GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK"

Transcription

1 Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment Jyväskylä University Department of Computer Science and Information Systems Jyväskylä

2 TABLE OF CONTENTS 1 INTRODUCTION THE 'ORDINARY' SSO OVERVIEW OF THREE DIFFERENT SSO SYSTEMS Active Directory (AD) Google SSO Facebook SSO DISCUSSION REFERENCES... 16

3 3 1 INTRODUCTION In this study we have taken a brief look at what SSO (Single Sign-On) is and what it means. We have tried to explain the SSO as shortly and simply as possible. Besides making it clear what an 'ordinary' SSO is, we have compared three different SSO systems and studied how they differ from each other both technically and in principle. 2 THE 'ORDINARY' SSO According to Fleury et al (2006) Single sign-on (SSO) is the ability to allow multiple actions to take place on behalf of a user, without requiring multiple authentications by that user. In quite a same way Anchan and Pegah (2003) say that Single sign-on is a mechanism whereby a single user-id and password pair will allow a user to access all authorized computer resources in a distributed, multiplatform computing environment, without the need for multiple authentication information. However, the most comprehensible definition for SSO can be found from the Wikipedia: Single sign-on (SSO) is a method of access control that enables a user to authenticate once and gain access to the resources of multiple software systems. (Wikipedia Single sign-on) In other words, the user gives his/her username and password only once and is able to access a few different services without repeating this action. A simple example of this could be for instance Google s services: once you sign in e.g. in Gmail, you are able to use other Google services like Google Calendar or Google Docs without having to signing on in them again. What is common to nearly all ordinary SSO services is that they consist of services brought by a single service provider. In our example above the service provider is Google. Before the SSO systems, the user had to sign in singly every service at a time. Figure 1 illustrates this situation that is, user using few services with no SSO system available.

4 4 Figure 1: Using few services with no SSO system available. (Source: The Open Group) As seen in Figure 1, the User has both the Primary and Secondary Domain Signons and Shells where the Domains can be seen as services brought by a single service provider. Each Domain has its own sign-on system and management information base that manages the user account. In order to use a service the user needs to sign in singly each service, even though they are connected to each other at least in principle via the producer. Using the ordinary SSO changes the case quite different.

5 5 Figure 2: The ordinary Single Sign-on. (Source: The Open Group) In this case, the services are under SSO system through which all the Secondary Domains are trusted fellow services with the Primary Domain. Now the user needs to sign in only once in order to use also all the other (secondary) services which one is able to access from the Primary Domain the user signs in first. Unlike seen in the Figure 1, there is only one User Account Manager that handles the user s account information on behalf of the Domains. 3 OVERVIEW OF THREE DIFFERENT SSO SYSTEMS In this chapter we compare three different SSO systems with each other and try to open up them for the reader. The chosen SSOs are Microsoft s Active Directory (AD), Google SSO and naturally Facebook SSO. When selecting the SSOs for this assignment, we tried to choose three systems that differ from each other, still being essential and good to know.

6 6 3.1 Active Directory (AD) Active Directory (AD) is an implementation of Lightweight Directory Access Protocol (LDAP) directory services by Microsoft that manages information about users and their resources, and allows users to access and manipulate this information. By using Active Directory, operators can manage all elements of their networks, including computers, groups, users, security policies etc. across a domain. In addition, multiple domains can be managed simultaneously. Domains may have trust for each other meaning that domains may share authentication information (user authenticated to domain A will automatically be authenticated to domain B). (Microsoft 2008; Wikipedia 2008 Active Directory) Active Directory holds information about the objects in hierarchical tree model. Objects have three categories: resources, services and users. Each entity (for example a user) has its unique identifier (Distinguished Name (DN)) and attributes, for example first name, last name and password. Attributes are defined in schemas, where attribute syntax is also presented. For example, attribute might require a value -character. Figure 3 illustrates a single user object in Active Directory. (Wikipedia 2008 Active Directory; Dulaney et al. 1999)

7 7 Figure 3: User properties in Active Directory AD is common in large computer networks where ability to manage different users and resources effectively is needed; for example, Jyväskylä University s (JYU) network is operated using Active Directory. Signing in to JYU s domain can be seen as a single sign-on function client communicates with Active Directory in order to gain access to applications/services/resources on the network. Procedure follows this pattern:

