Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.
|
|
- Dora Fitzgerald
- 8 years ago
- Views:
Transcription
1 Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1
2 Agenda Need for Identity-based Web services security Single Sign-On (SSO) within an enterprise SSO across enterprises (Federated SSO) Use case scenario Identity Services OpenSSO 2
3 Need for Identity-Based Web Services Security
4 Transport Level Security End User Web Service Consumer Web Service Provider 4
5 Transport Level Security!= Identity Difficult choice between > No client authentication > Client authentication via certificates Scope of protection is limited to individual 'hops' Even with client authentication, no real non-repudiation due to difficulty of archiving and verifying message flow TLS/SSL is still essential for confidentiality and integrity at the transport level, but is not enough we need a solution at the message level 5
6 Basic Web Services Security Identity Provider End User Web Service Consumer Web Service Provider 6
7 Message Level Security Getting There Identity token carried in SOAP header > WS-Security, WS-I Basic Security Profile > Industry has converged on SAML Assertion as the token SAML allows for bearer tokens, holder-of-key tokens, audience restrictions etc Token can be archived with message But... restricting the audience to the immediate recipient leaves us with similarly limited scope of protection one hop 7
8 Requirements for Web Service Identity Identify the end user Locate the service Preserve identity > Across multiple 'hops' > Across domain boundaries > Across vendors' products Using existing technologies and idioms Maintaining privacy 8
9 Identity Web Services Identity Provider Discovery Service End User Web Service Consumer Web Service Provider 9
10 Scaling Out Identity Provider Discovery Service Web Service Provider Principal Web Service Consumer Web Service Provider/ Consumer Web Service Provider 10
11 Single Sign On (SSO) Mechanism Within an Enterprise
12 Enterprise Problems Every application wants me to log in! I have too many passwords my monitor is covered in Post-its! We're implementing Sarbanes-Oxley we need to control access to applications! We need to access outsourced functions! Our partners need to access our applications! 12
13 Web Access Management Simplest scenario is intra-enterprise Factor authentication and authorization out of web applications into web access management (WAM) solution Can use browser cookies within a DNS domain Proxy or Agent architecture implements role-based access control (RBAC) Benefits > Users get single sign-on > IT gets control 13
14 SSO Within an Enterprise Web Server Web Server SSO Server Application Server End User 14
15 How It Works SSO Server Browser Agent GET hrapp/index.html Application Redirect to SSO Server Authenticate SSO cookie GET hrapp/index.html (with SSO cookie) Is this user allowed to access hrapp/index.html? Yes! Allow request to proceed Application response 15
16 Sun Access Manager as SSO Solution Within an Enterprise
17 Web Access Management Products Sun Java System Access Manager > OpenSSO based CA (Netegrity) SiteMinder Access Manager IBM Tivoli Access Manager Oracle (Oblix) Access Manager Novell Access Maneger JA-SIG CAS JOSSO 17
18 How Access Manager Works Intercept access to a (web) resource Authenticate the user (lots of ways to do this) Issue a token (HTTP session cookie) Repeat: > > > > Intercept access to resource Use token to authorize access based on policies Provide identity attributes & data to resource Log everything that happens Until session expires or user logs out 18
19 How Access Manager Works Access Manager agents are installed to protect web resources (web sites or web-based applications) Agents interact with Access Manager policy server to handle authentication, single sign-on, and authorization requests Web User Web Agen or Applicationt Server Web or Agen Applicatio t n Server Access Manager Policy Server Directory 19
20 Login Process Initial Sign-On Process 1) Page request, but no SSOToken 2) Redirect to authentication page 3) Redirect back to original page/resource (with SSOToken) 4) Agent validates token 1 Web User 2 Web Server 3 Agen t 4 Agen t Web Server Access Manager Policy Server Directory 20
21 Web Single Sign-On (simple version) Accessing subsequent sites or applications: 1) Page request (with SSOToken) 2) Agent validates token Variations on this for sites in different DNS domains and federation (not explained or depicted here) Web User 1 Web Server Agen t 2 Agen t Web Server Access Manager Policy Server Directory 21
