Microsoftin Geneva ja muita uutuuksia

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Microsoftin Geneva ja muita uutuuksia"

Transcription

1 Microsoftin Geneva ja muita uutuuksia Kimmo Bergius Microsoft Oy Antti Alila Microsoft Oy

2 Sisältö Pikakatsaus Microsoftin olemassa oleviin tuotteisiin hakemistopuolella Pikakatsaus koodinimi Genevaan Keskustelua ja kysymyksiä

3 AD-perhe Active Directory Domain Service Verkon perushakemisto Käyttäjätunnukset - autentikointi Kokoonpanotietoa Group Policy Active Directory LDS Entinen AD AM AD:n kevytversio Pelkkä LDAP-hakemisto, ei replikointia, ei autentikontia, ei tiedostoja, ei Group Policyjä Identity Lifecycle Manager Hakemistojen integrointi metahakemisto Käyttäjäsertifikaattien elinkaaren hallinta AD Federation Service Hakemistojen federointi AD Rights Management Service Käyttöoikeuksien hallintaan

4 Single-Sign-On AD:n käyttö myös muissa ympäristöissä Linux/Unix/Mac OSX Autentikointi Kokoonpanotietojen välitys Vaatii kolmannen osapuolen lisäkomponentteja Näennäinen SSO Hakemistojen integraatio esim. MIISin välityksellä Federaatio Aiemmin ADFS, tulevaisuudessa Geneva

5 Introducing "Geneva" and Claims- Based Identity

6 Tietolähteitä Esityksen lähde on suurelta osin David Chappellin pitämä Geneva-luento TechEd-konferenssissa marraskuussa 2008 Samat asiat sisältyvät myös whitepaperiin: Introducing : An Overview of the Server, CardSpace, and the Framework Kehittäjille lisätietoja whitepaperissa Keith Brown s Framework White Paper for Developers Molemmat edellä mainituista, muuta lisätietoa Genevasta sekä beta 1 versiot löytyvät osoitteesta

7 What is "Geneva"? Three related technologies: The Server The next release of Active Directory Federation Services (AD FS) CardSpace The next release of CardSpace The Framework The goal of is to help make claimsbased identity real

8 Defining the Problem Working with identity is too hard Applications must use different identity technologies in different situations: Active Directory (Kerberos) inside a Windows domain Username/password on the Internet WS-Federation and the Security Assertion Markup Language (SAML) between organizations Why not define one approach that can be used in all of these cases? Claims-based identity allows this It can make life simpler for developers

9 Supporting Multiple Identities Using an identity selector 5) Use claims in token Identity Providers Application Identity Library Token 3) Get token for selected identity 2) Select an identity that matches those requirements Browser or Client Identity Selector User 1) Access application and learn token requirements Token 4) Submit token

10 The "Geneva" Technologies Identity Providers Server Application 5) Use claims in token Token 1) Access application and learn token requirements Framework 4) Submit token 3) Get token for selected identity Browser or Client CardSpace Token 2) Select an identity that matches those requirements User

11 Using "Geneva": Scenarios

12 Using "Geneva" in an Enterprise Active Directory Domain Services 5) Find claims required by application and create token Server 6) Receive token 8) Use claims in token 7) Submit token Application Framework 1) Login to domain and get Kerberos ticket 4) Present Kerberos ticket and request token for selected identity Token Token 2) Access application and learn token requirements Browser or Client 3) Select an identity that matches those requirements CardSpace User

13 Allowing Internet Access Active Directory Domain Services Server 5) Use claims in token Application 4) Submit token Framework Token Internet Token 3) Get token for selected identity Browser or Client CardSpace 1) Access application and learn token requirements 2) Select an identity that matches those requirements User

14 Using an External Identity Provider Identity Providers Windows Live ID Other 5) Use claims in token Application 4) Submit token Framework Token Internet Token 3) Get token for selected identity Browser or Client CardSpace 1) Access application and learn token requirements 2) Select an identity that matches those requirements User

15 Identity Across Organizations Describing the problem A user in one Windows forest must access an application in another Windows forest A user in a non-windows world must access an application in a Windows forest (or vice-versa)