8 8 Figure 4 - Kerberos authentication (Microsoft 2008) The figure presents how Windows uses Kerberos authentication protocol as primary method for authenticating users. Authentication is based on tickets; ticket is a validation to use network resources. When user logs on to a domain client s logon credentials are sent to Kerberos authentication service (KDC in this case), which checks their validity from Active Directory. If whole authentication process succeeds, KDC gives client a session ticket that tells which services/resources user can access. Each application server then verifies that all accessing users have a valid session ticket. If application server needs to contact another application server, it can use this ticket to impersonate client and that way access other service. This can only happen, if trust exists in network within domains. (Microsoft 2008; Dulaney et al. 1999) However, this SSO method is problematic as not all services can be easily mapped to Active Directory. Some applications might offer web-based authentication (like Korppi does) and therefore users need to continue logging in to different applications, as there was no SSO present. In summary, Active Directory is a good way to simplify network management in terms of restrictions and policies, but does not offer easy way to make a true SSO system where a single login would be enough for everything.

9 9 3.2 Google SSO Google SSO system uses SAML (Security Assertion Markup Language) technique, which is a XML standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions) (Wikipedia Security Assertion Markup Language). The Google SSO is a good example of a SSO system, where there is only one service provider who does not have to worry about the trust issues between the primary domain and the secondary domains, that is, the external service/application providers. In this case, the SSO system uses identity provider services to check whether the user is granted the access to the service he/she has requested or not. The basic functioning of the Google SSO system is explained in the Figure 5 below.

10 10 Figure 5: Logging in to Google Apps using SAML (Source: Google Single Sign-On (SSO) Service for Google Apps) 1. The user requests to get an access to a hosted Google application (Gmail, Google Calendar, Google Docs...) 2. Google generates a SAML authentication request, which is embedded into the URL for the partner s SSO service. There is also the URL of the Google service embedded in the SSO URL. 3. Google redirects the user s browser to the partner. The redirected URL includes the SAML authentication request. 4. The URL reaches the partner that decodes the SAML request and extracts the URL for both the Google s authentication service (ACS, Assertion Consumer Service) and the user s destination URL. The partner

11 11 authenticates the user by either requesting the user for valid username and password or by checking for valid session cookies. 5. The partner generates a SAML response that includes the authenticated username. 6. The partner encodes the SAML response and returns it to the user s browser that forwards the information to Google s authentication service. 7. Google ACS verifies the SAML response. If the response is successfully verifies, authentication service redirects the user to the destination URL, he/she originally requested. 8. The user has been redirected to the destination URL and is logged in to the Google s application (or Google Applications). According to Google they are providing extremely reliable safekeeping for their customers to ensure the most secure, reliable, and private environment for your data (Google Welcome to Google Apps). Since Google has tens of millions of customers, both individuals and companies, it is easy to believe that the security is and will be quite a big issue in their service planning and implementation. In brief, Google divides its security roughly under three subtitles: Physical security, Threat identification and management and Safe access. The last-mentioned, safe access includes among others a mention about the protection during the transmission of data on the wire, so that confidential data is not intercepted on the network (Google Welcome to Google Apps). In general SAML-based SSO systems are considered highly secure. When it comes down to single sign-on systems, SAML is a prevalent standard used popularly in many companies. The OASIS (Organization for the Advancement of Structured Information Standards) Security Services Technical Committee, which has created SAML, has taken extensively into account different kinds of security and privacy threats and when used properly, SAML provides a workable and secure technique to build up SSO systems for web applications. 3.3 Facebook SSO The initial Facebook Platform API was released on August 2006, and since, developers around the globe have been able to build applications for Facebook. Official release of Facebook Platform on May 2007 also opened up the site itself,