22 Access Manager Architecture Web Browser HTTP(S) C Applications Web / Application Server Web / J2EE Container Java Applications SDK Policy Agent Distributed Auth SDK XML/HTTP(S) HTTP(S) XML/HTTP(S) Web / J2EE Container Access Manager Services Java Applications SDK Java APIs Access Manager APIs Admin CLI (XML) Access Manager Framework SPI (Service Provider Interface) Plugin Modules Custom Plugin Modules Plugin Modules Provided by Sun Java System Access Manager Custom Plugin Modules Sun Java System Directory Server Java APIs 22
23 Enterprise Problems Every application wants me to log in! I have too many passwords my monitor is covered in Post-its! We're implementing Sarbanes-Oxley we need to control access to applications! We need to access outsourced functions! Our partners need to access our applications! 23
24 Single Sign On Across Enterprises (Federated SSO)
25 Single Sign-On Across Enterprises (Federated SSO) Cookies no longer work > Need a more sophisticated protocol Can't mandate single vendor solution > Need standards for interoperability 25
26 Single Sign-On Standards Liberty Phase 1 Liberty Federation Liberty ID-FF 1.1,1.2 = SAML1 SAML1.1 Shibboleth 1.0,1.1 SAML2 Shibboleth 1.2 WS-Federation WS-Federation
27 SAML 2.0 Concepts Profiles Combining protocols, bindings, and assertions to support a defined use case Bindings Mapping SAML protocols onto standard messaging or communication protocols Authentication Context Detailed data on types and strengths of authentication Protocols Request/response pairs for obtaining assertions and doing ID management Assertions Authentication, attribute and entitlement information Metadata IdP and SP configuration data 27
28 SSO Across Enterprises (Federated SSO) Service Provider Service Provider Identity Provider Service Provider End User 28
29 Federated SSO (via SAML) Identity Provider Browser Service Provider GET hrapp/index.html Redirect with SAML Request SAML Authentication Request Authenticate HTML form with SAML Response SAML Response Response Service Provider examines SAML Response and makes access control decision 29
30 The Federated SSO Concept Log in Web User Be recognized Excite.com (Authentication authority) Pets.com (Relying party) 30
31 Federated SSO Example (1 of 2) 2 User is redirected to Identity Provider. User logs in. Authentication Authority (IdP) 3 User is authenticated. Web User 1 Service Provider uses HTTP redirect or form post to Identity Provider. Relying Party (SP) 31
32 Federated SSO Example (2 of 2) 4 Redirect back to the Service Provider with a nonce embedded in the URL. Authentication Authority 6 Web User 5 Relying party receives nonce in the redirect process. Relying party invokes SAML-based web service to obtain an authentication assertion. Relying Party 32
33 SAML 2.0 Assertion (Abbreviated!) <Assertion Version="2.0" ID="..." IssueInstant=" T16:42:28Z"> <Issuer> <Signature>...</Signature> <saml:subject> <saml:nameid Format="urn:oasis:...:persistent"...> ZG0OZ3JWP9yduIQ1zFJbVVGHlQ9M </saml:nameid> <saml:subjectconfirmation Method="urn:oasis:...:bearer"> <saml:subjectconfirmationdata.../> </saml:subjectconfirmation> </saml:subject> <saml:conditions NotBefore=" T16:42:28Z" NotOnOrAfter=" T16:52:28Z"> <saml:audiencerestriction> <saml:audience> </saml:audience> </saml:audiencerestriction> </saml:conditions> <saml:authnstatement AuthnInstant=" T16:42:28Z"...> <saml:authncontext> <saml:authncontextclassref> urn:oasis:...:passwordprotectedtransport </saml:authncontextclassref> </saml:authncontext> </saml:authnstatement> </saml:assertion> 33
34 SAML 2.0 Adoption Sun, IBM, CA all the usual suspects, except Microsoft OpenSSO (Sun) > Java, PHP, Ruby OpenSAML (Internet2) > Java, C++ SimpleSAMLphp (Feide) LASSO (Entr'ouvert) > C/SWIG ZXID (Symlabs) > C/SWIG 34
35 Liberty Identity Web Services Framework (ID-WSF) Dynamic service discovery and addressing Common web services transport mechanisms to apply identity-aware message security Abstractions and optimizations to allow anything including client devices to host identity services Unified data access/management model for developers Flexibility to develop arbitrary new services User privacy through use of pseudonyms 35
36 ID-WSF 2.0 February 2005 October 2006 SAML 2.0 > Bootstrap from SAML 2.0 single sign-on > SAML 2.0 tokens People Service > End user group, role management > Cross-provider principal references Subscription, notification > Building on Data Services Template (DST) specification 36
37 Identity Services
38 Identity Services Authentication, Authorization, Audit, and Provisioning (AAAP) exposed as Services Focused on enabling developers, simplifying security Container plug-ins for runtime injection and validation of Identity Tokens > Glassfish, WebSphere, WebLogic; possibly Tomcat, JBOSS Reusable AAAP services as building blocks for Business Integration and Composite Applications Supported on developers IDEs of choice > NetBeans, Eclipse, Visual Studio 38