16 Identity Across Organizations Possible solutions One option: duplicate accounts Requires separate login, extra administration A better approach: identity federation One organizations accepts identities provided by the other No duplicate accounts Single sign-on for users

17 Identity Federation (1) Organization X Organization Y Active Directory Domain Services Server Token 5) Use claims in token 3) Get token for selected identity 2) Select an identity that matches those requirements Browser or Client CardSpace User 4) Submit token Token 1) Access application and learn token requirements Application Framework Trusted s: -Organization Y -Organization X

18 Identity Federation (2) Organization X Active Directory Domain Services Server 2) Access Organization Y and learn token requirements 5) Request token for application Token for Y Token Organization Y Trusted s: -Organization X Token for Y 6) Issue token for application 8) Use claims in token 4) Get token for Organization Y 3) Select an identity that matches those requirements Browser or Client CardSpace User 7) Submit token Token 1) Access application and learn token requirements Application Framework Trusted s: -Organization Y

19 Delegation Active Directory Domain Services Server 5) Check policy for user, application X, and application Y Token for X Token for X Token for Y 1) Get token for application X 4) Request token for application Y 6) If policy allows, issue token for application Y 7) Submit token 8) Use claims in token Browser or Client User Token for X 2) Submit token Application X Framework Token for Y 3) Access application and learn token requirements Application Y Framework

20 A Closer Look at the "Geneva" Technologies

21 Changes in the "Geneva" Server From AD FS AD FS today supports only passive clients (i.e., browsers) using WS-Federation And it doesn t provide an The Server: Supports both active and passive clients Provides an Supports both WS-Federation and the SAML 2.0 protocol Improves management of trust relationships By automating some exchanges

22 CardSpace "Geneva" Selecting identities CardSpace provides a standard user interface for choosing an identity Using the metaphor of cards Choosing a card selects an identity (i.e., a token)

23 Information Cards Behind each card a user sees is an information card It s an XML file that represents a relationship with an identity provider It contains what s needed to request a token for a particular identity Information cards don t contain: Claims for the identity Whatever is required to authenticate to the identity provider s

24 Information Cards An illustration Identity Providers Browser or Client CardSpace Information Card 1 Information Card 2 Information Card 3 Information Card 4 User

25 Creating Industry Agreement The Information Card Foundation ( is a multi-vendor group dedicated to making this technology successful Its board members include Google, Microsoft, Novell, Oracle, and PayPal A Web site can display a standard icon to indicate that it accepts card-based logins:

26 The Self-Issued Identity Provider Acting as your own identity provider Identity Providers Browser or Client CardSpace Information Card 1 Information Card 2 Self-Issued Identity Provider Information Card 3 Information Card 4 User

27 The Self-Issued Identity Provider Why it's useful The self-issued identity provider issues SAML tokens with a fixed set of claims They re digitally signed by this user These tokens can potentially be used in place of username/password They allow a Web site to recognize you as the same user on repeated visits They re much less useful to a phisher than username/password, because they re hard to reuse

28 Changes in CardSpace "Geneva" From the first CardSpace release CardSpace is available separately from the.net Framework It s smaller and faster CardSpace contains optimizations for applications that users visit repeatedly A Web site can display the card you last used to log in the site The CardSpace screen needn t appear

29 The "Geneva" Framework The goal: Make it easier for developers to create claims-aware applications Originally known as Zermatt The Framework provides: Support for verifying a token s signature and extracting its claims Classes for working with claims Support for creating a custom More

30 Microsoft Federation Gateway Microsoft Microsoft Services Services Identity Identity Backbone Backbone Microsoft Federation Gateway Cloud Applications and Developer Services Server Active Directory Third Party User Database

31 Live ID Consumers Microsoft Microsoft Services Services Identity Identity Backbone Backbone Live ID Managed Domains Microsoft Federation Gateway Cloud Applications and Developer Services Server Active Directory Third Party User Database

32 Microsoft Services Connector Consumers Microsoft Microsoft Services Services Identity Identity Backbone Backbone Live ID Managed Domains Microsoft Federation Gateway Cloud Applications and Developer Services Microsoft Services Connector Server Third Party Active Directory Active Directory User Database

