Single Sign-on (SSO) technologies for the Domino Web Server
|
|
- Bennett Tucker
- 8 years ago
- Views:
Transcription
1 Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, IBM Corporation
2 Welcome Participant Passcode: IBM Corporation 2
3 Agenda USA Toll Free (866) USA Toll (210) SSO using LTPA LTPA SSO configurations with Domino and WebSphere Windows Single Sign-on for Web Clients (SPNEGO) Extending the Domino Web Server using DSAPI Participant Passcode: IBM Corporation 3
4 Fewer password prompts, fewer passwords in general We need single sign-on (SSO) because: High administrative cost for managing passwords. Users can't remember a lot of passwords. Password prompts are annoying. Many different passwords leads to lower security. If we use cryptographic mechanisms instead of passwords, we can improve security and minimize cost IBM Corporation 4
5 Lightweight Third Party Authentication (LTPA) LTPA is one of IBM's SSO solutions. Architecture allows interoperability with other SSO solutions. Web scenarios use an encrypted browser cookie. LtpaToken : original format LtpaToken2 : recommended, more secure format 2011 IBM Corporation 5
6 SSO Using LTPA Overview (Part 1) User browses to a Domino URL User is challenged for user name and password 2011 IBM Corporation 6
7 SSO Using LTPA Overview (Part 2) Domino authenticates the user. Behind the scenes: Domino returns an LTPA token (browser cookie) that represents the logged in user. Browser LtpaToken 2011 IBM Corporation 7
8 SSO Using LTPA Overview (Part 3) User can browse to URLs on Domino and other SSO servers without repeating login steps. Browser automatically sends LtpaToken in HTTP requests. Single sign-on works because SSO servers honor the LtpaToken to represent the logged in user. Browser LtpaToken 2011 IBM Corporation 8
9 Configuration Shared By Domino SSO Servers SSO document configured in Domino directory. Document is encrypted for participating servers. Document contains SSO keys used to create/verify the LTPA cryptographic tokens. SSO servers in one DNS domain (browser cookie set for domain) IBM Corporation 9
10 SSO Configuration Document Name vs Token Name Historically the SSO document by default named LtpaToken. The SSO document can be configured to have any arbitrary name. SSO document name is not related to the token format choice IBM Corporation 10
11 Where to Find the SSO Configuration Document If Internet Site configuration is turned on in the server document (recommended): Internet Sites view contains the SSO configuration document. One server can have different SSO configurations for its various URLs. If Internet Site configuration is turned off in the server document: Web Configuration view (one SSO configuration applies to all URLs on the Domino server) 2011 IBM Corporation 11
12 Agenda USA Toll Free (866) USA Toll (210) SSO using LTPA LTPA SSO configurations with Domino and WebSphere Windows Single Sign-on for Web Clients (SPNEGO) Extending the Domino Web Server using DSAPI Participant Passcode: IBM Corporation 12
13 LTPA SSO with WebSphere and Domino User can login first to WebSphere, or can login first to Domino. LTPA token created by Domino will be honored by WebSphere, and vice versa. Servers must share the same SSO cryptographic keys. Browser LtpaToken 2011 IBM Corporation 13
14 Sharing cryptographic keys with WebSphere Create keys in WebSphere Export to file, import into Domino. WebSphere options to automatically regenerate keys usually are impractical in SSO configuration with Domino. Domino Import WebSphere LTPA keys option You can add additional token format(s), but keep the LDAP realm as is IBM Corporation 14
15 Name Mapping often is needed The user's LTPA token contains the user's distinguished name. User's Domino distinguished name found on Domino database ACLs: CN=Walter Neff/O=Renovations User's distinguished name in WebSphere's LDAP directory: CN=Walter Neff,CN=users,DC=ad,DC=east,DC=renovations,DC=com Domino Directory Active Directory wneff Password: ******* CN=Walter Neff/O=Renovations wneff Password: ******* CN=walter neff,cn=users,dc=ad,dc=east,d C=renovations,DC=com 2011 IBM Corporation 15
16 Directory choices: where do you want to make directory modifications for SSO? The LTPA token will need to contain the user's WebSphere LDAP distinguished name. Name mapping using Domino person records: Store user's WebSphere LDAP distinguished name OR Name mapping using WebSphere's LDAP directory: Store user's Domino distinguished name Configure Domino directory assistance to LDAP Active Directory Domino Directory wneff Password: ******* CN=Walter Neff/O=Renovations wneff Password: ******* CN=walter neff,cn=users,dc=ad,dc=east,d C=renovations,DC=com 2011 IBM Corporation 16