39 Why Identity Services? AAAP are core services in any identity-enabled application whether for security or personalization Injecting and consuming identity in applications must get easier > Runtime configuration for container as opposed to building into application Essential elements for building a Secure Service Oriented Architecture (SOA) 39
40 Why Identity Services? Developers: > > > > Aren t focused on identity, not a core competency Need Identity Services exposed as basic building blocks Want to focus on business logic, not the identity implementation Prefer writing secure applications over security code 40
41 OpenSSO
42 What is OpenSSO? Provides an extensible implementation of an identity services infrastructure that will facilitate single sign-on for web applications hosted on web servers and application servers. Provides open, standards-based authentication and policy-based authorization with a single, unified framework Based on Sun Java System Access Manager/Federation Manager codebase Delivered as a simple WAR file that can be deployed in minutes. 42
43 What's in OpenSSO? 3 main features > Authentication & Single Sign-On > Centralized Authorization Services (Access Control) > Federation Provides the following: > > > > > > User Session Management Authentication Service Policy-based Authorization Service SAML Service Federation Service Logging Service 43
44 Identity Services through OpenSSO 44
45 OpenSSO Architecture Integrated Console Authentication Management Authentication Admin Utilities Policy Management Federation Management Authorization CLI Single Sign-on Access Manager Server Web Policy Agents Authentication Service Policy Service Session Service SAML Service Identity Repository Service Realms Delegation Service Logging Services Liberty Service J2EE Policy Agents WS Security Agents Client SDK Data Store AM Information Tree Identity Repository 45
46 Loan Processing Use Case Scenario Loan Requestor Loan Request JSP Composite Application Loan Request Loan Processor Jane requesting for Loan WSDL WSDL WSDL WSDL Access Manager Server Integrated Console Web Policy Agents Authentication Service Policy Service Session Service SAML Service Identity Repository Service Realms Delegation Service Logging Services Liberty Service J2EE Policy Agents WS Security Agents Client SDK 46
47 Participate! OpenSSO web site - > Join now! Downloads > Try it out! Mailing Lists > dev, users, announce IRC Channel - #opensso > Real-time > On-line community 47
48 Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 48 48
49 Example Use Case Scenario
50 Example: Loan Processing Application Loan Requestor Loan Request JSP Composite Application Loan Request Loan Processor Jane requesting for Loan YES/NO Ship Notice Is Loan Approved Ship Notice 50
51 Example: Loan Processing Application 1.User Authentication at JSP 2.Secure Web Service Communication from JSP to CA > User Identity must be forwarded to CA 3.CA must authenticate web service request 4.CA may authorize the operation 5.CA may obtain the identity's profile 6.CA's outbound service call(s) to Loan Processor(s) > Secure the communication > Identity Federation 51
52 Requirements for Web Service Identity Identify the Principal Locate the Service Preserve Identity > Across multiple hops > Across domain boundaries > Across vendors' products Using existing technologies and idioms Maintaining privacy 52
53 Authentication Service User Credential Validation Loan Requestor > Username & Password > Liberty ID-WSF Authentication Service > X.509 > Kerberos > Generic Callbacks Security Token Generation & Validation > Liberty Discovery Service > WS-Trust (STS) > Kerberos Loan Request JSP Composite Application Jane requesting for Loan Authentication Service 53
54 Authorization Service Based on Authenticated Identity Access Control Policies XACML Fine-grain policies Loan Requestor JSP Composite Loan Request Loan Processor Application AuthZ Service AuthZ Service 54
55 Provisioning Service User Provisioning & Self-registration User Profile Management Workflow Loan Requestor SPML Loan Request JSP CompositeLoan Request Loan Processor Application Jane requesting for Loan Identity Store Identity Store 55
56 Federated Identities Account Linking Liberty ID-FF SAML v2 WS-Federation Loan Requestor JSP Composite Loan Request Loan Processor Application Identity Store Account Federation Identity Store 56
