1 Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment Jyväskylä University Department of Computer Science and Information Systems Jyväskylä
2 TABLE OF CONTENTS 1 INTRODUCTION THE 'ORDINARY' SSO OVERVIEW OF THREE DIFFERENT SSO SYSTEMS Active Directory (AD) Google SSO Facebook SSO DISCUSSION REFERENCES... 16
3 3 1 INTRODUCTION In this study we have taken a brief look at what SSO (Single Sign-On) is and what it means. We have tried to explain the SSO as shortly and simply as possible. Besides making it clear what an 'ordinary' SSO is, we have compared three different SSO systems and studied how they differ from each other both technically and in principle. 2 THE 'ORDINARY' SSO According to Fleury et al (2006) Single sign-on (SSO) is the ability to allow multiple actions to take place on behalf of a user, without requiring multiple authentications by that user. In quite a same way Anchan and Pegah (2003) say that Single sign-on is a mechanism whereby a single user-id and password pair will allow a user to access all authorized computer resources in a distributed, multiplatform computing environment, without the need for multiple authentication information. However, the most comprehensible definition for SSO can be found from the Wikipedia: Single sign-on (SSO) is a method of access control that enables a user to authenticate once and gain access to the resources of multiple software systems. (Wikipedia Single sign-on) In other words, the user gives his/her username and password only once and is able to access a few different services without repeating this action. A simple example of this could be for instance Google s services: once you sign in e.g. in Gmail, you are able to use other Google services like Google Calendar or Google Docs without having to signing on in them again. What is common to nearly all ordinary SSO services is that they consist of services brought by a single service provider. In our example above the service provider is Google. Before the SSO systems, the user had to sign in singly every service at a time. Figure 1 illustrates this situation that is, user using few services with no SSO system available.
4 4 Figure 1: Using few services with no SSO system available. (Source: The Open Group) As seen in Figure 1, the User has both the Primary and Secondary Domain Signons and Shells where the Domains can be seen as services brought by a single service provider. Each Domain has its own sign-on system and management information base that manages the user account. In order to use a service the user needs to sign in singly each service, even though they are connected to each other at least in principle via the producer. Using the ordinary SSO changes the case quite different.
5 5 Figure 2: The ordinary Single Sign-on. (Source: The Open Group) In this case, the services are under SSO system through which all the Secondary Domains are trusted fellow services with the Primary Domain. Now the user needs to sign in only once in order to use also all the other (secondary) services which one is able to access from the Primary Domain the user signs in first. Unlike seen in the Figure 1, there is only one User Account Manager that handles the user s account information on behalf of the Domains. 3 OVERVIEW OF THREE DIFFERENT SSO SYSTEMS In this chapter we compare three different SSO systems with each other and try to open up them for the reader. The chosen SSOs are Microsoft s Active Directory (AD), Google SSO and naturally Facebook SSO. When selecting the SSOs for this assignment, we tried to choose three systems that differ from each other, still being essential and good to know.
6 6 3.1 Active Directory (AD) Active Directory (AD) is an implementation of Lightweight Directory Access Protocol (LDAP) directory services by Microsoft that manages information about users and their resources, and allows users to access and manipulate this information. By using Active Directory, operators can manage all elements of their networks, including computers, groups, users, security policies etc. across a domain. In addition, multiple domains can be managed simultaneously. Domains may have trust for each other meaning that domains may share authentication information (user authenticated to domain A will automatically be authenticated to domain B). (Microsoft 2008; Wikipedia 2008 Active Directory) Active Directory holds information about the objects in hierarchical tree model. Objects have three categories: resources, services and users. Each entity (for example a user) has its unique identifier (Distinguished Name (DN)) and attributes, for example first name, last name and password. Attributes are defined in schemas, where attribute syntax is also presented. For example, attribute might require a value -character. Figure 3 illustrates a single user object in Active Directory. (Wikipedia 2008 Active Directory; Dulaney et al. 1999)
7 7 Figure 3: User properties in Active Directory AD is common in large computer networks where ability to manage different users and resources effectively is needed; for example, Jyväskylä University s (JYU) network is operated using Active Directory. Signing in to JYU s domain can be seen as a single sign-on function client communicates with Active Directory in order to gain access to applications/services/resources on the network. Procedure follows this pattern:
8 8 Figure 4 - Kerberos authentication (Microsoft 2008) The figure presents how Windows uses Kerberos authentication protocol as primary method for authenticating users. Authentication is based on tickets; ticket is a validation to use network resources. When user logs on to a domain client s logon credentials are sent to Kerberos authentication service (KDC in this case), which checks their validity from Active Directory. If whole authentication process succeeds, KDC gives client a session ticket that tells which services/resources user can access. Each application server then verifies that all accessing users have a valid session ticket. If application server needs to contact another application server, it can use this ticket to impersonate client and that way access other service. This can only happen, if trust exists in network within domains. (Microsoft 2008; Dulaney et al. 1999) However, this SSO method is problematic as not all services can be easily mapped to Active Directory. Some applications might offer web-based authentication (like Korppi does) and therefore users need to continue logging in to different applications, as there was no SSO present. In summary, Active Directory is a good way to simplify network management in terms of restrictions and policies, but does not offer easy way to make a true SSO system where a single login would be enough for everything.