17 SSO name mapping using Domino directory Configure Domino to create the LTPA token containing the user's WebSphere name: CN=Walter Neff,CN=users,DC=ad,DC=east,DC=renovations,DC=com SSO document the user's Person record: 2011 IBM Corporation 17
18 SSO name mapping using WebSphere's directory Configure WebSphere's LDAP directory to contain the user's Domino name in an LDAP attribute (eg. NotesDN ): CN=Walter Neff,O=Renovations SSO document Directory Assistance to LDAP: 2011 IBM Corporation 18
19 Agenda USA Toll Free (866) USA Toll (210) SSO using LTPA LTPA SSO configurations with Domino and WebSphere Windows Single Sign-on for Web Clients (SPNEGO) Extending the Domino Web Server using DSAPI Participant Passcode: IBM Corporation 19
20 SSO Using LTPA (Part 1) User browses to a Domino URL User is challenged for user name and password 2011 IBM Corporation 20
21 Windows Single Sign-on for Web Clients User browses to a Domino URL Avoid the user name and password challenge! Solution leverages the logged in user's Windows credentials IBM Corporation 21
22 Windows Single Sign-on for Web Clients (SPNEGO) User acquires Kerberos credentials when starting Windows. Windows verifies user's password. Password never travels over the wire. SSO technology leveraging the Windows credentials sometimes called by these names: SPNEGO Integrated Windows Authentication for the Windows Intranet Windows login info Kerberos credentials Windows Domain Controller (Kerberos security) Active Directory 2011 IBM Corporation 22
23 SPNEGO protocol used by browsers Protocol used to authenticate a user to an HTTP server. Simple and Protected gssapi NEGOtiation Microsoft published RFCs 4559, 4178 Windows Domain Controller (Kerberos security) Active Directory SPNEGO support Browser SPNEGO support 2011 IBM Corporation 23
24 Windows and Domino SPNEGO/Kerberos Many setup steps to be done by the Active Directory administrator using Windows tools. Domino is assigned a Windows service name (SPN) Logged in user can acquire a Kerberos ticket for the Domino server. Windows creates the Kerberos ticket. The Kerberos ticket identifies: Domino Windows service name User's Kerberos name SPNEGO-aware browsers know how to Ask Windows for a Kerberos ticket, based on a) browser configuration, and b) the user's requested URL. Send the Kerberos ticket as part of SPNEGO protocol request SPNEGO-aware Domino validates the ticket to authenticate the user IBM Corporation 24
25 Domino and WebSphere SPNEGO implementations return an LTPA token to the browser User logs in to Windows. User starts browser and browses to Domino URL. Windows Domain Controller (Kerberos security) Active Directory SPNEGO support Browser SPNEGO support 2011 IBM Corporation 25
26 Domino and WebSphere SPNEGO implementations return an LTPA token to the browser User logs in to Windows. User starts browser and browses to Domino URL. SPNEGO/Kerberos used to authenticate to Domino. Domino returns LTPA token to facilitate SSO to other servers. Windows Domain Controller (Kerberos security) Active Directory SPNEGO support Browser LtpaToken SPNEGO support 2011 IBM Corporation 26
27 Name Mapping is required The Kerberos ticket contains the user's Kerberos name User's Domino distinguished name found on Domino database ACLs: CN=Walter Neff/O=Renovations User's distinguished name in Active directory used with LTPA: CN=Walter Neff,CN=users,DC=ad,DC=east,DC=renovations,DC=com (recommended) Set up name mapping using Directory Assistance to Active Directory See topic=/com.ibm.help.domino.admin85.doc/h_setting_up_sp NEGO_AUTHENTICATION_FOR_WEB_CLIENTS_STEPS.html 2011 IBM Corporation 27
28 Configure SPNEGO/Kerberos at Domino Lots of Window setup, and the Domino Windows server must run as a Windows service. The SSO document turns on the feature for the web server URLs IBM Corporation 28
29 Domino LTPA vs Domino SPNEGO/Kerberos LTPA solution (Domino challenges for user password): Supports Internet deployment: client browser can be located anywhere. All supported platforms for Domino servers and web clients. Servers in same DNS domain. SPNEGO/Kerberos solution (Windows challenges for user password): Intranet deployment only! Does not work across a firewall. Supported only on Domino Windows servers, in Windows domain with Active Directory. Tested with Windows browser clients. **Requires browser configuration. Integrated with LTPA. (Servers in same DNS domain.) 2011 IBM Corporation 29
