Single Sign-on (SSO) technologies for the Domino Web Server

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Single Sign-on (SSO) technologies for the Domino Web Server"

Transcription

1 Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, IBM Corporation

2 Welcome Participant Passcode: IBM Corporation 2

3 Agenda USA Toll Free (866) USA Toll (210) SSO using LTPA LTPA SSO configurations with Domino and WebSphere Windows Single Sign-on for Web Clients (SPNEGO) Extending the Domino Web Server using DSAPI Participant Passcode: IBM Corporation 3

4 Fewer password prompts, fewer passwords in general We need single sign-on (SSO) because: High administrative cost for managing passwords. Users can't remember a lot of passwords. Password prompts are annoying. Many different passwords leads to lower security. If we use cryptographic mechanisms instead of passwords, we can improve security and minimize cost IBM Corporation 4

5 Lightweight Third Party Authentication (LTPA) LTPA is one of IBM's SSO solutions. Architecture allows interoperability with other SSO solutions. Web scenarios use an encrypted browser cookie. LtpaToken : original format LtpaToken2 : recommended, more secure format 2011 IBM Corporation 5

6 SSO Using LTPA Overview (Part 1) User browses to a Domino URL User is challenged for user name and password 2011 IBM Corporation 6

7 SSO Using LTPA Overview (Part 2) Domino authenticates the user. Behind the scenes: Domino returns an LTPA token (browser cookie) that represents the logged in user. Browser LtpaToken 2011 IBM Corporation 7

8 SSO Using LTPA Overview (Part 3) User can browse to URLs on Domino and other SSO servers without repeating login steps. Browser automatically sends LtpaToken in HTTP requests. Single sign-on works because SSO servers honor the LtpaToken to represent the logged in user. Browser LtpaToken 2011 IBM Corporation 8

9 Configuration Shared By Domino SSO Servers SSO document configured in Domino directory. Document is encrypted for participating servers. Document contains SSO keys used to create/verify the LTPA cryptographic tokens. SSO servers in one DNS domain (browser cookie set for domain) IBM Corporation 9

10 SSO Configuration Document Name vs Token Name Historically the SSO document by default named LtpaToken. The SSO document can be configured to have any arbitrary name. SSO document name is not related to the token format choice IBM Corporation 10

11 Where to Find the SSO Configuration Document If Internet Site configuration is turned on in the server document (recommended): Internet Sites view contains the SSO configuration document. One server can have different SSO configurations for its various URLs. If Internet Site configuration is turned off in the server document: Web Configuration view (one SSO configuration applies to all URLs on the Domino server) 2011 IBM Corporation 11

12 Agenda USA Toll Free (866) USA Toll (210) SSO using LTPA LTPA SSO configurations with Domino and WebSphere Windows Single Sign-on for Web Clients (SPNEGO) Extending the Domino Web Server using DSAPI Participant Passcode: IBM Corporation 12

13 LTPA SSO with WebSphere and Domino User can login first to WebSphere, or can login first to Domino. LTPA token created by Domino will be honored by WebSphere, and vice versa. Servers must share the same SSO cryptographic keys. Browser LtpaToken 2011 IBM Corporation 13

14 Sharing cryptographic keys with WebSphere Create keys in WebSphere Export to file, import into Domino. WebSphere options to automatically regenerate keys usually are impractical in SSO configuration with Domino. Domino Import WebSphere LTPA keys option You can add additional token format(s), but keep the LDAP realm as is IBM Corporation 14

15 Name Mapping often is needed The user's LTPA token contains the user's distinguished name. User's Domino distinguished name found on Domino database ACLs: CN=Walter Neff/O=Renovations User's distinguished name in WebSphere's LDAP directory: CN=Walter Neff,CN=users,DC=ad,DC=east,DC=renovations,DC=com Domino Directory Active Directory wneff Password: ******* CN=Walter Neff/O=Renovations wneff Password: ******* CN=walter neff,cn=users,dc=ad,dc=east,d C=renovations,DC=com 2011 IBM Corporation 15