12 12 giving developers stronger distribution models and access to all the integration points Facebook uses to build applications. According to Facebook itself, Facebook Platform has unlocked an access to its core value: the social graph. (Facebook Facebook Developers High-Level Specification) "The Facebook Platform is a standards-based Web service with methods for accessing and contributing Facebook data." In addition to the Interface (API), these methods include FBML (Facebook Markup Language), FQL (Facebook Query Language) and FBJS (Facebook JavaScript). Facebook API uses a RESTlike interface, which means that every Facebook method call is made over the Internet by sending HTTP GET or POST requests to the Facebook API REST server. With the API, developers can add social context to the applications by utilizing social data like profile, friend, photo and event data. (Facebook API - Facebook Developers Wiki) FBML is a subset of HTML, which enables a developer to gain access to many of the integration points Facebook has to offer. An example flow for how the HTML for a web app canvas is rendered is illustrated in Figure 6. Application server, which has to take care of all the business logic, calls the APIs on Facebook and produces FBML as a result, which is then presented to the user. (Facebook Random questions - Facebook Developers Wiki)

13 13 Figure 6 - An example flow on Facebook architecture (Facebook Facebook Developers High-Level Specification) Furthermore, Facebook uses a certain API key system to authenticate applications that make requests to the Facebook API server. Authentication process is illustrated in the following two figures: Figure 7 - External Facebook web application authentication process In order for a Facebook API client to use the API, the user of the client application must be logged in to Facebook. To ensure this, (1) users are redirected to a Facebook login page, which will prompt the user to log in if

14 14 necessary. An API key, which is uniquely assigned to the vendor, is passed along with every request. API key identifies, among other things, that the source IP for the call is acceptable. (2) Upon successful authentication, if the user has never logged in to this application before, he/she will be asked to accept the terms of service for using the application. (3) Finally, for web-based applications, the user is redirected to URL defined by the developer along with an auth_token parameter. Figure 8 - External Facebook web application session establishment The application then exchanges this token for a session key via the facebook.auth.getsession() method. This session key is then used when making request calls to the Facebook API. We presume, that users are allowed to access their Facebook applications through Facebook in a similar manner by opening sessions to applications they have joined before. There is very limited amount of information about this procedure and therefore we cannot describe this process any more specifically. 4 DISCUSSION In our essay we began by explaining what SSO is and the basic idea behind it. After that we proceeded by presenting three different SSO systems: AD, Google SSO and Facebook SSO, and gave a brief overview of principles and techniques behind them. To summarize the benefits of SSO system we can conclude that SSO is very important to the user because then users do not have to sign in singly every service they need, and they only need one pair of login credentials to access all their services. This reduces the number of authentication problems related to forgotten passwords and therefore enhances the security by reducing number of login credentials users need if the amount of accounts would grow too big, users would have to write their login information down in order to remember all of them. By using SSO, operators can more easily restrict services user may access and therefore make the system more secure. Application developers also

15 15 benefit from SSO systems, as they do not have to think about security and authentication in their applications. This is very important in Facebook, as users are allowed to make their own applications and integrate them to Facebook by using Facebook SSO. (The Open Group 2008; Huntington Ventures Ltd 2006) Still, SSO does not come without any problems; traditional single sign-on systems are under high load as all traffic to system goes through them. This requires fault tolerant signing systems to prevent authentication problems if one of the authentication services goes down. From the three different SSOs we studied in this research, the AD system is designed for more local computer systems whereas Google SSO and Facebook SSO are clearly developed for distributed web services. Furthermore the AD system requires substantially more administration and control as access to use one must be requested and granted. Added to this the AD system is intended for more administrative tasks, unlike the other two systems. In principle, the main difference between Google SSO and Facebook SSO is that Facebook does not use a third party as an identity provider like Google does. Another difference is that Google provides only applications developed by itself, whereas Facebook also provides applications developed by its users. This means that Facebook needs to handle lots of trust issues considering cooperation between Facebook, application developers and the users, which must also have been a big affair to take into consideration while designing their SSO. From technical point of view, Google and Facebook differ in the way their platforms work: unlike Google, Facebook uses a REST-like interface. Google SSO system uses SAML technique, which is a XML standard for exchanging authentication and authorization data between security domains. Facebook uses a certain key-token authentication system through its REST-like interface, which allows external applications to gain access to Facebook API and thus making signing on singly possible for the users. For further research we recommend study on e.g. subjects privacy and data security within SSO systems and more specific knowledge about the functioning of authority and authentication in different SSO systems.

