WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)"

Transcription

1 WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004

2 Overview Password-based authentication is weak and smart cards offer a way to address this weakness, however smart cards have previously been difficult to integrate with backend services. The Microsoft Windows network operating system supports smart card authentication and Single Sign-On but does not extend this capability to Java application servers. By adding Windows Integrated Authentication to the application server, smart card authentication is automatically supported. This means that the benefits of Single Sign-On and smart card authentication can be easily extended to Java applications, providing security and usability at minimal cost to the enterprise without any extra programming or infrastructure. Increasingly governments and enterprises are seeking to implement new access control systems that verify a person s identity and privileges before granting them access to information and other online resources. Key requirements for these systems include more secure access control, improved user convenience, simpler identification or identity verification processes and lower overall administration and management costs. By enabling access control systems to implement more secure identity verification and by providing a technology platform for adding new applications that further enhance the user experience and simplify business processes, smart card technology is an obvious choice for fulfilling these requirements. This whitepaper discusses how smart card authentication can be achieved for J2EE applications using Vintela SSO for Java (VSJ). Intended Audience This whitepaper is intended for: Smart Cards CIOs and project managers planning smart card authentication projects Security architects evaluating security products from different vendors and architecting secure smart card solutions Developers of J2EE and smart card authentication solutions A smart card, within the context of a login, is simply a replacement for a username and a password. A smart card, containing a user s credentials, can be issued to each network user. Smart cards provide two-factor authentication, also known as strong authentication. Put simply, two-factor authentication is something you have (a smart card) and something you know (a PIN). Its strength lies in ensuring that a user s identification is reliant on two distinctive factors. Passwords, on the other hand, only provide single-factor authentication both the user id and the password are something you know and so the user presents a common point of weakness. Most people are already familiar with two-factor authentication in their everyday lives through the use of a keycard and a PIN to perform Automatic Teller Machine (ATM) transactions. Vintela 2 September 2004

3 Figure 1. Smart Card Smart Card Security Smart cards provide a tamper-resistant storage mechanism for protecting private keys and other forms of personal information. Importantly, they segregate security-critical functions, including authentication, digital signatures and key exchange form other part of a system, while enabling the portability of user credentials and other private information between computers at work, at home and on the road. Conversely, traditional password-based approaches have a number of failings: Weak passwords are easily compromised by dictionary and brute force attacks. Password compromise may go undetected. Passwords are often physically recorded by users, particularly where users are required to access systems with multiple IDs and passwords. Passwords can be compromised through keystroke and network monitoring ( packet sniffing ). Users are vulnerable to social engineering attacks, for example, a well-meaning employee may be manipulated into revealing a password through deception. Authentication of users and services. Authorization to control and protect access to resources. On the other hand, smart cards: Use a longer key and protection with a PIN avoids dictionary and brute force attacks. Smart cards are physically secure and loss or theft is detectable. The memory capacity of smart cards means that advanced cryptographic mechanisms can be used, resulting in better security. Credential information (for example Kerberos tickets) can be stored on smart cards when the card is removed from its reader slot, system resources cannot be accessed. Smart cards are one of the most common tokens used in two-factor authentication. Another example is biometric security which can work equally well with the solution discussed in this paper. The requirement for strong authentication is often found alongside the requirement for Single Sign-On as together they deliver security and usability. Single Sign-On (SSO) Single Sign-On (SSO) allows users to authenticate themselves just once to access information on any of several systems. When smart card desktop authentication is combined with network login, users can log in to their desktop and then access network resources Vintela 3 September 2004