16 Directory choices: where do you want to make directory modifications for SSO? The LTPA token will need to contain the user's WebSphere LDAP distinguished name. Name mapping using Domino person records: Store user's WebSphere LDAP distinguished name OR Name mapping using WebSphere's LDAP directory: Store user's Domino distinguished name Configure Domino directory assistance to LDAP Active Directory Domino Directory wneff Password: ******* CN=Walter Neff/O=Renovations wneff Password: ******* CN=walter neff,cn=users,dc=ad,dc=east,d C=renovations,DC=com 2011 IBM Corporation 16

17 SSO name mapping using Domino directory Configure Domino to create the LTPA token containing the user's WebSphere name: CN=Walter Neff,CN=users,DC=ad,DC=east,DC=renovations,DC=com SSO document the user's Person record: 2011 IBM Corporation 17

18 SSO name mapping using WebSphere's directory Configure WebSphere's LDAP directory to contain the user's Domino name in an LDAP attribute (eg. NotesDN ): CN=Walter Neff,O=Renovations SSO document Directory Assistance to LDAP: 2011 IBM Corporation 18

19 Agenda USA Toll Free (866) USA Toll (210) SSO using LTPA LTPA SSO configurations with Domino and WebSphere Windows Single Sign-on for Web Clients (SPNEGO) Extending the Domino Web Server using DSAPI Participant Passcode: IBM Corporation 19

20 SSO Using LTPA (Part 1) User browses to a Domino URL User is challenged for user name and password 2011 IBM Corporation 20

21 Windows Single Sign-on for Web Clients User browses to a Domino URL Avoid the user name and password challenge! Solution leverages the logged in user's Windows credentials IBM Corporation 21

22 Windows Single Sign-on for Web Clients (SPNEGO) User acquires Kerberos credentials when starting Windows. Windows verifies user's password. Password never travels over the wire. SSO technology leveraging the Windows credentials sometimes called by these names: SPNEGO Integrated Windows Authentication for the Windows Intranet Windows login info Kerberos credentials Windows Domain Controller (Kerberos security) Active Directory 2011 IBM Corporation 22

23 SPNEGO protocol used by browsers Protocol used to authenticate a user to an HTTP server. Simple and Protected gssapi NEGOtiation Microsoft published RFCs 4559, 4178 Windows Domain Controller (Kerberos security) Active Directory SPNEGO support Browser SPNEGO support 2011 IBM Corporation 23

24 Windows and Domino SPNEGO/Kerberos Many setup steps to be done by the Active Directory administrator using Windows tools. Domino is assigned a Windows service name (SPN) Logged in user can acquire a Kerberos ticket for the Domino server. Windows creates the Kerberos ticket. The Kerberos ticket identifies: Domino Windows service name User's Kerberos name SPNEGO-aware browsers know how to Ask Windows for a Kerberos ticket, based on a) browser configuration, and b) the user's requested URL. Send the Kerberos ticket as part of SPNEGO protocol request SPNEGO-aware Domino validates the ticket to authenticate the user IBM Corporation 24

25 Domino and WebSphere SPNEGO implementations return an LTPA token to the browser User logs in to Windows. User starts browser and browses to Domino URL. Windows Domain Controller (Kerberos security) Active Directory SPNEGO support Browser SPNEGO support 2011 IBM Corporation 25

26 Domino and WebSphere SPNEGO implementations return an LTPA token to the browser User logs in to Windows. User starts browser and browses to Domino URL. SPNEGO/Kerberos used to authenticate to Domino. Domino returns LTPA token to facilitate SSO to other servers. Windows Domain Controller (Kerberos security) Active Directory SPNEGO support Browser LtpaToken SPNEGO support 2011 IBM Corporation 26

27 Name Mapping is required The Kerberos ticket contains the user's Kerberos name User's Domino distinguished name found on Domino database ACLs: CN=Walter Neff/O=Renovations User's distinguished name in Active directory used with LTPA: CN=Walter Neff,CN=users,DC=ad,DC=east,DC=renovations,DC=com (recommended) Set up name mapping using Directory Assistance to Active Directory See topic=/com.ibm.help.domino.admin85.doc/h_setting_up_sp NEGO_AUTHENTICATION_FOR_WEB_CLIENTS_STEPS.html 2011 IBM Corporation 27