16 16 REFERENCES Anchan, D. & Pegah, M Regaining single sign-on taming the beast. In Proceedings of the 31st Annual ACM SIGUCCS Conference on User Services (San Antonio, TX, USA, September 21-24, 2003). SIGUCCS '03. ACM, New York, NY, Dulaney, E., Sankar, V. & Sankar, S Active Directory: An Overview [online]. 29th Street Press [refered ]. Available in the wwwaddress <http://www.windowsitlibrary.com/content/155/07/1.html>. Facebook API - Facebook Developers Wiki [online]. Facebook [refered ]. Available in the www-address <http://wiki.developers.facebook.com/index.php/api>. Facebook Facebook Developers High-Level Specification [online]. Facebook [refered ]. Available in the www-address <http://developers.facebook.com/specification.php>. Facebook Random questions - Facebook Developers Wiki [online]. Facebook [refered ]. Available in the www-address <http://wiki.developers.facebook.com/index.php/random_questions>. Fleury, T., Basney, J., & Welch, V Single sign-on for java web start applications using myproxy. In Proceedings of the 3rd ACM Workshop on Secure Web Services (Alexandria, Virginia, USA, November 03-03, 2006). SWS '06. ACM, New York, NY, Google SAML Single Sign-On (SSO) Service for Google Apps [online]. Google [refered ]. Available in the www-address <http://code.google.com/apis/apps/sso/saml_reference_implementatio n.html>. Google Welcome to Google Apps [online]. Google [refered ]. Available in the www-address <http://www.google.com/a/help/intl/en/admins/security.html>. Huntington Ventures Ltd Single Sign On Authentication [online]. Huntington Ventures Ltd [refered ]. Available in the www-

17 17 address <http://www.authenticationworld.com/single-sign-on- Authentication/>. Microsoft Windows 2000 Security Technical Overview [online]. Microsoft [refered ]. Available in the www-address <http://technet.microsoft.com/en-us/library/bb aspx>. The Open Group Introduction to Single Sign-On [online]. The Open Group [refered ]. Available in the www-address <http://www.opengroup.org/security/sso/sso_intro.htm>. Wikipedia Active Directory [online]. Wikipedia [refered ]. Available in the www-address <http://en.wikipedia.org/wiki/active_directory>. Wikipedia Security Assertion Markup Language [online]. Wikipedia [refered ]. Available in the www-address <http://en.wikipedia.org/wiki/security_assertion_markup_language>. Wikipedia Single sign-on [online]. Wikipedia [refered ]. Available in the www-address <http://en.wikipedia.org/wiki/single_sign-on>.

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

Leveraging SAML for Federated Single Sign-on:

Leveraging SAML for Federated Single Sign-on: Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.

More information

Architecture Guidelines Application Security

Architecture Guidelines Application Security Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management

More information

IT@Intel. Improving Security and Productivity through Federation and Single Sign-on

IT@Intel. Improving Security and Productivity through Federation and Single Sign-on White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing

More information

Getting Started with AD/LDAP SSO

Getting Started with AD/LDAP SSO Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories

More information

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

SAML Security Option White Paper

SAML Security Option White Paper Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions

More information

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................

More information

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website:

More information

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole

More information

Single Sign-on (SSO) technologies for the Domino Web Server

Single Sign-on (SSO) technologies for the Domino Web Server Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

Google Apps Deployment Guide

Google Apps Deployment Guide CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate

More information

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user

More information

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...

More information

A Standards-based Mobile Application IdM Architecture

A Standards-based Mobile Application IdM Architecture A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted

More information

ELM Manages Identities of 4 Million Government Program Users with. Identity Server

ELM Manages Identities of 4 Million Government Program Users with. Identity Server ELM Manages Identities of 4 Million Government Program Users with Identity Server ELM Implements Single Sign-on With WSO2 Identity Server to Streamline Administration, Improve Productivity, and Reduce

More information

OpenHRE Security Architecture. (DRAFT v0.5)

OpenHRE Security Architecture. (DRAFT v0.5) OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2

More information

Deploying RSA ClearTrust with the FirePass controller

Deploying RSA ClearTrust with the FirePass controller Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you

More information

Safewhere*Identify 3.4. Release Notes

Safewhere*Identify 3.4. Release Notes Safewhere*Identify 3.4 Release Notes Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations.