57 Configuration Mechanisms Using APIs (product specific APIs) WSIT, JSR 196 (Java Authentication Service Provider Interface for Containers) Plugin Policy Agent plugin for standard Application Servers JAX-WS Handlers Servlet filter 57
58 Container Plugins Loan Requestor Loan Request JSP Composite Application Loan Request Loan Processor Jane requesting for Loan User Authentication * Set Subject * Self Registration * Profile Management *... * Authenticate Request * Message Integrity * Authorize Request * Set Subject *... * Secure Web Service * Message Integrity * Confidentiality * Profile Attributes *... * 58
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO April 19, 2008 Pat Patterson Federation Architect pat.patterson@sun.com blogs.sun.com/superpat Agenda Web Access Management > The Problem > The Solution >
More informationSecure the Web: OpenSSO
Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based
More informationOpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com
OpenSSO: Simplify Your Single-Sign-On Needs Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com 1 Agenda Enterprise security needs What is OpenSSO? OpenSSO features > > > > SSO and
More informationSoftware Requirement Specification Web Services Security
Software Requirement Specification Web Services Security Federation Manager 7.5 Version 0.3 (Draft) Please send comments to: dev@opensso.dev.java.net This document is subject to the following license:
More informationFederated Identity Management Solutions
Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single
More informationIdentity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE
Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More informationAn Oracle White Paper Dec 2013. Oracle Access Management Security Token Service
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
More informationInteroperable Provisioning in a Distributed World
Interoperable Provisioning in a Distributed World Mark Diodati, Burton Group Ramesh Nagappan, Sun Microsystems Sampo Kellomaki, SymLabs 02/08/07 IAM 302 Contacts Mark Diodati (mdiodati@burtongroup.com)
More informationSecure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact
Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Robert C. Broeckelmann Jr., Enterprise Middleware Architect Ryan Triplett, Middleware Security Architect Requirements
More informationMasdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae
Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation
More informationBiometric Single Sign-on using SAML
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationOpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.
OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere. OpenAM, the only all-in-one open source access management solution, provides the
More informationAllidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationInternet Single Sign-On Systems
Internet Single Sign-On Systems Radovan SEMANČÍK nlight, s.r.o. Súľovská 34, 812 05 Bratislava, Slovak Republic semancik@nlight.sk Abstract. This document describes the requirements and general principles
More informationImplementation Guide SAP NetWeaver Identity Management Identity Provider
Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationPingFederate. SSO Integration Overview
PingFederate SSO Integration Overview 2006-2012 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 6.6 January, 2012 Ping Identity Corporation 1001 17th Street,
More informationCA Adapter. Installation and Configuration Guide for Windows. r2.2.9
CA Adapter Installation and Configuration Guide for Windows r2.2.9 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationFederated Identity in the Enterprise
www.css-security.com 425.216.0720 WHITE PAPER The proliferation of user accounts can lead to a lowering of the enterprise security posture as users record their account information in order to remember
More informationSingle Sign On In A CORBA-Based
Single Sign On In A CORBA-Based Based Distributed System Igor Balabine IONA Security Architect Outline A standards-based framework approach to the Enterprise application security Security framework example:
More informationSecurely Managing and Exposing Web Services & Applications
Securely Managing and Exposing Web Services & Applications Philip M Walston VP Product Management Layer 7 Technologies Layer 7 SecureSpan Products Suite of security and networking products to address the
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationExtending DigiD to the Private Sector (DigiD-2)
TECHNISCHE UNIVERSITEIT EINDHOVEN Department of Mathematics and Computer Science MASTER S THESIS Extending DigiD to the Private Sector (DigiD-2) By Giorgi Moniava Supervisors: Eric Verheul (RU, PwC) L.A.M.