30 Agenda USA Toll Free (866) USA Toll (210) SSO using LTPA LTPA SSO configurations with Domino and WebSphere Windows Single Sign-on for Web Clients (SPNEGO) Extending the Domino Web Server using DSAPI Participant Passcode: IBM Corporation 30
31 DSAPI You can write a C program to handle Domino web server events. Lotus C API reference provides the DSAPI specification. You write and build the DSAPI C code into a library (e.g. Windows dll). Your DSAPI filter can handle authentication and any other HTTP event. You install the DSAPI library onto your Domino server. You configure Domino HTTP to load the DSAPI library on web server startup IBM Corporation 31
32 DSAPI authentication filter Your DSAPI library can handle authentication events: Your program registers an authentication filter at HTTP startup. Domino will call your program when there is a request to access resources for which the user must be authenticated. Your C program could call a third party system, or prompt the user to login and verify the credentials. Outcome of a successful DSAPI authentication must provide Domino with the user's name (usually Domino distinguished name format). After successful DSAPI authentication, the web server may be configured to provide an LTPA token. Example Windows DSAPI authentication filter: action=opendocument&name=sso%20for%20web%20for %20non%20Windows%20Servers 2011 IBM Corporation 32
33 Questions Press *1 on your telephone to ask a question. IBM Lotus Support page 2011 IBM Corporation 33
34 Legal Disclaimer IBM Corporation All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this publication to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. IBM, Lotus, Lotus Notes, Notes, and Domino are trademarks of International Business Machines Corporation in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. All references to renovations.com refer to a fictitious company and are used for illustration purposes only IBM Corporation 34
New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationPassword Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos
Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website:
More informationLeverage Active Directory with Kerberos to Eliminate HTTP Password
Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website: www.pistolstar.com
More informationSametime Version 9. Integration Guide. Integrating Sametime 9 with Domino 9, inotes 9, Connections 4.5, and WebSphere Portal 8.0.0.
Sametime Version 9 Integration Guide Integrating Sametime 9 with Domino 9, inotes 9, Connections 4.5, and WebSphere Portal 8.0.0.1 Edition Notice Note: Before using this information and the product it
More informationConfigure Single Sign on Between Domino and WPS
Configure Single Sign on Between Domino and WPS What we are doing here? Ok now we have the WPS server configured and running with Domino as the LDAP directory. Now we are going to configure Single Sign
More informationStep- by- Step guide to Configure Single sign- on for HTTP requests using SPNEGO web authentication
Step- by- Step guide to Configure Single sign- on for HTTP requests using SPNEGO web authentication Summary STEP- BY- STEP GUIDE TO CONFIGURE SINGLE SIGN- ON FOR HTTP REQUESTS USING SPNEGO WEB AUTHENTICATION
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationSecurity Provider Integration Kerberos Authentication
Security Provider Integration Kerberos Authentication 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are
More informationIntegrating WebSphere Portal V8.0 with Business Process Manager V8.0
2012 Integrating WebSphere Portal V8.0 with Business Process Manager V8.0 WebSphere Portal & BPM Services [Page 2 of 51] CONTENTS CONTENTS... 2 1. DOCUMENT INFORMATION... 4 1.1 1.2 2. INTRODUCTION... 5
More informationIntegrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies
Guideline Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies Product(s): IBM Cognos 8 BI Area of Interest: Security Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies 2 Copyright
More informationTable 1 shows the LDAP server configuration required for configuring the federated repositories in the Tivoli Integrated Portal server.