28 Configure SPNEGO/Kerberos at Domino Lots of Window setup, and the Domino Windows server must run as a Windows service. The SSO document turns on the feature for the web server URLs IBM Corporation 28

29 Domino LTPA vs Domino SPNEGO/Kerberos LTPA solution (Domino challenges for user password): Supports Internet deployment: client browser can be located anywhere. All supported platforms for Domino servers and web clients. Servers in same DNS domain. SPNEGO/Kerberos solution (Windows challenges for user password): Intranet deployment only! Does not work across a firewall. Supported only on Domino Windows servers, in Windows domain with Active Directory. Tested with Windows browser clients. **Requires browser configuration. Integrated with LTPA. (Servers in same DNS domain.) 2011 IBM Corporation 29

30 Agenda USA Toll Free (866) USA Toll (210) SSO using LTPA LTPA SSO configurations with Domino and WebSphere Windows Single Sign-on for Web Clients (SPNEGO) Extending the Domino Web Server using DSAPI Participant Passcode: IBM Corporation 30

31 DSAPI You can write a C program to handle Domino web server events. Lotus C API reference provides the DSAPI specification. You write and build the DSAPI C code into a library (e.g. Windows dll). Your DSAPI filter can handle authentication and any other HTTP event. You install the DSAPI library onto your Domino server. You configure Domino HTTP to load the DSAPI library on web server startup IBM Corporation 31

32 DSAPI authentication filter Your DSAPI library can handle authentication events: Your program registers an authentication filter at HTTP startup. Domino will call your program when there is a request to access resources for which the user must be authenticated. Your C program could call a third party system, or prompt the user to login and verify the credentials. Outcome of a successful DSAPI authentication must provide Domino with the user's name (usually Domino distinguished name format). After successful DSAPI authentication, the web server may be configured to provide an LTPA token. Example Windows DSAPI authentication filter: action=opendocument&name=sso%20for%20web%20for %20non%20Windows%20Servers 2011 IBM Corporation 32

33 Questions Press *1 on your telephone to ask a question. IBM Lotus Support page 2011 IBM Corporation 33

34 Legal Disclaimer IBM Corporation All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this publication to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. IBM, Lotus, Lotus Notes, Notes, and Domino are trademarks of International Business Machines Corporation in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. All references to renovations.com refer to a fictitious company and are used for illustration purposes only IBM Corporation 34

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole

More information

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website:

More information

Leverage Active Directory with Kerberos to Eliminate HTTP Password

Leverage Active Directory with Kerberos to Eliminate HTTP Password Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website: www.pistolstar.com

More information

Sametime Version 9. Integration Guide. Integrating Sametime 9 with Domino 9, inotes 9, Connections 4.5, and WebSphere Portal 8.0.0.

Sametime Version 9. Integration Guide. Integrating Sametime 9 with Domino 9, inotes 9, Connections 4.5, and WebSphere Portal 8.0.0. Sametime Version 9 Integration Guide Integrating Sametime 9 with Domino 9, inotes 9, Connections 4.5, and WebSphere Portal 8.0.0.1 Edition Notice Note: Before using this information and the product it

More information

Configure Single Sign on Between Domino and WPS

Configure Single Sign on Between Domino and WPS Configure Single Sign on Between Domino and WPS What we are doing here? Ok now we have the WPS server configured and running with Domino as the LDAP directory. Now we are going to configure Single Sign

More information

Step- by- Step guide to Configure Single sign- on for HTTP requests using SPNEGO web authentication

Step- by- Step guide to Configure Single sign- on for HTTP requests using SPNEGO web authentication Step- by- Step guide to Configure Single sign- on for HTTP requests using SPNEGO web authentication Summary STEP- BY- STEP GUIDE TO CONFIGURE SINGLE SIGN- ON FOR HTTP REQUESTS USING SPNEGO WEB AUTHENTICATION