More informationFederated Identity Architectures
Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,
More informationTitle: A Client Middleware for Token-Based Unified Single Sign On to edugain
Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de
More informationBiometric Single Sign-on using SAML Architecture & Design Strategies
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan Java Technology Architect Sun Microsystems Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand
More informationNetworkingPS Federated Identity Solution Solutions Overview
NetworkingPS Federated Identity Solution Solutions Overview OVERVIEW As the global marketplace continues to expand, new and innovating ways of conducting business are becoming a necessity in order for
More informationTHE NEW DIGITAL EXPERIENCE
steffo.weber@oracle.com SECURING THE NEW DIGITAL EXPERIENCE Dr Steffo Weber, Oracle BridgFilling the UX gap for mobile enterprise applications. May,-2014 Latest Entries Protecting IDPs from malformed SAML
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationWebNow Single Sign-On Solutions
WebNow Single Sign-On Solutions Technical Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2015 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact,
More informationSingle Sign-on (SSO) technologies for the Domino Web Server
Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145
More informationTrusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents
Trusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents Farrukh Najmi and Eve Maler farrukh.najmi@sun.com, eve.maler@sun.com Sun Microsystems, Inc. Goals for today's
More informationCA SiteMinder. Implementation Guide. r12.0 SP2
CA SiteMinder Implementation Guide r12.0 SP2 This documentation and any related computer software help programs (hereinafter referred to as the "Documentation") are for your informational purposes only
More informationTHE NEW DIGITAL EXPERIENCE
steffo.weber@oracle.com maximilian.liesegang@esentri.com SECURING THE NEW DIGITAL EXPERIENCE Steffo Weber, Oracle & Max Liesegang, esentri BridgFilling the UX gap for mobile enterprise applications. May,-2014
More informationOpenSSO: Cross Domain Single Sign On
OpenSSO: Cross Domain Single Sign On Version 0.1 History of versions Version Date Author(s) Changes 0.1 11/30/2006 Dennis Seah Contents Initial Draft. 1 Introduction 1 2 Single Domain Single Sign-On 2
More informationIdentity Server Guide Access Manager 4.0
Identity Server Guide Access Manager 4.0 June 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF
More informationEnabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management
More informationSAML, The Liberty Alliance, and Federation* Eve Maler eve.maler@sun.com http://www.xmlgrrl.com/blog
SAML, The Liberty Alliance, and Federation* Eve Maler eve.maler@sun.com http://www.xmlgrrl.com/blog IIWb, Mountain View, CA, 4 December 2006 1 When you distribute identity tasks and information in the
More informationFederated Identity and Single Sign-On using CA API Gateway
WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED
More informationSAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationAccess Management Analysis of some available solutions
Access Management Analysis of some available solutions Enterprise Security & Risk Management May 2015 Authors: Yogesh Kumar Sharma, Kinshuk De, Dr. Sundeep Oberoi Access Management - Analysis of some available
More informationIMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS
APPLICATION NOTE IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS SAML 2.0 combines encryption and digital signature verification across resources for a more
More informationNovell Access Manager
Novell Access Manager Product Overview Kiran Mova Agenda Introduction Architecture IDP AG SSL VPN Administration Console How it works? Web SSO Federation SSO Protect HTTP Resources Protect non-http Resources
More informationT-Check in Technologies for Interoperability: Web Services and Security Single Sign-On
T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On Lutz Wrage Soumya Simanta Grace A. Lewis Saul Jaspan December 2007 TECHNICAL NOTE CMU/SEI-2008-TN-026 Integration
More informationAuthentication Integration
Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication
More informationCrawl Proxy Installation and Configuration Guide
Crawl Proxy Installation and Configuration Guide Google Enterprise EMEA Google Search Appliance is able to natively crawl secure content coming from multiple sources using for instance the following main
More informationNew Generation of Liberty. for Enterprise. Fulup Ar Foll, Sun Microsystems Fulup@sun.com
New Generation of Liberty TEG Federated Progress Architecture Update for Enterprise Fulup Ar Foll, Sun Microsystems fulup@sun.com 1 Identity Framework Problematic User Seamless (nothing is too simple)
More informationThis Working Paper provides an introduction to the web services security standards.