33 Your Application Consumers Microsoft Microsoft Services Services Identity Identity Backbone Backbone Live ID Managed Domains Microsoft Federation Gateway YOUR Application Framework Microsoft Services Connector Active Directory Server Active Directory Third Party User Database

34 Your Application Microsoft Microsoft Services Services Identity Identity Backbone Backbone Live ID Consumers Managed Domains Microsoft Federation Gateway Microsoft Services Connector Active Directory Active Directory YOUR Application Framework

35 Your Application Microsoft Microsoft Services Services Identity Identity Backbone Backbone Live ID Consumers Managed Domains Microsoft Federation Gateway Third Party User Database Server Active Directory YOUR Application Framework

36 Roadmap Software Server Now H2 CY 2008 H1 CY 2009 H2 CY 2009 Beta 1 Beta 2 RTM Microsoft Service Connector CTP Beta RTM Framework, CardSpace Beta 1 Beta 2 RTM Live Framework In Production Services Live Identity Services Microsoft Federation Gateway OpenID Beta In Production OpenID RTM.Net Access Control Service CTP Refresh Beta 1

37 44

38 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Kimmo Bergius (kimmo.bergius@microsoft.com) Tietoturvajohtaja

Kimmo Bergius (kimmo.bergius@microsoft.com) Tietoturvajohtaja Kimmo Bergius (kimmo.bergius@microsoft.com) Tietoturvajohtaja Number of Digital IDs Trendejä Exponential Growth of IDs Identity and access management challenging Increasingly Sophisticated Malware Anti-malware

More information

INTRODUCING GENEVA AN OVERVIEW OF THE GENEVA SERVER, CARDSPACE GENEVA, AND THE GENEVA FRAMEWORK DAVID CHAPPELL OCTOBER 2008

INTRODUCING GENEVA AN OVERVIEW OF THE GENEVA SERVER, CARDSPACE GENEVA, AND THE GENEVA FRAMEWORK DAVID CHAPPELL OCTOBER 2008 INTRODUCING GENEVA AN OVERVIEW OF THE GENEVA SERVER, CARDSPACE GENEVA, AND THE GENEVA FRAMEWORK DAVID CHAPPELL OCTOBER 2008 SPONSORED BY MICROSOFT CORPORATION CONTENTS Understanding Claims-Based Identity...

More information

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:

More information

CLAIMS-BASED IDENTITY FOR WINDOWS

CLAIMS-BASED IDENTITY FOR WINDOWS CLAIMS-BASED IDENTITY FOR WINDOWS TECHNOLOGIES AND SCENARIOS DAVID CHAPPELL FEBRUARY 2011 SPONSORED BY MICROSOFT CORPORATION CONTENTS Understanding Claims-Based Identity... 3 The Problem: Working with

More information

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps Sofia Event Center 14-15 May 2014 Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps Radi Atanassov SharePoint MCM & MVP

More information

ALF SSO: Security Framework for Tool Integration. Brian Carroll, Eclipse ALF Project Lead bcarroll@serena.com

ALF SSO: Security Framework for Tool Integration. Brian Carroll, Eclipse ALF Project Lead bcarroll@serena.com ALF SSO: Security Framework for Tool Integration Brian Carroll, Eclipse ALF Project Lead bcarroll@serena.com 2008 by Brian Carroll, Serena; made available under the EPL v1.0 March 2008 ALF: Is About Process

More information

Microsoft Office 365 Using SAML Integration Guide

Microsoft Office 365 Using SAML Integration Guide Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

OIS. CERN s Experience with Federated Single Sign-On. Operating Systems & Information Services IT-OIS. June 9-10, 2011

OIS. CERN s Experience with Federated Single Sign-On. Operating Systems & Information Services IT-OIS. June 9-10, 2011 Operating Systems & Information Services CERN s Experience with Federated Single Sign-On Federated identity management workshop June 9-10, 2011 IT-OIS Definitions IAA: Identity, Authentication, Authorization

More information

Boosting interoperability and collaboration across mixedtechnology

Boosting interoperability and collaboration across mixedtechnology Boosting interoperability and collaboration across mixedtechnology environments Standards-based identity federation solutions from Microsoft and Novell May 2009 Executive summary Despite remarkable gains

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

Introduction to Identity Management. Sam Lee, Outblaze Ltd.