4 without further authentication. This is known as Single Sign-On. SSO is often paired with smart card authentication because of the increased importance of that initial authentication. SSO can reduce the costs associated with password resets and improves user productivity as the user only needs to remember one password. Windows Integrated Login provides SSO using the Kerberos technology associated with Active Directory. Windows Integrated Login In addition to support for Kerberos through its Active Directory service, Microsoft has added Windows Integrated Login to Internet Explorer which allows it to participate in a Kerberosbased Single Sign-On environment. When a Web server receives a request from an Internet Explorer browser, it can request that the browser uses the SPNEGO protocol to authenticate itself. This protocol performs a Kerberos authentication via HTTP, and allows Internet Explorer to pass a delegated credential to allow a Web application to log in to subsequent Kerberized services on the user s behalf. Microsoft s Kerberos implementation uses the Authorization field of the Kerberos ticket to pass Privilege Attribute Certificates (PACs) to Kerberized applications. Applications that support Microsoft s PAC format can use this information to provide fine-grained access control to services. When a Windows user logs on to an Active Directory domain, Active Directory builds a token (a PAC) containing the list of all the groups of which the user is a member, and that are visible in the login domain. In addition to Active Directory group information, the PAC specifies the method of authentication. This allows authorization to be performed commensurate with the strength of the authentication method that is used. For example, an application that processes highly sensitive information or high-value transactions may only be accessed using a smart card. Microsoft Windows Smart Card Login Microsoft has smart card-enabled its Windows NT 4.0, Windows 95, Windows 98, Windows 2000 and Windows XP operating systems. Future releases of the Windows platform will also contain smart card support as part of the base platform. Windows Smart Card Login requires a PC/SC-compliant smart card or token which has been initialized with the user s credentials. When a desktop is configured to perform smart card login, the user is authenticated by inserting the smart card or token into a reader and authenticating themselves to the token using a PIN. The system can then access the key material on the card to perform a Windows login using the PKINIT protocol. PKINIT uses the public key material (private key and X.509 digital certificate) to perform the Kerberos login upon which Windows Integrated Login is based. In short, a cryptographic binding is created between the credential on the user s card and the network operating system credentials. These credentials can then be used to access network services. The system can be configured to lock the user s desktop or log the user off when the card is removed from the reader. Windows Integrated Login for J2EE Applications Smart card authentication for J2EE applications can be achieved using the VSJ solution which implements Windows Integrated Login. VSJ provides Windows Integrated Authentication for J2EE applications by implementing the SPNEGO protocol. This provides a higher degree of security and integration than cookie-based mechanisms. VSJ allows Vintela 4 September 2004

5 authorization using Active Directory groups by using the group information contained in the PAC. Figure 2. Windows Integrated Login for J2EE Applications Another advantage of using this Kerberos-based authentication is the ability to delegate credentials to other services such as.net applications. Integration can be achieved without modifying the source of the application which allows integration to be completed by application developers for in-house or off-the-shelf applications. VSJ is a pure Java implementation, so it supports a wide variety of server platforms. Because VSJ uses Windows Integrated Login, no client software installation is required. VSJ leverages you investment in Windows and J2EE to provide security, ease of use and ease of administration without additional heavyweight infrastructure. VSJ allows you to implement smart card authentication for J2EE applications with a minimum of cost. Conclusion With smart cards it is possible to make stronger assertions about the authenticity of transactions increasing security and enhancing trust in the system. By extending smart card authentication to a Single Sign-On environment integrated with the Windows desktop login, this trust can be extended to the entire enterprise. VSJ allows you to continue to leverage your investment in smart card technology by extending this trust base into J2EE applications. This whitepaper has demonstrated how the unique integration provided with VSJ supports smart card authentication using existing infrastructure and without deploying new services, installing software on clients or changing a single line of code. Vintela 5 September 2004