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

Integrating WebSphere Portal V8.0 with Business Process Manager V8.0

Integrating WebSphere Portal V8.0 with Business Process Manager V8.0 2012 Integrating WebSphere Portal V8.0 with Business Process Manager V8.0 WebSphere Portal & BPM Services [Page 2 of 51] CONTENTS CONTENTS... 2 1. DOCUMENT INFORMATION... 4 1.1 1.2 2. INTRODUCTION... 5

More information

IBM Digital Experience meets IBM WebSphere Commerce

IBM Digital Experience meets IBM WebSphere Commerce Portal Arbeitskreis - 27.10.2014 IBM Digital Experience meets IBM WebSphere Commerce Stefan Koch Chief Programmer IBM Digital Experience 2013 IBM Corporation 2 2013 IBM Corporation Integration Pattern

More information

Security Provider Integration Kerberos Authentication

Security Provider Integration Kerberos Authentication Security Provider Integration Kerberos Authentication 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are

More information

Table 1 shows the LDAP server configuration required for configuring the federated repositories in the Tivoli Integrated Portal server.

Table 1 shows the LDAP server configuration required for configuring the federated repositories in the Tivoli Integrated Portal server. Configuring IBM Tivoli Integrated Portal server for single sign-on using Simple and Protected GSSAPI Negotiation Mechanism, and Microsoft Active Directory services Document version 1.0 Copyright International

More information

Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies

Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies Guideline Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies Product(s): IBM Cognos 8 BI Area of Interest: Security Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies 2 Copyright

More information

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.1.1

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.1.1 Mashup Sites for SharePoint 2007 Authentication Guide Version 3.1.1 Copyright Copyright 2010-2011, JackBe Corp. and its affiliates. All rights reserved. Terms of Use This documentation may be printed and

More information

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.2.1

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.2.1 Mashup Sites for SharePoint 2007 Authentication Guide Version 3.2.1 Copyright Copyright 2012, JackBe Corp. and its affiliates. All rights reserved. Terms of Use This documentation may be printed and copied

More information

IBM WebSphere Application Server

IBM WebSphere Application Server IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application

More information

IBM WebSphere Application Server

IBM WebSphere Application Server IBM WebSphere Application Server OAuth 2.0 service provider and TAI 2012 IBM Corporation This presentation describes support for OAuth 2.0 included in IBM WebSphere Application Server V7.0.0.25. WASV70025_OAuth20.ppt

More information

JMP105 JumpStart: Single Sign-on (SAML) Administration Basics

JMP105 JumpStart: Single Sign-on (SAML) Administration Basics JMP105 JumpStart: Single Sign-on (SAML) Administration Basics Jane Marcus jmarcus@us.ibm.com Senior software engineer, IBM 2014 IBM Corporation Agenda Single sign-on introduction SAML concepts Domino 9.x

More information

How-to: Single Sign-On

How-to: Single Sign-On How-to: Single Sign-On Document version: 1.02 nirva systems info@nirva-systems.com nirva-systems.com How-to: Single Sign-On - page 2 This document describes how to use the Single Sign-On (SSO) features

More information

Configuring Sponsor Authentication

Configuring Sponsor Authentication CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

More information

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications Collaboration Technology Support Center - Microsoft - Collaboration Brief March 2005 Using SAP Logon Tickets for Single Sign on to Microsoft based web applications André Fischer, Project Manager CTSC,

More information

Web servers and WebSphere Portal

Web servers and WebSphere Portal Web servers and WebSphere Portal By default IBM WebSphere Portal uses the internal HTTP transport within IBM WebSphere Application Server to handle requests. However, because WebSphere Application Server

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,

More information

SINGLE SIGNON FUNCTIONALITY IN HATS USING MICROSOFT SHAREPOINT PORTAL

SINGLE SIGNON FUNCTIONALITY IN HATS USING MICROSOFT SHAREPOINT PORTAL SINGLE SIGNON FUNCTIONALITY IN HATS USING MICROSOFT SHAREPOINT PORTAL SINGLE SIGNON: Single Signon feature allows users to authenticate themselves once with their credentials i.e. Usernames and Passwords

More information

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices

More information

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management Security Comparison Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309

More information

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

Single Sign On. Configuration Checklist for Single Sign On CHAPTER CHAPTER 39 The single sign on feature allows end users to log into a Windows client machine on a Windows domain, then use certain Cisco Unified Communications Manager applications without signing on again.