Configuring IBM Tivoli Integrated Portal server for single sign-on using Simple and Protected GSSAPI Negotiation Mechanism, and Microsoft Active Directory services Document version 1.0 Copyright International
More informationIBM Digital Experience meets IBM WebSphere Commerce
Portal Arbeitskreis - 27.10.2014 IBM Digital Experience meets IBM WebSphere Commerce Stefan Koch Chief Programmer IBM Digital Experience 2013 IBM Corporation 2 2013 IBM Corporation Integration Pattern
More informationMashup Sites for SharePoint 2007 Authentication Guide. Version 3.1.1
Mashup Sites for SharePoint 2007 Authentication Guide Version 3.1.1 Copyright Copyright 2010-2011, JackBe Corp. and its affiliates. All rights reserved. Terms of Use This documentation may be printed and
More informationMashup Sites for SharePoint 2007 Authentication Guide. Version 3.2.1
Mashup Sites for SharePoint 2007 Authentication Guide Version 3.2.1 Copyright Copyright 2012, JackBe Corp. and its affiliates. All rights reserved. Terms of Use This documentation may be printed and copied
More informationIBM WebSphere Application Server
IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application
More informationHow-to: Single Sign-On
How-to: Single Sign-On Document version: 1.02 nirva systems info@nirva-systems.com nirva-systems.com How-to: Single Sign-On - page 2 This document describes how to use the Single Sign-On (SSO) features
More informationIBM WebSphere Application Server
IBM WebSphere Application Server OAuth 2.0 service provider and TAI 2012 IBM Corporation This presentation describes support for OAuth 2.0 included in IBM WebSphere Application Server V7.0.0.25. WASV70025_OAuth20.ppt
More informationConfiguring Sponsor Authentication
CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five
More informationJMP105 JumpStart: Single Sign-on (SAML) Administration Basics
JMP105 JumpStart: Single Sign-on (SAML) Administration Basics Jane Marcus jmarcus@us.ibm.com Senior software engineer, IBM 2014 IBM Corporation Agenda Single sign-on introduction SAML concepts Domino 9.x
More informationUsing SAP Logon Tickets for Single Sign on to Microsoft based web applications
Collaboration Technology Support Center - Microsoft - Collaboration Brief March 2005 Using SAP Logon Tickets for Single Sign on to Microsoft based web applications André Fischer, Project Manager CTSC,
More informationWeb servers and WebSphere Portal
Web servers and WebSphere Portal By default IBM WebSphere Portal uses the internal HTTP transport within IBM WebSphere Application Server to handle requests. However, because WebSphere Application Server
More informationCA Nimsoft Service Desk
CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationWHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)
WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,
More informationSingle Sign On. Configuration Checklist for Single Sign On CHAPTER
CHAPTER 39 The single sign on feature allows end users to log into a Windows client machine on a Windows domain, then use certain Cisco Unified Communications Manager applications without signing on again.
More informationSINGLE SIGNON FUNCTIONALITY IN HATS USING MICROSOFT SHAREPOINT PORTAL
SINGLE SIGNON FUNCTIONALITY IN HATS USING MICROSOFT SHAREPOINT PORTAL SINGLE SIGNON: Single Signon feature allows users to authenticate themselves once with their credentials i.e. Usernames and Passwords
More informationIBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide
IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices
More informationEnsure that your environment meets the requirements. Provision the OpenAM server in Active Directory, then generate keytab files.
