cash Withdrawal in Atm Using Mobile Phone

Protected Cash Withdrawal in Atm Using Mobile Phone www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 2 Issue 4 April, 2013 Page No. 1346-1350 Protected Cash Withdrawal in Atm Using Mobile Phone M.R.Dineshkumar

More information

SAML Authentication Quick Start Guide

SAML Authentication Quick Start Guide SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

Reverse Proxy Guide. Version 2.0 April 2016

Reverse Proxy Guide. Version 2.0 April 2016 Version 2.0 April 2016 Reverse Proxy Guide Copyright 2016 iwebgate. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated

More information

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them. This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and

More information

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect

More information

Single Sign-On Implementation Guide

Single Sign-On Implementation Guide Single Sign-On Implementation Guide Salesforce, Winter 16 @salesforcedocs Last updated: November 4, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark

More information

Securing e-government Web Portal Access Using Enhanced Two Factor Authentication

Securing e-government Web Portal Access Using Enhanced Two Factor Authentication Securing e-government Web Portal Access Using Enhanced Two Factor Authentication Ahmed Arara 1, El-Bahlul Emhemed Fgee 2, and Hamdi Ahmed Jaber 3 Abstract This paper suggests an advanced two-factor authentication

More information

Host Access Management and Security Server

Host Access Management and Security Server Host Access Management and Security Server Evaluation Guide Host Access Management and Security Server Evaluation Guide 12.2 Copyrights and Notices Copyright 2015 Attachmate Corporation. All rights reserved.

More information

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013 SSL VPN Server Guide Access Manager 3.2 SP2 June 2013 Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A

More information

Setup Guide Access Manager Appliance 3.2 SP3

Setup Guide Access Manager Appliance 3.2 SP3 Setup Guide Access Manager Appliance 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS

More information

Introduction to Mobile Access Gateway Installation

Introduction to Mobile Access Gateway Installation Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure

More information

Getting Started with AD/LDAP SSO

Getting Started with AD/LDAP SSO Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories

More information

Egnyte Single Sign-On (SSO) Installation for OneLogin

Egnyte Single Sign-On (SSO) Installation for OneLogin Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Single Sign-On Implementation Guide

Single Sign-On Implementation Guide Single Sign-On Implementation Guide Salesforce, Summer 15 @salesforcedocs Last updated: July 1, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of

More information

Designing federated identity management architectures for addressing the recent attacks against online financial transactions.

Designing federated identity management architectures for addressing the recent attacks against online financial transactions. Designing federated identity management architectures for addressing the recent attacks against online financial transactions. Dr. Christos K. Dimitriadis Security Officer INTRALOT S.A. Scope and Agenda

More information

Microsoft Office 365 Using SAML Integration Guide

Microsoft Office 365 Using SAML Integration Guide Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,

More information

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On A Federated Authorization and Authentication Infrastructure for Unified Single Sign On Sascha Neinert Computing Centre University of Stuttgart Allmandring 30a 70550 Stuttgart sascha.neinert@rus.uni-stuttgart.de

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

Connected Data. Connected Data requirements for SSO

Connected Data. Connected Data requirements for SSO Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated

More information

Using SAML for Single Sign-On in the SOA Software Platform

Using SAML for Single Sign-On in the SOA Software Platform Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software

More information

The PostBase Connectivity Wizard

The PostBase Connectivity Wizard The PostBase Connectivity Wizard The PostBase Connectivity Wizard allows you to easily set up your PostBase postage machine to suit your organization s arrangements. This document will guide you through

More information

DIGIPASS as a Service. Product Guide

DIGIPASS as a Service. Product Guide DIGIPASS as a Service Product Guide October 2011 Table of Contents 1. Introduction... 1 1.1. 1.2. 1.3. 1.4. Audience and Purpose of this Document... Available Guides... What is DIGIPASS as a Service?...

More information

Building Secure Applications. James Tedrick

Building Secure Applications. James Tedrick Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS

More information

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites Single Sign On (SSO) Implementation Manual For Connect 5 & MyConnect Sites Version 6 Release 5.7 September 2013 1 What is Blackboard Connect Single Sign On?... 3 How it Works... 3 Drawbacks to Using Single

More information

Configuring. Moodle. Chapter 82

Configuring. Moodle. Chapter 82 Chapter 82 Configuring Moodle The following is an overview of the steps required to configure the Moodle Web application for single sign-on (SSO) via SAML. Moodle offers SP-initiated SAML SSO only. 1 Prepare

More information

Single Sign-On Implementation Guide

Single Sign-On Implementation Guide Salesforce.com: Salesforce Winter '09 Single Sign-On Implementation Guide Copyright 2000-2008 salesforce.com, inc. All rights reserved. Salesforce.com and the no software logo are registered trademarks,

More information

www.novell.com/documentation SSL VPN Server Guide Access Manager 3.1 SP5 January 2013

www.novell.com/documentation SSL VPN Server Guide Access Manager 3.1 SP5 January 2013 www.novell.com/documentation SSL VPN Server Guide Access Manager 3.1 SP5 January 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation,

More information

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and

More information