Introduction to Identity Management. Sam Lee, Outblaze Ltd. Introduction to Identity Management Sam Lee, Outblaze Ltd. Agenda Background Identity Management Single Sign-On Federation Future s Identity management Conclusions 2 Background Why identity management?

More information

Security Assertion Markup Language (SAML) Site Manager Setup

Security Assertion Markup Language (SAML) Site Manager Setup Security Assertion Markup Language (SAML) Site Manager Setup Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009.

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009. MICROSOFT GENEVA SERVER AND SUN OPENSSO ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS White Paper May 2009 Abstract Interoperability between applications in heterogeneous technology

More information

Identity Management. Dave Romig, Sr Founder, CTO

Identity Management. Dave Romig, Sr Founder, CTO Identity Management Dave Romig, Sr Dave.Romig@TCSC.com Founder, CTO Identity Management What it is What it does What it means What it is Problem statement Connected apps must handle two functions Authenticate

More information

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved. DualShield Integration Guide Copyright 2011 Deepnet Security Limited Copyright 2011, Deepnet Security. All Rights Reserved. Page 1 Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID,

More information

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole

More information

Safewhere*Identify 3.4. Release Notes

Safewhere*Identify 3.4. Release Notes Safewhere*Identify 3.4 Release Notes Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations.

More information

SAML SSO Configuration

SAML SSO Configuration SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting

More information

SAML Security Option White Paper

SAML Security Option White Paper Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions

More information

Single Sign-on (SSO) technologies for the Domino Web Server

Single Sign-on (SSO) technologies for the Domino Web Server Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145

More information

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide Samsung KNOX EMM Authentication Services SDK Quick Start Guide June 2014 Legal notice This document and the software described in this document are furnished under and are subject to the terms of a license

More information

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

White Paper. McAfee Cloud Single Sign On Reviewer s Guide White Paper McAfee Cloud Single Sign On Reviewer s Guide Table of Contents Introducing McAfee Cloud Single Sign On 3 Use Cases 3 Key Features 3 Provisioning and De-Provisioning 4 Single Sign On and Authentication

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

Security Services. Benefits. The CA Advantage. Overview

Security Services. Benefits. The CA Advantage. Overview PRODUCT BRIEF: CA SITEMINDER FEDERATION SECURITY SERVICES CA SiteMinder Federation Security Services CA SITEMINDER FEDERATION SECURITY SERVICES EXTENDS THE WEB SINGLE SIGN-ON EXPERIENCE PROVIDED BY CA

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

PingFederate. SSO Integration Overview

PingFederate. SSO Integration Overview PingFederate SSO Integration Overview 2006-2012 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 6.6 January, 2012 Ping Identity Corporation 1001 17th Street,

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

PingFederate. Identity Menu Builder. User Guide. Version 1.0

PingFederate. Identity Menu Builder. User Guide. Version 1.0 Identity Menu Builder Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Identity Menu Builder User Guide Version 1.0 April, 2011 Ping Identity Corporation 1099 18th Street, Suite

More information

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,

More information

Centrify Mobile Authentication Services

Centrify Mobile Authentication Services Centrify Mobile Authentication Services SDK Quick Start Guide 7 November 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject

More information

TIB 2.0 Administration Functions Overview

TIB 2.0 Administration Functions Overview TIB 2.0 Administration Functions Overview Table of Contents 1. INTRODUCTION 4 1.1. Purpose/Background 4 1.2. Definitions, Acronyms and Abbreviations 4 2. OVERVIEW 5 2.1. Overall Process Map 5 3. ADMINISTRATOR

More information

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 May 2015 About this guide Prerequisites and requirements NetWeaver configuration Legal notices About

More information

VMware Identity Manager Integration with Active Directory Federation Services 2.0