More information

Enabling single sign-on for Cognos 8/10 with Active Directory

Enabling single sign-on for Cognos 8/10 with Active Directory Enabling single sign-on for Cognos 8/10 with Active Directory Overview QueryVision Note: Overview This document pulls together information from a number of QueryVision and IBM/Cognos material that are

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

TIBCO Spotfire Platform IT Brief

TIBCO Spotfire Platform IT Brief Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily

More information

Ensure that your environment meets the requirements. Provision the OpenAM server in Active Directory, then generate keytab files.

Ensure that your environment meets the requirements. Provision the OpenAM server in Active Directory, then generate keytab files. This chapter provides information about the feature which allows end users to log into a Windows client machine on a Windows domain, then use certain Cisco Unified Communications Manager applications without

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

Kerberos and Windows SSO Guide Jahia EE v6.1

Kerberos and Windows SSO Guide Jahia EE v6.1 Documentation Kerberos and Windows SSO Guide Jahia EE v6.1 Jahia delivers the first Web Content Integration Software by combining Enterprise Web Content Management with Document and Portal Management features.

More information

IceWarp Server - SSO (Single Sign-On)

IceWarp Server - SSO (Single Sign-On) IceWarp Server - SSO (Single Sign-On) Probably the most difficult task for me is to explain the new SSO feature of IceWarp Server. The reason for this is that I have only little knowledge about it and

More information

Web Applications Access Control Single Sign On

Web Applications Access Control Single Sign On Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,

More information

Protecting Juniper SA using Certificate-Based Authentication. Quick Start Guide

Protecting Juniper SA using Certificate-Based Authentication. Quick Start Guide Protecting Juniper SA using Certificate-Based Authentication Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

SAML and OAUTH Technologies WebSphere Application Server

SAML and OAUTH Technologies WebSphere Application Server SAML and OAUTH Technologies WebSphere Application Server Bill O'Donnell STSM WebSphere Foundation Security Architect Session TAW-1701 Session TAW-1698 Please Note IBM s statements regarding its plans,

More information

Configuring Integrated Windows Authentication for JBoss with SAS 9.2 Web Applications

Configuring Integrated Windows Authentication for JBoss with SAS 9.2 Web Applications Configuring Integrated Windows Authentication for JBoss with SAS 9.2 Web Applications Copyright Notice The correct bibliographic citation for this manual is as follows: SAS Institute Inc., Configuring

More information

RSA Authentication Agents Security Best Practices Guide. Version 3

RSA Authentication Agents Security Best Practices Guide. Version 3 RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,

More information

Configuring Integrated Windows Authentication for JBoss with SAS 9.3 Web Applications

Configuring Integrated Windows Authentication for JBoss with SAS 9.3 Web Applications Configuring Integrated Windows Authentication for JBoss with SAS 9.3 Web Applications Copyright Notice The correct bibliographic citation for this manual is as follows: SAS Institute Inc., Configuring

More information

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001 Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance

More information

Security solutions Executive brief. Understand the varieties and business value of single sign-on.

Security solutions Executive brief. Understand the varieties and business value of single sign-on. Security solutions Executive brief Understand the varieties and business value of single sign-on. August 2005 2 Contents 2 Executive overview 2 SSO delivers multiple business benefits 3 IBM helps companies

More information

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual TIBCO Spotfire Web Player 6.0 Installation and Configuration Manual Revision date: 12 November 2013 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED

More information

Single Sign-On for Kerberized Linux and UNIX Applications

Single Sign-On for Kerberized Linux and UNIX Applications Likewise Enterprise Single Sign-On for Kerberized Linux and UNIX Applications AUTHOR: Manny Vellon Chief Technology Officer Likewise Software Abstract This document describes how Likewise facilitates the

More information

SSO Methods Supported by Winshuttle Applications

SSO Methods Supported by Winshuttle Applications Winshuttle and SSO SSO Methods Supported by Winshuttle Applications Single Sign-On (SSO) delivers business value by enabling safe, secure access to resources and exchange of information at all levels of

More information

OneLogin Integration User Guide

OneLogin Integration User Guide OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...