6 COPYRIGHT 2004 Vintela Inc. All Rights Reserved. Vintela documents are protected by the copyright laws of the United States and International Treaties. Permission to copy, view and print Vintela documents is authorized provided that: 1. It is used for non-commercial and informational purposes. 2. It is not modified. 3. The above copyright notice and this permission notice is contained in each Vintela document. Notwithstanding the above, nothing contained herein shall be construed as conferring any right or license under any copyright of Vintela. RESTRICTED RIGHTS LEGEND When licensed to a U.S., State, or Local Government, all Software produced by Vintela is commercial computer software as defined in FAR , and has been developed exclusively at private expense. All technical data, or Vintela commercial computer software/documentation is subject to the provisions of FAR "Technical Data", and FAR "Computer Software" respectively, or clauses providing Vintela equivalent protections in DFARS or other agency specific regulations. Manufacturer: Vintela Inc., 333 South 520 West, Lindon, Utah DISCLAIMER THE VINTELA DOCUMENTS ARE PROVIDED "AS IS" AND MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. VINTELA, INC. RESERVES THE RIGHT TO ADD, DELETE, CHANGE OR MODIFY THE VINTELA DOCUMENTS AT ANY TIME WITHOUT NOTICE. THE DOCUMENTS ARE FOR INFORMATION ONLY. VINTELA MAKES NO EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES OF ANY KIND. TRADEMARKS Vintela and the Vintela logo are trademarks or registered trademarks of Vintela, Inc. in the U.S.A. and other countries. Linux is a registered trademark of Linus Torvalds in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Java is a trademark of Sun Microsystems, Inc. in the U.S.A. and other countries. Netscape and Netscape Communicator are trademarks or registered trademarks of Netscape Communications Corporation. Microsoft, MS-DOS, Windows, Windows NT, Windows 2000/Windows 2003, Windows XP, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. All other brand and product names are trademarks or registered marks of the respective owners. Vintela 6 September 2004

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole

More information

Cybersecurity and Secure Authentication with SAP Single Sign-On

Cybersecurity and Secure Authentication with SAP Single Sign-On Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle

More information

Single Sign-on (SSO) technologies for the Domino Web Server

Single Sign-on (SSO) technologies for the Domino Web Server Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145

More information

CA SiteMinder SSO Agents for ERP Systems

CA SiteMinder SSO Agents for ERP Systems PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security

More information

IDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

IDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Improve Security, Lower Risk, and Increase Compliance Using Single Sign-On

Improve Security, Lower Risk, and Increase Compliance Using Single Sign-On SAP Brief SAP NetWeaver SAP NetWeaver Single Sign-On Objectives Improve Security, Lower Risk, and Increase Compliance Using Single Sign-On Single sign-on in the SAP software architecture Single sign-on

More information

The Essentials Series: Enterprise Identity and Access Management. Authentication. sponsored by. by Richard Siddaway

The Essentials Series: Enterprise Identity and Access Management. Authentication. sponsored by. by Richard Siddaway The Essentials Series: Enterprise Identity and Access Management Authentication sponsored by by Richard Siddaway Authentication...1 Issues in Authentication...1 Passwords The Weakest Link?...2 Privileged

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

Security solutions Executive brief. Understand the varieties and business value of single sign-on.

Security solutions Executive brief. Understand the varieties and business value of single sign-on. Security solutions Executive brief Understand the varieties and business value of single sign-on. August 2005 2 Contents 2 Executive overview 2 SSO delivers multiple business benefits 3 IBM helps companies

More information

Enhancing Web Application Security

Enhancing Web Application Security Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor

More information

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications Collaboration Technology Support Center - Microsoft - Collaboration Brief March 2005 Using SAP Logon Tickets for Single Sign on to Microsoft based web applications André Fischer, Project Manager CTSC,

More information

Simplifying Security with Datakey Axis Single Sign-On. White Paper

Simplifying Security with Datakey Axis Single Sign-On. White Paper Simplifying Security with Datakey Axis Single Sign-On White Paper Copyright and trademark notice 2003 Datakey Inc. All rights reserved. Version 1.0 No part of this document may be reproduced or retransmitted

More information

Whitepaper: Centeris Likewise Identity 3.0 Security Benefits

Whitepaper: Centeris Likewise Identity 3.0 Security Benefits Whitepaper: Centeris Likewise Identity 3.0 Security Benefits Author: Manny Vellon VP, Product Development Centeris Corporation Abstract This document describes how Centeris Likewise Identity improves the

More information

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies

More information

Smart Card Two Factor Authentication

Smart Card Two Factor Authentication January 2013 Page 1 Smart Card Two Factor Authentication The combination of a smart card and PIN provides Two-Factor Authentication, where two items are needed: something physical the user has (a smart

More information

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide Samsung KNOX EMM Authentication Services SDK Quick Start Guide June 2014 Legal notice This document and the software described in this document are furnished under and are subject to the terms of a license

More information

Kerberos -Based Active Directory Authentication to Support Smart Card and Single Sign-On Login to DRAC5

Kerberos -Based Active Directory Authentication to Support Smart Card and Single Sign-On Login to DRAC5 Kerberos -Based Active Directory Authentication to Support Smart Card and Single Sign-On Login to DRAC5 A Dell Technical White Paper Dell OpenManage Systems Management By Austin Cherian Dell Product Group

More information

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...