VMware Identity Manager Integration with Active Directory Federation Services 2.0 VMware Identity Manager Integration with Active Directory Federation Services 2.0 VMware Identity Manager J ULY 2015 V 2 Table of Contents Active Directory Federation Services... 2 Configuring AD FS Instance

More information

The Florida Department of Education s Single Sign-On Solution. July - August 2012

The Florida Department of Education s Single Sign-On Solution. July - August 2012 The Florida Department of Education s Single Sign-On Solution July - August 2012 Presentation Objectives Present the s Single Sign-On solution (FLDOE SSO) Present the minimum requirements to access FLDOE

More information

Identity. Provide. ...to Office 365 & Beyond

Identity. Provide. ...to Office 365 & Beyond Provide Identity...to Office 365 & Beyond Sponsored by shops around the world are increasingly turning to Office 365 Microsoft s cloud-based offering for email, instant messaging, and collaboration. A

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication

More information

SAM Context-Based Authentication Using Juniper SA Integration Guide

SAM Context-Based Authentication Using Juniper SA Integration Guide SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

Cybersecurity and Secure Authentication with SAP Single Sign-On

Cybersecurity and Secure Authentication with SAP Single Sign-On Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle

More information

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant Easy as 1-2-3: The Steps to XE Mark Hoye Services Portfolio Consultant September 25, 2015 Objective / Agenda Objective Provide relevant information about Banner XE Provide a framework for understanding

More information

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies

More information

Single Sign On. SSO & ID Management for Web and Mobile Applications

Single Sign On. SSO & ID Management for Web and Mobile Applications Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

More information

Centrify Mobile Authentication Services for Samsung KNOX

Centrify Mobile Authentication Services for Samsung KNOX Centrify Mobile Authentication Services for Samsung KNOX SDK Quick Start Guide 3 October 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under

More information

Vyom SSO-Edge: Single Sign-On for BMC Remedy

Vyom SSO-Edge: Single Sign-On for BMC Remedy Vyom SSO-Edge: Single Sign-On for BMC Remedy Guaranteed ROI of BMC Remedy with Reduced Service Desk Calls, Increased BMC Remedy Adoption, Improved End-User Satisfaction, Strengthened Security and Effective

More information

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning. PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading

More information

USING FEDERATED AUTHENTICATION WITH M-FILES

USING FEDERATED AUTHENTICATION WITH M-FILES M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication

More information

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House

More information

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon

More information

Integration Guide. SafeNet Authentication Service. Using SAS SAML-based Authentication with Citrix NetScaler Gateway 10.1

Integration Guide. SafeNet Authentication Service. Using SAS SAML-based Authentication with Citrix NetScaler Gateway 10.1 SafeNet Authentication Service Integration Guide Using SAS SAML-based Authentication with Citrix NetScaler Gateway 10.1 Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright

More information

Federated Identity and Single Sign-On using CA API Gateway

Federated Identity and Single Sign-On using CA API Gateway WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED

More information

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them. This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and

More information

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 VMware Identity Manager JULY 2015 V1 Table of Contents Overview... 2 Passive and Active Authentication Profiles... 2 Adding

More information

Securing Cloud Applications Using Windows Azure Access Control

Securing Cloud Applications Using Windows Azure Access Control Securing Cloud Applications Using Windows Azure Access Control January 20, 2012 Keith Franklin Director of Cloud and.net Services 2009 SPR Companies. All rights reserved. Table of Contents MPS Partners

More information

Coveo Platform 7.0. Microsoft SharePoint Connector Guide

Coveo Platform 7.0. Microsoft SharePoint Connector Guide Coveo Platform 7.0 Microsoft SharePoint Connector Guide Notice The content in this document represents the current view of Coveo as of the date of publication. Because Coveo continually responds to changing

More information

OVERVIEW. DIGIPASS Authentication for Office 365

OVERVIEW. DIGIPASS Authentication for Office 365 OVERVIEW DIGIPASS for Office 365 Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data Security assumes no responsibility

More information

HP Software as a Service

HP Software as a Service HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation

More information

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace INTEGRATION GUIDE DIGIPASS Authentication for VMware Horizon Workspace Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is';