More information

CA SiteMinder. Implementation Guide. r12.0 SP2

CA SiteMinder. Implementation Guide. r12.0 SP2 CA SiteMinder Implementation Guide r12.0 SP2 This documentation and any related computer software help programs (hereinafter referred to as the "Documentation") are for your informational purposes only

More information

Configuring Integrated Windows Authentication for IBM WebSphere with SAS 9.2 Web Applications

Configuring Integrated Windows Authentication for IBM WebSphere with SAS 9.2 Web Applications Configuring Integrated Windows Authentication for IBM WebSphere with SAS 9.2 Web Applications Copyright Notice The correct bibliographic citation for this manual is as follows: SAS Institute Inc., Configuring

More information

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

IBM WebSphere Partner Gateway V6.2.1 Advanced and Enterprise Editions

IBM WebSphere Partner Gateway V6.2.1 Advanced and Enterprise Editions IBM WebSphere Partner Gateway V6.2.1 Advanced and Enterprise Editions Integrated SFTP server 2011 IBM Corporation The presentation gives an overview of integrated SFTP server feature IntegratedSFTPServer.ppt

More information

Single Sign On. SSO & ID Management for Web and Mobile Applications

Single Sign On. SSO & ID Management for Web and Mobile Applications Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

More information

IWA AUTHENTICATION FUNDAMENTALS AND DEPLOYMENT GUIDELINES

IWA AUTHENTICATION FUNDAMENTALS AND DEPLOYMENT GUIDELINES IWA AUTHENTICATION FUNDAMENTALS AND DEPLOYMENT GUIDELINES TECHNICAL BRIEF INTRODUCTION The purpose of this document is to explain how Integrated Windows Authentication (IWA) works with the ProxySG appliance,

More information

Enabling SSO between Cognos 8 and WebSphere Portal

Enabling SSO between Cognos 8 and WebSphere Portal Guideline Enabling SSO between Cognos 8 and WebSphere Portal Product(s): Cognos 8 Area of Interest: Security Enabling SSO between Cognos 8 and WebSphere Portal 2 Copyright Your use of this document is

More information

Use FortiWeb to Publish Applications

Use FortiWeb to Publish Applications Tech Brief Use FortiWeb to Publish Applications Replacing Microsoft TMG with a FortiWeb Web Application Firewall Version 0.2, 27 June 2014 FortiWeb Release 5.2.0 Introduction This document is intended

More information

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On How to implement the X.509 certificate based Single Sign-On solution from SAP Page 2 of 34 How to

More information

CA Spectrum and CA Embedded Entitlements Manager

CA Spectrum and CA Embedded Entitlements Manager CA Spectrum and CA Embedded Entitlements Manager Integration Guide CA Spectrum Release 9.4 - CA Embedded Entitlements Manager This Documentation, which includes embedded help systems and electronically

More information

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided

More information

IBM Software Services for Collaboration

IBM Software Services for Collaboration An introduction to: IBM Collaboration Services for ProjExec ProjExec is easy to use professional project management software that is combined with innovative social features to provide project teams a

More information

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...

More information

Single Sign-On Implementation Guide

Single Sign-On Implementation Guide Salesforce.com: Salesforce Winter '09 Single Sign-On Implementation Guide Copyright 2000-2008 salesforce.com, inc. All rights reserved. Salesforce.com and the no software logo are registered trademarks,

More information

QLIKVIEW MOBILE SECURITY

QLIKVIEW MOBILE SECURITY QLIKVIEW MOBILE SECURITY QlikView Technical Brief Published: March, 2011 qlikview.com QlikView Mobile Security Mobile devices are convenient, versatile and, for many employees, they are indispensable.