9 9 3.2 Google SSO Google SSO system uses SAML (Security Assertion Markup Language) technique, which is a XML standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions) (Wikipedia Security Assertion Markup Language). The Google SSO is a good example of a SSO system, where there is only one service provider who does not have to worry about the trust issues between the primary domain and the secondary domains, that is, the external service/application providers. In this case, the SSO system uses identity provider services to check whether the user is granted the access to the service he/she has requested or not. The basic functioning of the Google SSO system is explained in the Figure 5 below.
10 10 Figure 5: Logging in to Google Apps using SAML (Source: Google Single Sign-On (SSO) Service for Google Apps) 1. The user requests to get an access to a hosted Google application (Gmail, Google Calendar, Google Docs...) 2. Google generates a SAML authentication request, which is embedded into the URL for the partner s SSO service. There is also the URL of the Google service embedded in the SSO URL. 3. Google redirects the user s browser to the partner. The redirected URL includes the SAML authentication request. 4. The URL reaches the partner that decodes the SAML request and extracts the URL for both the Google s authentication service (ACS, Assertion Consumer Service) and the user s destination URL. The partner
11 11 authenticates the user by either requesting the user for valid username and password or by checking for valid session cookies. 5. The partner generates a SAML response that includes the authenticated username. 6. The partner encodes the SAML response and returns it to the user s browser that forwards the information to Google s authentication service. 7. Google ACS verifies the SAML response. If the response is successfully verifies, authentication service redirects the user to the destination URL, he/she originally requested. 8. The user has been redirected to the destination URL and is logged in to the Google s application (or Google Applications). According to Google they are providing extremely reliable safekeeping for their customers to ensure the most secure, reliable, and private environment for your data (Google Welcome to Google Apps). Since Google has tens of millions of customers, both individuals and companies, it is easy to believe that the security is and will be quite a big issue in their service planning and implementation. In brief, Google divides its security roughly under three subtitles: Physical security, Threat identification and management and Safe access. The last-mentioned, safe access includes among others a mention about the protection during the transmission of data on the wire, so that confidential data is not intercepted on the network (Google Welcome to Google Apps). In general SAML-based SSO systems are considered highly secure. When it comes down to single sign-on systems, SAML is a prevalent standard used popularly in many companies. The OASIS (Organization for the Advancement of Structured Information Standards) Security Services Technical Committee, which has created SAML, has taken extensively into account different kinds of security and privacy threats and when used properly, SAML provides a workable and secure technique to build up SSO systems for web applications. 3.3 Facebook SSO The initial Facebook Platform API was released on August 2006, and since, developers around the globe have been able to build applications for Facebook. Official release of Facebook Platform on May 2007 also opened up the site itself,
13 13 Figure 6 - An example flow on Facebook architecture (Facebook Facebook Developers High-Level Specification) Furthermore, Facebook uses a certain API key system to authenticate applications that make requests to the Facebook API server. Authentication process is illustrated in the following two figures: Figure 7 - External Facebook web application authentication process In order for a Facebook API client to use the API, the user of the client application must be logged in to Facebook. To ensure this, (1) users are redirected to a Facebook login page, which will prompt the user to log in if
14 14 necessary. An API key, which is uniquely assigned to the vendor, is passed along with every request. API key identifies, among other things, that the source IP for the call is acceptable. (2) Upon successful authentication, if the user has never logged in to this application before, he/she will be asked to accept the terms of service for using the application. (3) Finally, for web-based applications, the user is redirected to URL defined by the developer along with an auth_token parameter. Figure 8 - External Facebook web application session establishment The application then exchanges this token for a session key via the facebook.auth.getsession() method. This session key is then used when making request calls to the Facebook API. We presume, that users are allowed to access their Facebook applications through Facebook in a similar manner by opening sessions to applications they have joined before. There is very limited amount of information about this procedure and therefore we cannot describe this process any more specifically. 4 DISCUSSION In our essay we began by explaining what SSO is and the basic idea behind it. After that we proceeded by presenting three different SSO systems: AD, Google SSO and Facebook SSO, and gave a brief overview of principles and techniques behind them. To summarize the benefits of SSO system we can conclude that SSO is very important to the user because then users do not have to sign in singly every service they need, and they only need one pair of login credentials to access all their services. This reduces the number of authentication problems related to forgotten passwords and therefore enhances the security by reducing number of login credentials users need if the amount of accounts would grow too big, users would have to write their login information down in order to remember all of them. By using SSO, operators can more easily restrict services user may access and therefore make the system more secure. Application developers also