More information

Centrify Mobile Authentication Services for Samsung KNOX

Centrify Mobile Authentication Services for Samsung KNOX Centrify Mobile Authentication Services for Samsung KNOX SDK Quick Start Guide 3 October 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under

More information

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

HP Software as a Service

HP Software as a Service HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty

More information

Service management White paper. Manage access control effectively across the enterprise with IBM solutions.

Service management White paper. Manage access control effectively across the enterprise with IBM solutions. Service management White paper Manage access control effectively across the enterprise with IBM solutions. July 2008 2 Contents 2 Overview 2 Understand today s requirements for developing effective access

More information

Likewise Security Benefits

Likewise Security Benefits Likewise Enterprise Likewise Security Benefits AUTHOR: Manny Vellon Chief Technology Officer Likewise Software Abstract This document describes how Likewise improves the security of Linux and UNIX computers

More information

CA Spectrum and CA Embedded Entitlements Manager

CA Spectrum and CA Embedded Entitlements Manager CA Spectrum and CA Embedded Entitlements Manager Integration Guide CA Spectrum Release 9.4 - CA Embedded Entitlements Manager This Documentation, which includes embedded help systems and electronically

More information

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 May 2015 About this guide Prerequisites and requirements NetWeaver configuration Legal notices About

More information

Centrify Mobile Authentication Services

Centrify Mobile Authentication Services Centrify Mobile Authentication Services SDK Quick Start Guide 7 November 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject

More information

Vintela Single Sign-on for Java from Quest Software. Deployment Guide WebSphere Edition 3.2

Vintela Single Sign-on for Java from Quest Software. Deployment Guide WebSphere Edition 3.2 Vintela Single Sign-on for Java from Quest Software Deployment Guide WebSphere Edition 3.2 Vintela Single Sign-on for Java(c) 2006 Quest Software, Inc. All rights reserved. No part of this work may be

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

identity management in Linux and UNIX environments

identity management in Linux and UNIX environments Whitepaper identity management in Linux and UNIX environments EXECUTIVE SUMMARY In today s IT environments everything is growing, especially the number of users, systems, services, applications, and virtual

More information

Single Sign-On for Kerberized Linux and UNIX Applications

Single Sign-On for Kerberized Linux and UNIX Applications Likewise Enterprise Single Sign-On for Kerberized Linux and UNIX Applications AUTHOR: Manny Vellon Chief Technology Officer Likewise Software Abstract This document describes how Likewise facilitates the

More information

IBM WebSphere Application Server

IBM WebSphere Application Server IBM WebSphere Application Server OAuth 2.0 service provider and TAI 2012 IBM Corporation This presentation describes support for OAuth 2.0 included in IBM WebSphere Application Server V7.0.0.25. WASV70025_OAuth20.ppt

More information

Interstage Application Server V7.0 Single Sign-on Operator's Guide

Interstage Application Server V7.0 Single Sign-on Operator's Guide Interstage Application Server V7.0 Single Sign-on Operator's Guide Single Sign-on Operator's Guide - Preface Trademarks Trademarks of other companies are used in this user guide only to identify particular

More information

Defender Delegated Administration. User Guide

Defender Delegated Administration. User Guide Defender Delegated Administration User Guide 2012 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on

More information

Leveraging SAML for Federated Single Sign-on:

Leveraging SAML for Federated Single Sign-on: Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.