This chapter provides information about the feature which allows end users to log into a Windows client machine on a Windows domain, then use certain Cisco Unified Communications Manager applications without
More informationCritical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management
Security Comparison Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationEnabling single sign-on for Cognos 8/10 with Active Directory
Enabling single sign-on for Cognos 8/10 with Active Directory Overview QueryVision Note: Overview This document pulls together information from a number of QueryVision and IBM/Cognos material that are
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationTIBCO Spotfire Platform IT Brief
Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily
More informationIceWarp Server - SSO (Single Sign-On)
IceWarp Server - SSO (Single Sign-On) Probably the most difficult task for me is to explain the new SSO feature of IceWarp Server. The reason for this is that I have only little knowledge about it and
More informationKerberos and Windows SSO Guide Jahia EE v6.1
Documentation Kerberos and Windows SSO Guide Jahia EE v6.1 Jahia delivers the first Web Content Integration Software by combining Enterprise Web Content Management with Document and Portal Management features.
More informationSAML and OAUTH Technologies WebSphere Application Server
SAML and OAUTH Technologies WebSphere Application Server Bill O'Donnell STSM WebSphere Foundation Security Architect Session TAW-1701 Session TAW-1698 Please Note IBM s statements regarding its plans,
More informationHow To Secure An Rsa Authentication Agent
RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,
More informationConfiguring Integrated Windows Authentication for JBoss with SAS 9.2 Web Applications
Configuring Integrated Windows Authentication for JBoss with SAS 9.2 Web Applications Copyright Notice The correct bibliographic citation for this manual is as follows: SAS Institute Inc., Configuring
More informationTIBCO Spotfire Web Player 6.0. Installation and Configuration Manual
TIBCO Spotfire Web Player 6.0 Installation and Configuration Manual Revision date: 12 November 2013 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED
More informationConfiguring Integrated Windows Authentication for JBoss with SAS 9.3 Web Applications
Configuring Integrated Windows Authentication for JBoss with SAS 9.3 Web Applications Copyright Notice The correct bibliographic citation for this manual is as follows: SAS Institute Inc., Configuring
More informationSecuring access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001
Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance
More informationProtecting Juniper SA using Certificate-Based Authentication. Quick Start Guide
Protecting Juniper SA using Certificate-Based Authentication Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
More informationSingle Sign-On for Kerberized Linux and UNIX Applications
Likewise Enterprise Single Sign-On for Kerberized Linux and UNIX Applications AUTHOR: Manny Vellon Chief Technology Officer Likewise Software Abstract This document describes how Likewise facilitates the
More informationWeb Applications Access Control Single Sign On
Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,
More informationSecurity solutions Executive brief. Understand the varieties and business value of single sign-on.
Security solutions Executive brief Understand the varieties and business value of single sign-on. August 2005 2 Contents 2 Executive overview 2 SSO delivers multiple business benefits 3 IBM helps companies
More informationCA SiteMinder. Implementation Guide. r12.0 SP2
CA SiteMinder Implementation Guide r12.0 SP2 This documentation and any related computer software help programs (hereinafter referred to as the "Documentation") are for your informational purposes only
More informationSSO Methods Supported by Winshuttle Applications
Winshuttle and SSO SSO Methods Supported by Winshuttle Applications Single Sign-On (SSO) delivers business value by enabling safe, secure access to resources and exchange of information at all levels of
More informationIBM WebSphere Partner Gateway V6.2.1 Advanced and Enterprise Editions
IBM WebSphere Partner Gateway V6.2.1 Advanced and Enterprise Editions Integrated SFTP server 2011 IBM Corporation The presentation gives an overview of integrated SFTP server feature IntegratedSFTPServer.ppt
More informationOneLogin Integration User Guide
OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...
More informationINTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN
INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationConfiguring Integrated Windows Authentication for IBM WebSphere with SAS 9.2 Web Applications
Configuring Integrated Windows Authentication for IBM WebSphere with SAS 9.2 Web Applications Copyright Notice The correct bibliographic citation for this manual is as follows: SAS Institute Inc., Configuring
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationHP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationOracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007
Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...