15 15 benefit from SSO systems, as they do not have to think about security and authentication in their applications. This is very important in Facebook, as users are allowed to make their own applications and integrate them to Facebook by using Facebook SSO. (The Open Group 2008; Huntington Ventures Ltd 2006) Still, SSO does not come without any problems; traditional single sign-on systems are under high load as all traffic to system goes through them. This requires fault tolerant signing systems to prevent authentication problems if one of the authentication services goes down. From the three different SSOs we studied in this research, the AD system is designed for more local computer systems whereas Google SSO and Facebook SSO are clearly developed for distributed web services. Furthermore the AD system requires substantially more administration and control as access to use one must be requested and granted. Added to this the AD system is intended for more administrative tasks, unlike the other two systems. In principle, the main difference between Google SSO and Facebook SSO is that Facebook does not use a third party as an identity provider like Google does. Another difference is that Google provides only applications developed by itself, whereas Facebook also provides applications developed by its users. This means that Facebook needs to handle lots of trust issues considering cooperation between Facebook, application developers and the users, which must also have been a big affair to take into consideration while designing their SSO. From technical point of view, Google and Facebook differ in the way their platforms work: unlike Google, Facebook uses a REST-like interface. Google SSO system uses SAML technique, which is a XML standard for exchanging authentication and authorization data between security domains. Facebook uses a certain key-token authentication system through its REST-like interface, which allows external applications to gain access to Facebook API and thus making signing on singly possible for the users. For further research we recommend study on e.g. subjects privacy and data security within SSO systems and more specific knowledge about the functioning of authority and authentication in different SSO systems.
16 16 REFERENCES Anchan, D. & Pegah, M Regaining single sign-on taming the beast. In Proceedings of the 31st Annual ACM SIGUCCS Conference on User Services (San Antonio, TX, USA, September 21-24, 2003). SIGUCCS '03. ACM, New York, NY, Dulaney, E., Sankar, V. & Sankar, S Active Directory: An Overview [online]. 29th Street Press [refered ]. Available in the wwwaddress < Facebook API - Facebook Developers Wiki [online]. Facebook [refered ]. Available in the www-address < Facebook Facebook Developers High-Level Specification [online]. Facebook [refered ]. Available in the www-address < Facebook Random questions - Facebook Developers Wiki [online]. Facebook [refered ]. Available in the www-address < Fleury, T., Basney, J., & Welch, V Single sign-on for java web start applications using myproxy. In Proceedings of the 3rd ACM Workshop on Secure Web Services (Alexandria, Virginia, USA, November 03-03, 2006). SWS '06. ACM, New York, NY, Google SAML Single Sign-On (SSO) Service for Google Apps [online]. Google [refered ]. Available in the www-address < n.html>. Google Welcome to Google Apps [online]. Google [refered ]. Available in the www-address < Huntington Ventures Ltd Single Sign On Authentication [online]. Huntington Ventures Ltd [refered ]. Available in the www-
17 17 address < Authentication/>. Microsoft Windows 2000 Security Technical Overview [online]. Microsoft [refered ]. Available in the www-address < The Open Group Introduction to Single Sign-On [online]. The Open Group [refered ]. Available in the www-address < Wikipedia Active Directory [online]. Wikipedia [refered ]. Available in the www-address < Wikipedia Security Assertion Markup Language [online]. Wikipedia [refered ]. Available in the www-address < Wikipedia Single sign-on [online]. Wikipedia [refered ]. Available in the www-address <
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.
Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management
White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing
Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
Computer Systems Security 2013/2014 Single Sign-On Bruno Maia email@example.com Pedro Borges firstname.lastname@example.org December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate
INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted
Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you
Safewhere*Identify 3.4 Release Notes Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations.
Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents
DumpCollection IT Exam Training online / Bootcamp http://www.dumpcollection.com PDF and Testing Engine, study and practice Exam : 70-534 Title : Architecting Microsoft Azure Solutions Vendor : Microsoft
Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Bo Li, Sheng Ge, Tian-yu Wo, and Dian-fu Ma Computer Institute, BeiHang University, PO Box 9-32 Beijing 100083 Abstract Software
QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,
Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901 SOA, case Google Written by: Sampo Syrjäläinen, 0337918 Jukka Hilvonen, 0337840 1 Contents 1.