More information

Entrust Managed Services PKI Administrator Guide

Entrust Managed Services PKI Administrator Guide Entrust Managed Services PKI Entrust Managed Services PKI Administrator Guide Document issue: 3.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered

More information

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1

More information

Vyom SSO-Edge: Single Sign-On for BMC Remedy

Vyom SSO-Edge: Single Sign-On for BMC Remedy Vyom SSO-Edge: Single Sign-On for BMC Remedy Guaranteed ROI of BMC Remedy with Reduced Service Desk Calls, Increased BMC Remedy Adoption, Improved End-User Satisfaction, Strengthened Security and Effective

More information

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials

More information

White paper December 2008. Addressing single sign-on inside, outside, and between organizations

White paper December 2008. Addressing single sign-on inside, outside, and between organizations White paper December 2008 Addressing single sign-on inside, outside, and between organizations Page 2 Contents 2 Overview 4 IBM Tivoli Unified Single Sign-On: Comprehensively addressing SSO 5 IBM Tivoli

More information

OVERVIEW. DIGIPASS Authentication for Office 365

OVERVIEW. DIGIPASS Authentication for Office 365 OVERVIEW DIGIPASS for Office 365 Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data Security assumes no responsibility

More information

User Pass-Through Authentication in IBM Cognos 8 (SSO to data sources)

User Pass-Through Authentication in IBM Cognos 8 (SSO to data sources) User Pass-Through Authentication in IBM Cognos 8 (SSO to data sources) Nature of Document: Guideline Product(s): IBM Cognos 8 BI Area of Interest: Security Version: 1.2 2 Copyright and Trademarks Licensed

More information

Dell Compellent Storage Center

Dell Compellent Storage Center Dell Compellent Storage Center Active Directory Integration Best Practices Guide Dell Compellent Technical Solutions Group January, 2013 THIS BEST PRACTICES GUIDE IS FOR INFORMATIONAL PURPOSES ONLY, AND

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Configure Outbound Web Services 7.13.7 Legal Notices Copyright 2013, CA. All rights reserved. Warranty The material contained in this document is provided "as is," and is subject

More information

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect

More information

Active Directory and DirectControl

Active Directory and DirectControl WHITE PAPER CENTRIFY CORP. Active Directory and DirectControl APRIL 2005 The Right Choice for Enterprise Identity Management and Infrastructure Consolidation ABSTRACT Microsoft s Active Directory is now

More information

QLIKVIEW MOBILE SECURITY

QLIKVIEW MOBILE SECURITY QLIKVIEW MOBILE SECURITY QlikView Technical Brief Published: March, 2011 qlikview.com QlikView Mobile Security Mobile devices are convenient, versatile and, for many employees, they are indispensable.

More information

Entrust Managed Services PKI

Entrust Managed Services PKI Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.

More information

G00123440 A. Allan. Directory authentication providing a common ID and password across multiple systems

G00123440 A. Allan. Directory authentication providing a common ID and password across multiple systems . llan Research Note 21 October 2004 Commentary Enterprise Single Sign-On Tools re Comprehensive but Costly Managing multiple user identities and passwords is difficult for companies and users. ESSO can

More information

October 2014. Four Best Practices for Passing Privileged Account Audits

October 2014. Four Best Practices for Passing Privileged Account Audits Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least

More information

Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper

Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper Active Directory Comapatibility with ExtremeZ-IP A Technical Best Practices Whitepaper About this Document The purpose of this technical paper is to discuss how ExtremeZ-IP supports Microsoft Active Directory.

More information

An Oracle White Paper December 2010. Integrating Oracle Enterprise Single Sign-On Suite Plus with Strong Authentication

An Oracle White Paper December 2010. Integrating Oracle Enterprise Single Sign-On Suite Plus with Strong Authentication An Oracle White Paper December 2010 Integrating Oracle Enterprise Single Sign-On Suite Plus with Strong Authentication Introduction Protecting data in the digital age is critical. A security breach, if

More information

Active Directory Compatibility with ExtremeZ-IP. A Technical Best Practices Whitepaper

Active Directory Compatibility with ExtremeZ-IP. A Technical Best Practices Whitepaper Active Directory Compatibility with ExtremeZ-IP A Technical Best Practices Whitepaper About this Document The purpose of this technical paper is to discuss how ExtremeZ-IP supports Microsoft Active Directory.