More informationIWA AUTHENTICATION FUNDAMENTALS AND DEPLOYMENT GUIDELINES
IWA AUTHENTICATION FUNDAMENTALS AND DEPLOYMENT GUIDELINES TECHNICAL BRIEF INTRODUCTION The purpose of this document is to explain how Integrated Windows Authentication (IWA) works with the ProxySG appliance,
More informationUse FortiWeb to Publish Applications
Tech Brief Use FortiWeb to Publish Applications Replacing Microsoft TMG with a FortiWeb Web Application Firewall Version 0.2, 27 June 2014 FortiWeb Release 5.2.0 Introduction This document is intended
More informationHOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services
HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided
More informationEnabling SSO between Cognos 8 and WebSphere Portal
Guideline Enabling SSO between Cognos 8 and WebSphere Portal Product(s): Cognos 8 Area of Interest: Security Enabling SSO between Cognos 8 and WebSphere Portal 2 Copyright Your use of this document is
More informationSingle Sign-On Implementation Guide
Salesforce.com: Salesforce Winter '09 Single Sign-On Implementation Guide Copyright 2000-2008 salesforce.com, inc. All rights reserved. Salesforce.com and the no software logo are registered trademarks,
More informationHOTPin Integration Guide: Google Apps with Active Directory Federated Services
HOTPin Integration Guide: Google Apps with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as
More informationSingle Sign On. Configuration Checklist for Single Sign On CHAPTER
CHAPTER 39 The single sign on feature allows end users to log into a Windows client machine on a Windows domain, then use certain Cisco Unified Communications Manager applications without signing on again.
More informationCA Spectrum and CA Embedded Entitlements Manager
CA Spectrum and CA Embedded Entitlements Manager Integration Guide CA Spectrum Release 9.4 - CA Embedded Entitlements Manager This Documentation, which includes embedded help systems and electronically
More informationSalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy
SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationHow to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On
How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On How to implement the X.509 certificate based Single Sign-On solution from SAP Page 2 of 34 How to
More informationPingFederate. IWA Integration Kit. User Guide. Version 3.0
PingFederate IWA Integration Kit Version 3.0 User Guide 2012 Ping Identity Corporation. All rights reserved. PingFederate IWA Integration Kit User Guide Version 3.0 April, 2012 Ping Identity Corporation
More informationQLIKVIEW MOBILE SECURITY
QLIKVIEW MOBILE SECURITY QlikView Technical Brief Published: March, 2011 qlikview.com QlikView Mobile Security Mobile devices are convenient, versatile and, for many employees, they are indispensable.
More informationCloud Authentication. Getting Started Guide. Version 2.1.0.06
Cloud Authentication Getting Started Guide Version 2.1.0.06 ii Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
More informationVyom SSO-Edge: Single Sign-On for BMC Remedy
Vyom SSO-Edge: Single Sign-On for BMC Remedy Guaranteed ROI of BMC Remedy with Reduced Service Desk Calls, Increased BMC Remedy Adoption, Improved End-User Satisfaction, Strengthened Security and Effective
More informationEnabling Kerberos SSO in IBM Cognos Express on Windows Server 2008
Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials
More informationDefender 5.7 - Token Deployment System Quick Start Guide
Defender 5.7 - Token Deployment System Quick Start Guide This guide describes how to install, configure and use the Defender Token Deployment System, based on default settings and how to self register
More informationDeploying RSA ClearTrust with the FirePass controller
Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you
More informationIntegrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V
Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V Agenda What is SSO? How does it work? Tools for SSO on ClearPath Integrating Active Directory
More informationWhite paper December 2008. Addressing single sign-on inside, outside, and between organizations
White paper December 2008 Addressing single sign-on inside, outside, and between organizations Page 2 Contents 2 Overview 4 IBM Tivoli Unified Single Sign-On: Comprehensively addressing SSO 5 IBM Tivoli
More informationStep-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x
Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies
More informationBest Practices with IBM Cognos Framework Manager & the SAP Business Warehouse Agnes Chau Cognos SAP Solution Specialist
Best Practices with IBM Cognos Framework Manager & the SAP Business Warehouse Agnes Chau Cognos SAP Solution Specialist 2008 IBM Corporation Agenda Objective Interoperability Prerequisites Where to model
More informationEnabling Single Signon with IBM Cognos ReportNet and SAP Enterprise Portal
Guideline Enabling Single Signon with IBM Cognos ReportNet and SAP Enterprise Portal Product(s): IBM Cognos ReportNet Area of Interest: Security 2 Copyright Copyright 2008 Cognos ULC (formerly Cognos Incorporated).