More information

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents

More information

Web Applications Access Control Single Sign On

Web Applications Access Control Single Sign On Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,

More information

IT Exam Training online / Bootcamp

IT Exam Training online / Bootcamp DumpCollection IT Exam Training online / Bootcamp http://www.dumpcollection.com PDF and Testing Engine, study and practice Exam : 70-534 Title : Architecting Microsoft Azure Solutions Vendor : Microsoft

More information

Research and Implementation of Single Sign-On Mechanism for ASP Pattern *

Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Bo Li, Sheng Ge, Tian-yu Wo, and Dian-fu Ma Computer Institute, BeiHang University, PO Box 9-32 Beijing 100083 Abstract Software

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

QualysGuard SAML 2.0 Single Sign-On. Technical Brief

QualysGuard SAML 2.0 Single Sign-On. Technical Brief QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,

More information

SOA, case Google. Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901.

SOA, case Google. Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901. Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901 SOA, case Google Written by: Sampo Syrjäläinen, 0337918 Jukka Hilvonen, 0337840 1 Contents 1.

More information

Authentication Methods

Authentication Methods Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the

More information

Perceptive Experience Single Sign-On Solutions

Perceptive Experience Single Sign-On Solutions Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark

More information

Copyright: WhosOnLocation Limited

Copyright: WhosOnLocation Limited How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and

More information

WebLogic Server 7.0 Single Sign-On: An Overview

WebLogic Server 7.0 Single Sign-On: An Overview WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of

More information

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access

More information

SCAS: AN IMPROVED SINGLE SIGN-ON MODEL BASE ON CAS

SCAS: AN IMPROVED SINGLE SIGN-ON MODEL BASE ON CAS SCAS: AN IMPROVED SINGLE SIGN-ON MODEL BASE ON CAS 1,2 XIANG LIYUN, 1 FANG ZHIYI, 1 SUN HONGYU 1 College of Computer Science and Technology, Jilin University, Changchun, China 2 Department of Computer

More information

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:

More information

Gateway Apps - Security Summary SECURITY SUMMARY

Gateway Apps - Security Summary SECURITY SUMMARY Gateway Apps - Security Summary SECURITY SUMMARY 27/02/2015 Document Status Title Harmony Security summary Author(s) Yabing Li Version V1.0 Status draft Change Record Date Author Version Change reference

More information

Secure the Web: OpenSSO

Secure the Web: OpenSSO Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based

More information

Digital Identity Management

Digital Identity Management Digital Identity Management Roohul Halim Syed Atif Shaharyar Email: {rooha433, syesh740}@student.liu.se Supervisor: Anna Vapen, {annva@ida.liu.se} Project Report for Information Security Course Linköpings

More information

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

SAM Context-Based Authentication Using Juniper SA Integration Guide

SAM Context-Based Authentication Using Juniper SA Integration Guide SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN 1 Venkadesh.M M.tech, Dr.A.Chandra Sekar M.E., Ph.d MISTE 2 1 ResearchScholar, Bharath University, Chennai 73, India. venkadeshkumaresan@yahoo.co.in 2 Professor-CSC

More information

Architecture of Enterprise Applications III Single Sign-On

Architecture of Enterprise Applications III Single Sign-On Architecture of Enterprise Applications III Single Sign-On Haopeng Chen REliable, INtelligent and Scalable Systems Group (REINS) Shanghai Jiao Tong University Shanghai, China e-mail: chen-hp@sjtu.edu.cn

More information

Two SSO Architectures with a Single Set of Credentials

Two SSO Architectures with a Single Set of Credentials Two SSO Architectures with a Single Set of Credentials Abstract Single sign-on (SSO) is a widely used mechanism that uses a single action of authentication and authority to permit an authorized user to

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy Deployment Guide Guide to Deploying NetScaler as an Active Directory Federation Services Proxy Enabling seamless authentication for Office 365 use cases Table of Contents Introduction 3 ADFS proxy deployment

More information

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them. This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and

More information

QR-SSO : Towards a QR-Code based Single Sign-On system

QR-SSO : Towards a QR-Code based Single Sign-On system QR-SSO : Towards a QR-Code based Single Sign-On system Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David Argles School