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is

More information

IDGo 800 Minidriver for Windows

IDGo 800 Minidriver for Windows IDGo 800 Minidriver for Windows Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep

More information

Leverage Active Directory with Kerberos to Eliminate HTTP Password

Leverage Active Directory with Kerberos to Eliminate HTTP Password Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website: www.pistolstar.com

More information

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

HOTPin Integration Guide: Google Apps with Active Directory Federated Services HOTPin Integration Guide: Google Apps with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as

More information

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On Public Speakers Las Vegas, Oct 19-23 Christian Cohrs, Area Product Owner Barcelona, Nov 10-12 Regine Schimmer, Product Management

More information

Windows Security and Directory Services for UNIX using Centrify DirectControl

Windows Security and Directory Services for UNIX using Centrify DirectControl SOLUTION GUIDE CENTRIFY CORP. SEPTEMBER 2005 Windows Security and Directory Services for UNIX using Centrify DirectControl With Centrify, you can now fully leverage your investment in Active Directory

More information

MobilePASS+ for Android. User Guide

MobilePASS+ for Android. User Guide MobilePASS+ for Android User Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep the sole right

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

HP Device Manager 4.7

HP Device Manager 4.7 Technical white paper HP Device Manager 4.7 LDAP Troubleshooting Guide Table of contents Introduction... 2 HPDM LDAP-related context and background... 2 LDAP in HPDM... 2 Full domain account name login...

More information

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4 Page 1 Product Bulletin What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4 This document lists the new features available in Version 6.4 of the Secure Access SSL VPN product line. This

More information

HP Asset Manager. Implementing Single Sign On for Asset Manager Web 5.x. Legal Notices... 2. Introduction... 3. Using AM 5.20... 3

HP Asset Manager. Implementing Single Sign On for Asset Manager Web 5.x. Legal Notices... 2. Introduction... 3. Using AM 5.20... 3 HP Asset Manager Implementing Single Sign On for Asset Manager Web 5.x Legal Notices... 2 Introduction... 3 Using AM 5.20... 3 Using AM 5.12... 3 Design Blueprint... 3 Technical Design... 3 Requirements,

More information

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008 7 Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008 All information herein is either public information or is the property of and owned

More information

and the software then detects and automates all password-related events for the employee, including:

and the software then detects and automates all password-related events for the employee, including: Reduce costs, simplify access and audit access to applications with single sign-on IBM Single Sign-On Highlights Reduce password-related helpdesk Facilitate compliance with pri- costs by lowering the vacy

More information

Configuring IBM Cognos Controller 8 to use Single Sign- On

Configuring IBM Cognos Controller 8 to use Single Sign- On Guideline Configuring IBM Cognos Controller 8 to use Single Sign- On Product(s): IBM Cognos Controller 8.2 Area of Interest: Security Configuring IBM Cognos Controller 8 to use Single Sign-On 2 Copyright

More information

RSA Authentication Agents Security Best Practices Guide. Version 3

RSA Authentication Agents Security Best Practices Guide. Version 3 RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,

More information

Secure Web Access Solution

Secure Web Access Solution Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...

More information

SECO Whitepaper. SuisseID Smart Card Logon Configuration Guide. Prepared for SECO. Publish Date 19.05.2010 Version V1.0

SECO Whitepaper. SuisseID Smart Card Logon Configuration Guide. Prepared for SECO. Publish Date 19.05.2010 Version V1.0 SECO Whitepaper SuisseID Smart Card Logon Configuration Guide Prepared for SECO Publish Date 19.05.2010 Version V1.0 Prepared by Martin Sieber (Microsoft) Contributors Kunal Kodkani (Microsoft) Template

More information

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:

More information

Deploying Smart Cards in Your Enterprise

Deploying Smart Cards in Your Enterprise www.css-security.com 425.216.0720 WHITE PAPER The merging of physical access technology with public key-enabled smart card technology has been an emerging trend that has occurred in the security industry

More information

Defender 5.7 - Token Deployment System Quick Start Guide

Defender 5.7 - Token Deployment System Quick Start Guide Defender 5.7 - Token Deployment System Quick Start Guide This guide describes how to install, configure and use the Defender Token Deployment System, based on default settings and how to self register

More information

Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004

Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004 Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004 White Paper Published: June 2004 For the latest information, please see http://www.microsoft.com/isaserver/ Contents