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of
PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:
Gateway Apps - Security Summary SECURITY SUMMARY 27/02/2015 Document Status Title Harmony Security summary Author(s) Yabing Li Version V1.0 Status draft Change Record Date Author Version Change reference
Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based
SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
email@example.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete
STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN 1 Venkadesh.M M.tech, Dr.A.Chandra Sekar M.E., Ph.d MISTE 2 1 ResearchScholar, Bharath University, Chennai 73, India. firstname.lastname@example.org 2 Professor-CSC
Architecture of Enterprise Applications III Single Sign-On Haopeng Chen REliable, INtelligent and Scalable Systems Group (REINS) Shanghai Jiao Tong University Shanghai, China e-mail: email@example.com
Two SSO Architectures with a Single Set of Credentials Abstract Single sign-on (SSO) is a widely used mechanism that uses a single action of authentication and authority to permit an authorized user to
CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
Deployment Guide Guide to Deploying NetScaler as an Active Directory Federation Services Proxy Enabling seamless authentication for Office 365 use cases Table of Contents Introduction 3 ADFS proxy deployment
This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and
QR-SSO : Towards a QR-Code based Single Sign-On system Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK firstname.lastname@example.org David Argles School
Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin
Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality
Symplified I: Windows User Identity Matthew McNew and Lex Hubbard Table of Contents Abstract 1 Introduction to the Project 2 Project Description 2 Requirements Specification 2 Functional Requirements 2
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
International Virtual Observatory Alliance IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 IVOA Proposed Recommendation 20151029 Working group http://www.ivoa.net/twiki/bin/view/ivoa/ivoagridandwebservices
Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents
White Paper March 1, 2005 Integrating AR System with Single Sign-On (SSO) authentication systems Copyright 2005 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service
Administrator Guide JustSSO is a Single Sign On (SSO) solution specially developed to integrate Google Apps suite to your Directory Service. Product developed by Just Digital v 11 Index Overview... 3 Main
User-ID Best Practices PAN-OS 5.0, 5.1, 6.0 Revision A 2011, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents PAN-OS User-ID Functions... 3 User / Group Enumeration... 3 Using LDAP Servers
Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software
CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five
Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication
M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication
Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: email@example.com Website: www.pistolstar.com
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.
FTP-Stream Integrating Active Directory Federation Services 1 Overview Active Directory Federation Services (ADFS) is a standards-based service that allows the secure sharing of identity information between
Mersea Information System: an Authentication and Authorization System to access distributed oceanographic data. Prepared by Enea S.Teresa (Italy) Version 1.0 2006-October 24 Revision History Date Version
An Oracle White Paper June 2011 OpenLDAP Oracle Enterprise Gateway Integration Guide 1 / 29 Disclaimer The following is intended to outline our general product direction. It is intended for information
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
CHAPTER 8 This chapter presents example procedures for configuring SSO for WebVPN users. It includes the following sections: Using Single Sign-on with WebVPN, page 8-1 Configuring SSO Authentication Using
OpenLogin: PTA, SAML, and OAuth/OpenID Ernie Turner Chris Fellows RightNow Technologies, Inc. Why should you care about these features? Why should you care about these features? Because users hate creating
SchoolBooking SSO Integration Guide Before you start This guide has been written to help you configure SchoolBooking to operate with SSO (Single Sign on) Please treat this document as a reference guide,
Content Filtering Client Policy & Reporting Administrator s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION
Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
Security Assertion Markup Language (SAML) Site Manager Setup Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and
Single Sign On (SSO) Implementation Manual For Connect 5 & MyConnect Sites Version 6 Release 5.7 September 2013 1 What is Blackboard Connect Single Sign On?... 3 How it Works... 3 Drawbacks to Using Single
SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT How to Create a Frictionless, Secure Customer Identity Management Strategy PART 1: WHAT IS SAML? SAML in Context Security Assertion Markup Language
Mobile Identity and Edge Security Forum Sentry Security Gateway Jason Macy CTO, Forum Systems firstname.lastname@example.org Evolution Evolution of Enterprise Identities Cloud Computing Iaas Infrastructure as a Service
Working with Indicee Elements How to Embed Indicee in Your Product 2012 Indicee, Inc. All rights reserved. 1 Embed Indicee Elements into your Web Content 3 Single Sign-On (SSO) using SAML 3 Configure an
OIX IDAP Alpha Project - Technical Findings Warwickshire County Council - using a Federated UK Government ID in trusted Local Authority transactions. By Graham Dunnings and Ian Litton 1 Table of Contents
Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V Agenda What is SSO? How does it work? Tools for SSO on ClearPath Integrating Active Directory
Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department email@example.com Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation
Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before