More information

Egnyte Single Sign-On (SSO) Installation for OneLogin

Egnyte Single Sign-On (SSO) Installation for OneLogin Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin

More information

SAP NetWeaver AS Java

SAP NetWeaver AS Java Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Getting Started with Clearlogin A Guide for Administrators V1.01

Getting Started with Clearlogin A Guide for Administrators V1.01 Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality

More information

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard Symplified I: Windows User Identity Matthew McNew and Lex Hubbard Table of Contents Abstract 1 Introduction to the Project 2 Project Description 2 Requirements Specification 2 Functional Requirements 2

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0

IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 International Virtual Observatory Alliance IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 IVOA Proposed Recommendation 20151029 Working group http://www.ivoa.net/twiki/bin/view/ivoa/ivoagridandwebservices

More information

Single Sign On for ShareFile with NetScaler. Deployment Guide

Single Sign On for ShareFile with NetScaler. Deployment Guide Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents

More information

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0 Windows Live Cloud Identity Connector Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Windows Live Cloud Identity Connector User Guide Version 1.0 April, 2011 Ping Identity

More information

Identity Federation Management to make Operational and Business Efficiency through SSO

Identity Federation Management to make Operational and Business Efficiency through SSO 2012 International Conference on Industrial and Intelligent Information (ICIII 2012) IPCSIT vol.31 (2012) (2012) IACSIT Press, Singapore Identity Federation Management to make Operational and Business

More information

An Identity Management Survey. on Cloud Computing

An Identity Management Survey. on Cloud Computing Int. Journal of Computing and Optimization, Vol. 1, 2014, no. 2, 63-71 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ijco.2014.458 An Identity Management Survey on Cloud Computing Ardi BENUSI

More information

White Paper March 1, 2005. Integrating AR System with Single Sign-On (SSO) authentication systems

White Paper March 1, 2005. Integrating AR System with Single Sign-On (SSO) authentication systems White Paper March 1, 2005 Integrating AR System with Single Sign-On (SSO) authentication systems Copyright 2005 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service

More information

Administrator Guide. v 11

Administrator Guide. v 11 Administrator Guide JustSSO is a Single Sign On (SSO) solution specially developed to integrate Google Apps suite to your Directory Service. Product developed by Just Digital v 11 Index Overview... 3 Main

More information

User-ID Best Practices

User-ID Best Practices User-ID Best Practices PAN-OS 5.0, 5.1, 6.0 Revision A 2011, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents PAN-OS User-ID Functions... 3 User / Group Enumeration... 3 Using LDAP Servers

More information

Using SAML for Single Sign-On in the SOA Software Platform

Using SAML for Single Sign-On in the SOA Software Platform Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software

More information

Configuring Sponsor Authentication

Configuring Sponsor Authentication CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

More information

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication

More information

USING FEDERATED AUTHENTICATION WITH M-FILES

USING FEDERATED AUTHENTICATION WITH M-FILES M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication

More information

Leverage Active Directory with Kerberos to Eliminate HTTP Password

Leverage Active Directory with Kerberos to Eliminate HTTP Password Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website: www.pistolstar.com

More information

An Anti-Phishing mechanism for Single Sign-On based on QR-Code

An Anti-Phishing mechanism for Single Sign-On based on QR-Code An Anti-Phishing mechanism for Single Sign-On based on QR-Code Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David

More information

How to Implement Enterprise SAML SSO

How to Implement Enterprise SAML SSO How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

SAML Authentication Quick Start Guide

SAML Authentication Quick Start Guide SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.