More information

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

CA ArcotOTP Versatile Authentication Solution for Mobile Phones PRODUCT SHEET CA ArcotOTP CA ArcotOTP Versatile Authentication Solution for Mobile Phones Overview Consumers have embraced their mobile phones as more than just calling or texting devices. They are demanding

More information

Getting Started with AD/LDAP SSO

Getting Started with AD/LDAP SSO Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories

More information

RSA SecurID Software Token Security Best Practices Guide

RSA SecurID Software Token Security Best Practices Guide RSA SecurID Software Token Security Best Practices Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA, the RSA

More information

SafeNet Authentication Service

SafeNet Authentication Service SafeNet Authentication Service Integration Guide Using SafeNet Authentication Service as an Identity Provider for Google Apps All information herein is either public information or is the property of and

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

Parallels Plesk Panel

Parallels Plesk Panel Parallels Plesk Panel Copyright Notice Parallels Holdings, Ltd. c/o Parallels International GMbH Vordergasse 49 CH8200 Schaffhausen Switzerland Phone: +41 526320 411 Fax: +41 52672 2010 Copyright 1999-2011

More information

An Overview of Samsung KNOX Active Directory and Group Policy Features

An Overview of Samsung KNOX Active Directory and Group Policy Features C E N T R I F Y W H I T E P A P E R. N O V E M B E R 2013 An Overview of Samsung KNOX Active Directory and Group Policy Features Abstract Samsung KNOX is a set of business-focused enhancements to the Android

More information

TIBCO Spotfire Platform IT Brief

TIBCO Spotfire Platform IT Brief Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily

More information

Xerox DocuShare Private Cloud Service. Security White Paper

Xerox DocuShare Private Cloud Service. Security White Paper Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

CompTIA Security+ Certification SY0-301

CompTIA Security+ Certification SY0-301 CompTIA Security+ Certification SY0-301 Centro Latino, Inc. Computer Technology Program Prof: Nestor Uribe, nuribe@centrolatino.org www.centrolatino.org 267 Broadway, Chelsea, MA 02150 Tel. (617) 884-3238

More information

Copyright http://support.oracle.com/

Copyright http://support.oracle.com/ Primavera Portfolio Management 9.0 Security Guide July 2012 Copyright Oracle Primavera Primavera Portfolio Management 9.0 Security Guide Copyright 1997, 2012, Oracle and/or its affiliates. All rights reserved.

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

Integrated Authentication

Integrated Authentication Integrated Authentication Information Security Introduction Information security has become an increasingly visible and important topic to companies. Driven by a number of highly publicized security breaches

More information

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Objectives Define authentication Describe the different types of authentication credentials List and explain the

More information

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly

More information

Kerberos authentication made easy on OpenVMS

Kerberos authentication made easy on OpenVMS Kerberos authentication made easy on OpenVMS Author: Srinivasa Rao Yarlagadda yarlagadda-srinivasa.rao@hp.com Co-Author: Rupesh Shantamurty rupeshs@hp.com OpenVMS Technical Journal V18 Table of contents

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse

More information

Client Administrator Quick Reference Guide

Client Administrator Quick Reference Guide Client Administrator Quick Reference Guide Thank you for using ADP's ipaystatements to view your payroll information. Use this Quick Reference Guide to learn how to view your pay statement, understand

More information

IBM Security SiteProtector System Two-Factor Authentication API Guide

IBM Security SiteProtector System Two-Factor Authentication API Guide IBM Security IBM Security SiteProtector System Two-Factor Authentication API Guide Version 2.9 Note Before using this information and the product it supports, read the information in Notices on page 13.

More information

Enterprise SSO Manager (E-SSO-M)

Enterprise SSO Manager (E-SSO-M) Enterprise SSO Manager (E-SSO-M) Many resources, such as internet applications, internal network applications and Operating Systems, require the end user to log in several times before they are empowered

More information

Windows Authentication on Microsoft SQL Server

Windows Authentication on Microsoft SQL Server Windows Authentication on Microsoft SQL Server Introduction Microsoft SQL Server offers two types of security authentication: SQL Server authentication and Windows authentication. SQL Server authentication

More information

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

More information

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided

More information