International Civil Aviation Organization ATNICG WG/8-WP/12 AERONAUTICAL TELECOMMUNICATION NETWORK IMPLEMENTATION COORDINATION GROUP EIGHTH WORKING GROUP MEETING (ATNICG WG/8) Christchurch New Zealand
More informationIdentity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH
Identity opens the participation age Open Web Single Sign- On und föderierte SSO Dr. Rainer Eschrich Program Manager Identity Management Sun Microsystems GmbH Agenda The Identity is the Network Driving
More informationIntroduction to Oracle WebLogic. Presented by: Fatna Belqasmi, PhD, Researcher at Ericsson
Introduction to Oracle WebLogic Presented by: Fatna Belqasmi, PhD, Researcher at Ericsson Agenda Overview Download and installation A concrete scenario using the real product Hints for the project Overview
More informationJVA-122. Secure Java Web Development
JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard
More informationFTP-Stream Integrating Active Directory Federation Services
FTP-Stream Integrating Active Directory Federation Services 1 Overview Active Directory Federation Services (ADFS) is a standards-based service that allows the secure sharing of identity information between
More informationStronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSO using OpenSSO Enterprise and BiObex TM Ramesh Nagappan Sun Microsystems, Burlington, MA ramesh.nagappan@sun.com http://www.coresecuritypatterns.com/blogs Setting
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationLiberty Alliance. What's After Federation. Fulup Ar Foll Master Architect Sun Microsystems
Liberty Alliance What's After Federation Fulup Ar Foll Master Architect Sun Microsystems What's About Federation Federation of providers (CoT), a group of entities providing services who signed agreement,
More informationWhite Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution
White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations
More informationFederated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.
PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading
More informationUsing SAML for Single Sign-On in the SOA Software Platform
Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software
More informationOracle WebLogic Foundation of Oracle Fusion Middleware. Lawrence Manickam Toyork Systems Inc www.toyork.com http://ca.linkedin.
Oracle WebLogic Foundation of Oracle Fusion Middleware Lawrence Manickam Toyork Systems Inc www.toyork.com http://ca.linkedin.com/in/lawrence143 History of WebLogic WebLogic Inc started in 1995 was a company
More informationSecuring WebFOCUS A Primer. Bob Hoffman Information Builders
Securing WebFOCUS A Primer Bob Hoffman Information Builders 1 Agenda Gain an understanding of the WebFOCUS Architecture Where can security be implemented? Review the internal WebFOCUS repository and resource
More informationThe Challenges of Web single sign-on
Serge Vereecke Security Architect IBM Security Services serge_vereecke@be.ibm.com The Challenges of Web single sign-on GSE Event September 7, 2012 Agenda Single sign-on technology Why single sign-on Challenges
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?
More informationCA Single Sign-On Migration Guide
CA Single Sign-On Migration Guide Web access management (WAM) systems have been a part of enterprises for decades. It is critical to control access and audit applications while reducing the friction for
More informationIBM WebSphere Application Server
IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application
More informationSCUR203 Why Do We Need Security Standards?
SCUR203 Why Do We Need Security Standards? Cristina Buchholz Product Security, SAP Learning Objectives As a result of this workshop, you will be able to: Recognize the need for standardization Understand
More informationDistributed Identity Management Model for Digital Ecosystems
International Conference on Emerging Security Information, Systems and Technologies Distributed Identity Management Model for Digital Ecosystems Hristo Koshutanski Computer Science Department University
More informationNetIQ Access Manager. Developer Kit 3.2. May 2012
NetIQ Access Manager Developer Kit 3.2 May 2012 Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON DISCLOSURE
More informationSecurity Services. Benefits. The CA Advantage. Overview
PRODUCT BRIEF: CA SITEMINDER FEDERATION SECURITY SERVICES CA SiteMinder Federation Security Services CA SITEMINDER FEDERATION SECURITY SERVICES EXTENDS THE WEB SINGLE SIGN-ON EXPERIENCE PROVIDED BY CA
More informationSecuring Enterprise: Employability and HR
1 Securing Enterprise: Employability and HR Federation and XACML as Security and Access Control Layer Open Standards Forum 2 Employability and HR Vertical Multiple Players - Excellent case for federation
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationIntegrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies
Guideline Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies Product(s): IBM Cognos 8 BI Area of Interest: Security Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies 2 Copyright
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationIdentity Federation Management to make Operational and Business Efficiency through SSO
2012 International Conference on Industrial and Intelligent Information (ICIII 2012) IPCSIT vol.31 (2012) (2012) IACSIT Press, Singapore Identity Federation Management to make Operational and Business
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities. With so
More informationDirX Access V8.4. Web Access Management and Identity Federation. Technical Data Sheet
Technical Data Sheet DirX Access V8.4 Web Access Management and Identity Federation DirX Access is a comprehensive, cloud-ready, scalable, and highly available access management solution providing policy-based
More informationSAML SSO Configuration
SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting
More informationThe Role of Federation in Identity Management
The Role of Federation in Identity Management August 19, 2008 Andrew Latham Solutions Architect Identity Management 1 The Role of Federation in Identity Management Agenda Federation Backgrounder Federation
More informationEnabling SAML for Dynamic Identity Federation Management
Enabling SAML for Dynamic Identity Federation Management Patricia Arias, Florina Almenárez, Andrés Marín and Daniel Díaz-Sánchez University Carlos III of Madrid http://pervasive.gast.it.uc3m.es/ WMNC 2009
More informationSingle Sign-on. Overview. Using SSO with the Cisco WebEx and Cisco WebEx Meeting. Overview, page 1
Overview, page 1 Using SSO with the Cisco WebEx and Cisco WebEx Meeting Applications, page 1 Requirements, page 2 Configuration of in Cisco WebEx Messenger Administration Tool, page 3 Sample Installation
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.
More informationOpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way
OpenAM Written and tested with OpenAM Snapshot 9 the Single Sign-On (SSO) tool for securing your web applications in a fast and easy way Indira Thangasamy [ PUBLISHING 1 open source 1 community experience
More informationAbout Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack
Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer
More informationHow To Configure The Jasig Casa Single Sign On On A Workstation On Ahtml.Org On A Server On A Microsoft Server On An Ubuntu 7.5.3 (Windows) On A Linux Computer On A Raspberry V
Configuring CAS-based SSO with ActiveVOS on Apache Tomcat Technical Note Version: 1.3 Dated: August 2013 2013 Informatica Corporation ActiveVOS is a trademark of Informatica, Inc. All other company and
More informationUsing Shibboleth for Single Sign- On
Using Shibboleth for Single Sign- On One Logon to Rule them all.. Kirk Yaros Director, Enterprise Services Mott Community College 1 Agenda Overview of Mott Overview of Shibboleth and Mott s Project Review
More informationIONA Security Platform
IONA Security Platform February 22, 2002 Igor Balabine, PhD IONA Security Architect Copyright IONA Technologies 2001 End 2 Anywhere Agenda IONA Security Platform (isp) architecture Integrating with Enterprise
More informationOn A-Select and Federated Identity Management Systems
On A-Select and Federated Identity Management Systems Joost Reede August 4, 2007 Master s Thesis Information Systems Chair Computer Science Department University of Twente ii This thesis is supervised
More informationWhy Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity)
Why Identity Management Identity Management Claudiu Duma Identity crisis Privacy concerns Identity theft Terrorist threat Department of Computer and Information Science cladu@ida.liu.se What We Cover Digital
More informationHow To Use Saml 2.0 Single Sign On With Qualysguard
QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationHow To Get A Single Sign On (Sso)
Single Sign-On Vijay Kumar, CISSP Agenda What is Single Sign-On (SSO) Advantages of SSO Types of SSO Examples Case Study Summary What is SSO Single sign-on is a user/session authentication process that
More informationSAML 2.0 SSO Deployment with Okta
SAML 2.0 SSO Deployment with Okta Simplify Network Authentication by Using Thunder ADC as an Authentication Proxy DEPLOYMENT GUIDE Table of Contents Overview...3 The A10 Networks SAML 2.0 SSO Deployment
More informationSOA, case Google. Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901.
Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901 SOA, case Google Written by: Sampo Syrjäläinen, 0337918 Jukka Hilvonen, 0337840 1 Contents 1.
More information> Please fill your survey to be eligible for a prize draw. Only contact info is required for prize draw Survey portion is optional
Web Access Management May 2008 CA Canada Seminar > Please fill your survey to be eligible for a prize draw Only contact info is required for prize draw Survey portion is optional > How to Transform Tactical
More informationSAML Federated Identity at OASIS
International Telecommunication Union SAML Federated Identity at OASIS Hal Lockhart BEA Systems Geneva, 5 December 2006 SAML and the OASIS SSTC o SAML: Security Assertion Markup Language A framework for
More information