More information

FTP-Stream Integrating Active Directory Federation Services

FTP-Stream Integrating Active Directory Federation Services FTP-Stream Integrating Active Directory Federation Services 1 Overview Active Directory Federation Services (ADFS) is a standards-based service that allows the secure sharing of identity information between

More information

Prepared by Enea S.Teresa (Italy) Version 1.0 2006-October 24

Prepared by Enea S.Teresa (Italy) Version 1.0 2006-October 24 Mersea Information System: an Authentication and Authorization System to access distributed oceanographic data. Prepared by Enea S.Teresa (Italy) Version 1.0 2006-October 24 Revision History Date Version

More information

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011 NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity

More information

OpenLDAP Oracle Enterprise Gateway Integration Guide

OpenLDAP Oracle Enterprise Gateway Integration Guide An Oracle White Paper June 2011 OpenLDAP Oracle Enterprise Gateway Integration Guide 1 / 29 Disclaimer The following is intended to outline our general product direction. It is intended for information

More information

Single Sign On. SSO & ID Management for Web and Mobile Applications

Single Sign On. SSO & ID Management for Web and Mobile Applications Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

More information

Configuring Single Sign-on for WebVPN

Configuring Single Sign-on for WebVPN CHAPTER 8 This chapter presents example procedures for configuring SSO for WebVPN users. It includes the following sections: Using Single Sign-on with WebVPN, page 8-1 Configuring SSO Authentication Using

More information

Authentication and Single Sign On

Authentication and Single Sign On Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication

More information

OpenLogin: PTA, SAML, and OAuth/OpenID

OpenLogin: PTA, SAML, and OAuth/OpenID OpenLogin: PTA, SAML, and OAuth/OpenID Ernie Turner Chris Fellows RightNow Technologies, Inc. Why should you care about these features? Why should you care about these features? Because users hate creating

More information

IceWarp Server - SSO (Single Sign-On)

IceWarp Server - SSO (Single Sign-On) IceWarp Server - SSO (Single Sign-On) Probably the most difficult task for me is to explain the new SSO feature of IceWarp Server. The reason for this is that I have only little knowledge about it and

More information

SchoolBooking SSO Integration Guide

SchoolBooking SSO Integration Guide SchoolBooking SSO Integration Guide Before you start This guide has been written to help you configure SchoolBooking to operate with SSO (Single Sign on) Please treat this document as a reference guide,

More information

Content Filtering Client Policy & Reporting Administrator s Guide

Content Filtering Client Policy & Reporting Administrator s Guide Content Filtering Client Policy & Reporting Administrator s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION

More information

Microsoft Office 365 Using SAML Integration Guide

Microsoft Office 365 Using SAML Integration Guide Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

Cloud Computing. Chapter 5 Identity as a Service (IDaaS) Cloud Computing Chapter 5 Identity as a Service (IDaaS) Learning Objectives Describe challenges related to ID management. Describe and discuss single sign-on (SSO) capabilities. List the advantages of

More information

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Security Assertion Markup Language (SAML) Site Manager Setup

Security Assertion Markup Language (SAML) Site Manager Setup Security Assertion Markup Language (SAML) Site Manager Setup Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and

More information

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites Single Sign On (SSO) Implementation Manual For Connect 5 & MyConnect Sites Version 6 Release 5.7 September 2013 1 What is Blackboard Connect Single Sign On?... 3 How it Works... 3 Drawbacks to Using Single

More information

SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT. How to Create a Frictionless, Secure Customer Identity Management Strategy

SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT. How to Create a Frictionless, Secure Customer Identity Management Strategy SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT How to Create a Frictionless, Secure Customer Identity Management Strategy PART 1: WHAT IS SAML? SAML in Context Security Assertion Markup Language

More information

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com Mobile Identity and Edge Security Forum Sentry Security Gateway Jason Macy CTO, Forum Systems jmacy@forumsys.com Evolution Evolution of Enterprise Identities Cloud Computing Iaas Infrastructure as a Service

More information

Working with Indicee Elements

Working with Indicee Elements Working with Indicee Elements How to Embed Indicee in Your Product 2012 Indicee, Inc. All rights reserved. 1 Embed Indicee Elements into your Web Content 3 Single Sign-On (SSO) using SAML 3 Configure an

More information

OIX IDAP Alpha Project - Technical Findings

OIX IDAP Alpha Project - Technical Findings OIX IDAP Alpha Project - Technical Findings Warwickshire County Council - using a Federated UK Government ID in trusted Local Authority transactions. By Graham Dunnings and Ian Litton 1 Table of Contents

More information

Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V

Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V Agenda What is SSO? How does it work? Tools for SSO on ClearPath Integrating Active Directory

More information

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation

More information

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Implementation Guide SAP NetWeaver Identity Management Identity Provider Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before

More information