More information

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

HOTPin Integration Guide: Google Apps with Active Directory Federated Services HOTPin Integration Guide: Google Apps with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

PingFederate. IWA Integration Kit. User Guide. Version 3.0

PingFederate. IWA Integration Kit. User Guide. Version 3.0 PingFederate IWA Integration Kit Version 3.0 User Guide 2012 Ping Identity Corporation. All rights reserved. PingFederate IWA Integration Kit User Guide Version 3.0 April, 2012 Ping Identity Corporation

More information

Rational Asset Manager 7.2 Editions and Licensing

Rational Asset Manager 7.2 Editions and Licensing Rational Asset Manager 7.2 Editions and Licensing Derek D. Baron, ddbaron@us.ibm.com Product Manager, Rational Asset Manager 2009 IBM Corporation IBM Corporation 200 The information contained in this presentation

More information

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies

More information

Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V

Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V Agenda What is SSO? How does it work? Tools for SSO on ClearPath Integrating Active Directory

More information

Deploying RSA ClearTrust with the FirePass controller

Deploying RSA ClearTrust with the FirePass controller Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you

More information

Cloud Authentication. Getting Started Guide. Version 2.1.0.06

Cloud Authentication. Getting Started Guide. Version 2.1.0.06 Cloud Authentication Getting Started Guide Version 2.1.0.06 ii Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

Single Sign On. Configuration Checklist for Single Sign On CHAPTER CHAPTER 39 The single sign on feature allows end users to log into a Windows client machine on a Windows domain, then use certain Cisco Unified Communications Manager applications without signing on again.

More information

Vyom SSO-Edge: Single Sign-On for BMC Remedy

Vyom SSO-Edge: Single Sign-On for BMC Remedy Vyom SSO-Edge: Single Sign-On for BMC Remedy Guaranteed ROI of BMC Remedy with Reduced Service Desk Calls, Increased BMC Remedy Adoption, Improved End-User Satisfaction, Strengthened Security and Effective

More information

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House

More information

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials

More information

White paper December 2008. Addressing single sign-on inside, outside, and between organizations

White paper December 2008. Addressing single sign-on inside, outside, and between organizations White paper December 2008 Addressing single sign-on inside, outside, and between organizations Page 2 Contents 2 Overview 4 IBM Tivoli Unified Single Sign-On: Comprehensively addressing SSO 5 IBM Tivoli

More information

Best Practices with IBM Cognos Framework Manager & the SAP Business Warehouse Agnes Chau Cognos SAP Solution Specialist

Best Practices with IBM Cognos Framework Manager & the SAP Business Warehouse Agnes Chau Cognos SAP Solution Specialist Best Practices with IBM Cognos Framework Manager & the SAP Business Warehouse Agnes Chau Cognos SAP Solution Specialist 2008 IBM Corporation Agenda Objective Interoperability Prerequisites Where to model

More information

Enabling Single Signon with IBM Cognos ReportNet and SAP Enterprise Portal

Enabling Single Signon with IBM Cognos ReportNet and SAP Enterprise Portal Guideline Enabling Single Signon with IBM Cognos ReportNet and SAP Enterprise Portal Product(s): IBM Cognos ReportNet Area of Interest: Security 2 Copyright Copyright 2008 Cognos ULC (formerly Cognos Incorporated).