More information

Getting Started with AD/LDAP SSO

Getting Started with AD/LDAP SSO Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories

More information

Interoperate in Cloud with Federation

Interoperate in Cloud with Federation Interoperate in Cloud with Federation - Leveraging federation standards can accelerate Cloud computing adoption by resolving vendor lock-in issues and facilitate On Demand business requirements Neha Mehrotra

More information

Integration Guide. SafeNet Authentication Manager. Using SAM SAML-based Authentication with Citrix NetScaler Gateway 10.1

Integration Guide. SafeNet Authentication Manager. Using SAM SAML-based Authentication with Citrix NetScaler Gateway 10.1 SafeNet Authentication Manager Integration Guide Using SAM SAML-based Authentication with Citrix NetScaler Gateway 10.1 Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright

More information

Identity Management. Critical Systems Laboratory

Identity Management. Critical Systems Laboratory Identity Management Critical Systems What is Identity Management? Identity: a set of attributes and values, which might or might not be unique Storing and manipulating identities Binding virtual identities

More information

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to ServiceNow Table of Contents

More information

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Author: Creation Date: Last Updated: Version: I. Bailey May 28, 2008 March 23, 2009 0.7 Reviewed By Name Organization

More information

Perceptive Experience Single Sign-On Solutions

Perceptive Experience Single Sign-On Solutions Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark

More information

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

HOTPin Integration Guide: Google Apps with Active Directory Federated Services HOTPin Integration Guide: Google Apps with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

Distributed Identification and Consumer Data Protection. Khaja Ahmed Microsoft Corporation

Distributed Identification and Consumer Data Protection. Khaja Ahmed Microsoft Corporation Distributed Identification and Consumer Data Protection Khaja Ahmed Microsoft Corporation Threats to Online Safety Consumer privacy has steadily declined as internet use grew over the years Greater use

More information

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard Symplified I: Windows User Identity Matthew McNew and Lex Hubbard Table of Contents Abstract 1 Introduction to the Project 2 Project Description 2 Requirements Specification 2 Functional Requirements 2

More information

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG-201406--R001.

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG-201406--R001. Fairsail Implementer Microsoft Active Directory Federation Services 2.0 Version 1.92 FS-SSO-XXX-IG-201406--R001.92 Fairsail 2014. All rights reserved. This document contains information proprietary to

More information

IBM WebSphere Application Server

IBM WebSphere Application Server IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application

More information

Federated Identity Opportunities & Risks

Federated Identity Opportunities & Risks Federated Identity Opportunities & Risks Dominick Baier Former ERNW employee Security consultant at thinktecture application security in distributed systems identity management mostly Windows &.NET http://www.leastprivilege.com

More information

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to AirWatch Applications

More information

Identity Server Guide Access Manager 4.0

Identity Server Guide Access Manager 4.0 Identity Server Guide Access Manager 4.0 June 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF

More information

Information Security Group Active-client based identity management

Information Security Group Active-client based identity management Active-client based identity management Chris Mitchell Royal Holloway, University of London www.chrismitchell.net 1 Acknowledgements This is joint work with Haitham Al-Sinani, also of Royal Holloway. 2

More information

WebLogic Server 7.0 Single Sign-On: An Overview

WebLogic Server 7.0 Single Sign-On: An Overview WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of

More information

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications Collaboration Technology Support Center - Microsoft - Collaboration Brief March 2005 Using SAP Logon Tickets for Single Sign on to Microsoft based web applications André Fischer, Project Manager CTSC,

More information

IT@Intel. Improving Security and Productivity through Federation and Single Sign-on

IT@Intel. Improving Security and Productivity through Federation and Single Sign-on White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing

More information

Copyright: WhosOnLocation Limited

Copyright: WhosOnLocation Limited How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and

More information

QualysGuard SAML 2.0 Single Sign-On. Technical Brief

QualysGuard SAML 2.0 Single Sign-On. Technical Brief QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,

More information

Architecture Guidelines Application Security

Architecture Guidelines Application Security Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services 1 HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided

More information

CA CloudMinder. Getting Started with SSO 1.5

CA CloudMinder. Getting Started with SSO 1.5 CA CloudMinder Getting Started with SSO 1.5 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your

More information

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0 Windows Live Cloud Identity Connector Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Windows Live Cloud Identity Connector User Guide Version 1.0 April, 2011 Ping Identity

More information

Using SAML for Single Sign-On in the SOA Software Platform

Using SAML for Single Sign-On in the SOA Software Platform Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software

More information

SECUREAUTH IDP AND OFFICE 365

SECUREAUTH IDP AND OFFICE 365 WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that

More information

Gateway Apps - Security Summary SECURITY SUMMARY

Gateway Apps - Security Summary SECURITY SUMMARY Gateway Apps - Security Summary SECURITY SUMMARY 27/02/2015 Document Status Title Harmony Security summary Author(s) Yabing Li Version V1.0 Status draft Change Record Date Author Version Change reference

More information

Hybrid for SharePoint Server 2013. Search Reference Architecture

Hybrid for SharePoint Server 2013. Search Reference Architecture Hybrid for SharePoint Server 2013 Search Reference Architecture 2014 Microsoft Corporation. All rights reserved. This document is provided as-is. Information and views expressed in this document, including

More information

Infocard and Eduroam. Enrique de la Hoz, Diego R. López, Antonio García, Samuel Muñoz

Infocard and Eduroam. Enrique de la Hoz, Diego R. López, Antonio García, Samuel Muñoz Infocard and Eduroam Enrique de la Hoz, Diego R. López, Antonio García, Samuel Muñoz Index Introduction to Infocard Infocard usage usso using Infocard in eduroam Questions Infocard Artifact with a unique

More information

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to

More information

Single Sign-on. Overview. Using SSO with the Cisco WebEx and Cisco WebEx Meeting. Overview, page 1

Single Sign-on. Overview. Using SSO with the Cisco WebEx and Cisco WebEx Meeting. Overview, page 1 Overview, page 1 Using SSO with the Cisco WebEx and Cisco WebEx Meeting Applications, page 1 Requirements, page 2 Configuration of in Cisco WebEx Messenger Administration Tool, page 3 Sample Installation

More information

HOW MICROSOFT AZURE AD USERS CAN EMPLOY SSO

HOW MICROSOFT AZURE AD USERS CAN EMPLOY SSO E-Guide HOW MICROSOFT AZURE AD USERS CAN EMPLOY SearchSecurity HOW MICROSOFT AZURE AD USERS CAN EMPLOY T echnology journalist David Strom explaims how to use Azure Active Directory and Azure Multifactor

More information

OpenSSO: Cross Domain Single Sign On

OpenSSO: Cross Domain Single Sign On OpenSSO: Cross Domain Single Sign On Version 0.1 History of versions Version Date Author(s) Changes 0.1 11/30/2006 Dennis Seah Contents Initial Draft. 1 Introduction 1 2 Single Domain Single Sign-On 2

More information

ADFS Integration Guidelines

ADFS Integration Guidelines ADFS Integration Guidelines Version 1.6 updated March 13 th 2014 Table of contents About This Guide 3 Requirements 3 Part 1 Configure Marcombox in the ADFS Environment 4 Part 2 Add Relying Party in ADFS

More information

IBM Tivoli Federated Identity Manager

IBM Tivoli Federated Identity Manager IBM Tivoli Federated Identity Manager Employ user-centric federated access management to enable secure online business collaboration Highlights Enhance business-to-business and business-to-consumer collaborations

More information

How-to: Single Sign-On

How-to: Single Sign-On How-to: Single Sign-On Document version: 1.02 nirva systems info@nirva-systems.com nirva-systems.com How-to: Single Sign-On - page 2 This document describes how to use the Single Sign-On (SSO) features

More information

IT Exam Training online / Bootcamp

IT Exam Training online / Bootcamp DumpCollection IT Exam Training online / Bootcamp http://www.dumpcollection.com PDF and Testing Engine, study and practice Exam : 70-534 Title : Architecting Microsoft Azure Solutions Vendor : Microsoft

More information