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationActive Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper
Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper About this Document The purpose of this technical paper is to discuss how ExtremeZ-IP supports Microsoft Active Directory.
More informationGuide to SASL, GSSAPI & Kerberos v.6.0
SYMLABS VIRTUAL DIRECTORY SERVER Guide to SASL, GSSAPI & Kerberos v.6.0 Copyright 2011 www.symlabs.com Chapter 1 Introduction Symlabs has added support for the GSSAPI 1 authentication mechanism, which
More informationEntrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates
Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights
More informationTIBCO ActiveMatrix BPM Single Sign-On
Software Release 3.1 November 2014 Two-Second Advantage 2 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE
More informationEnterprise Knowledge Platform
Enterprise Knowledge Platform Single Sign-On Integration with Windows Document Information Document ID: EN136 Document title: EKP Single Sign-On Integration with Windows Version: 1.3 Document date: 19
More informationIBM WebSphere Application Server Communications Enabled Applications
IBM WebSphere Application Server Communications Enabled Applications Configuring a CEA environment 2011 IBM Corporation This presentation describes how to configure a WebSphere Application Server environment
More informationUsing EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience
Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Applied Technology Abstract The Web-based approach to system management taken by EMC Unisphere
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is
More information1 of 24 7/26/2011 2:48 PM
1 of 24 7/26/2011 2:48 PM Home Community Articles Product Documentation Learning Center Community Articles Advanced Search Home > Deployments > Scenario 3: Setting up SiteMinder Single Sign-On (SSO) with
More informationConfiguration Guide BES12. Version 12.3
Configuration Guide BES12 Version 12.3 Published: 2016-01-19 SWD-20160119132230232 Contents About this guide... 7 Getting started... 8 Configuring BES12 for the first time...8 Configuration tasks for managing
More informationHOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services
1 HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided
More informationConfiguration Guide BES12. Version 12.2
Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining
More informationIBM Software Services for Collaboration
An introduction to: IBM Collaboration Services for ProjExec ProjExec is easy to use professional project management software that is combined with innovative social features to provide project teams a
More informationDualShield Authentication Platform
Quick Start Guide (Version 5.7) Copyright 2013 Deepnet Security Limited Copyright 2013, Deepnet Security. All Rights Reserved. Page 1 Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID,
More informationSkyward LDAP Launch Kit Table of Contents
04.30.2015 Table of Contents What is LDAP and what is it used for?... 3 Can Cloud Hosted (ISCorp) Customers use LDAP?... 3 What is Advanced LDAP?... 3 Does LDAP support single sign-on?... 4 How do I know
More informationSingle sign-on for ASP.Net and SharePoint
Single sign-on for ASP.Net and SharePoint Author: Abhinav Maheshwari, 3Pillar Labs Introduction In most organizations using Microsoft platform, there are more than one ASP.Net applications for internal
More informationWWPass External Authentication Solution for IBM Security Access Manager 8.0
WWPass External Authentication Solution for IBM Security Access Manager 8.0 Setup guide Enhance your IBM Security Access Manager for Web with the WWPass hardware authentication IBM Security Access Manager
More informationEntrust Managed Services PKI Administrator Guide
Entrust Managed Services PKI Entrust Managed Services PKI Administrator Guide Document issue: 3.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered
More informationNTP Software File Auditor for Windows Edition
NTP Software File Auditor for Windows Edition An NTP Software Installation Guide Abstract This guide provides a short introduction to installation and initial configuration of NTP Software File Auditor
More informationBusiness Process Management IBM Business Process Manager V7.5
Business Process Management IBM Business Process Manager V7.5 Federated task management for BPEL processes and human tasks This presentation introduces the federated task management feature for BPEL processes
More informationMemory-to-memory session replication
Memory-to-memory session replication IBM WebSphere Application Server V7 This presentation will cover memory-to-memory session replication in WebSphere Application Server V7. WASv7_MemorytoMemoryReplication.ppt
More information