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is

More information

1 of 24 7/26/2011 2:48 PM

1 of 24 7/26/2011 2:48 PM 1 of 24 7/26/2011 2:48 PM Home Community Articles Product Documentation Learning Center Community Articles Advanced Search Home > Deployments > Scenario 3: Setting up SiteMinder Single Sign-On (SSO) with

More information

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights

More information

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy Deployment Guide Guide to Deploying NetScaler as an Active Directory Federation Services Proxy Enabling seamless authentication for Office 365 use cases Table of Contents Introduction 3 ADFS proxy deployment

More information

Defender 5.7 - Token Deployment System Quick Start Guide

Defender 5.7 - Token Deployment System Quick Start Guide Defender 5.7 - Token Deployment System Quick Start Guide This guide describes how to install, configure and use the Defender Token Deployment System, based on default settings and how to self register

More information

TIBCO ActiveMatrix BPM Single Sign-On

TIBCO ActiveMatrix BPM Single Sign-On Software Release 3.1 November 2014 Two-Second Advantage 2 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE

More information

Enterprise Knowledge Platform

Enterprise Knowledge Platform Enterprise Knowledge Platform Single Sign-On Integration with Windows Document Information Document ID: EN136 Document title: EKP Single Sign-On Integration with Windows Version: 1.3 Document date: 19

More information

Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper

Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper About this Document The purpose of this technical paper is to discuss how ExtremeZ-IP supports Microsoft Active Directory.

More information

IBM WebSphere Application Server Communications Enabled Applications

IBM WebSphere Application Server Communications Enabled Applications IBM WebSphere Application Server Communications Enabled Applications Configuring a CEA environment 2011 IBM Corporation This presentation describes how to configure a WebSphere Application Server environment

More information

OpenSSO: Cross Domain Single Sign On

OpenSSO: Cross Domain Single Sign On OpenSSO: Cross Domain Single Sign On Version 0.1 History of versions Version Date Author(s) Changes 0.1 11/30/2006 Dennis Seah Contents Initial Draft. 1 Introduction 1 2 Single Domain Single Sign-On 2

More information

Configuration Guide BES12. Version 12.3

Configuration Guide BES12. Version 12.3 Configuration Guide BES12 Version 12.3 Published: 2016-01-19 SWD-20160119132230232 Contents About this guide... 7 Getting started... 8 Configuring BES12 for the first time...8 Configuration tasks for managing

More information

DualShield Authentication Platform

DualShield Authentication Platform Quick Start Guide (Version 5.7) Copyright 2013 Deepnet Security Limited Copyright 2013, Deepnet Security. All Rights Reserved. Page 1 Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID,

More information

Authentication Methods

Authentication Methods Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the

More information

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Applied Technology Abstract The Web-based approach to system management taken by EMC Unisphere

More information

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services 1 HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided

More information

Business Process Management IBM Business Process Manager V7.5

Business Process Management IBM Business Process Manager V7.5 Business Process Management IBM Business Process Manager V7.5 Federated task management for BPEL processes and human tasks This presentation introduces the federated task management feature for BPEL processes

More information

Configuration Guide BES12. Version 12.2

Configuration Guide BES12. Version 12.2 Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining

More information

Skyward LDAP Launch Kit Table of Contents

Skyward LDAP Launch Kit Table of Contents 04.30.2015 Table of Contents What is LDAP and what is it used for?... 3 Can Cloud Hosted (ISCorp) Customers use LDAP?... 3 What is Advanced LDAP?... 3 Does LDAP support single sign-on?... 4 How do I know

More information

Memory-to-memory session replication

Memory-to-memory session replication Memory-to-memory session replication IBM WebSphere Application Server V7 This presentation will cover memory-to-memory session replication in WebSphere Application Server V7. WASv7_MemorytoMemoryReplication.ppt

More information

Enabling Single-Sign-On between IBM Cognos 8 BI and IBM WebSphere Portal

Enabling Single-Sign-On between IBM Cognos 8 BI and IBM WebSphere Portal Guideline Enabling Single-Sign-On between IBM Cognos 8 BI and IBM WebSphere Portal Product(s): IBM Cognos 8 BI Area of Interest: Security Copyright Copyright 2008 Cognos ULC (formerly Cognos Incorporated).

More information

Configuring IBM Cognos Controller 8 to use Single Sign- On

Configuring IBM Cognos Controller 8 to use Single Sign- On Guideline Configuring IBM Cognos Controller 8 to use Single Sign- On Product(s): IBM Cognos Controller 8.2 Area of Interest: Security Configuring IBM Cognos Controller 8 to use Single Sign-On 2 Copyright

More information