Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver
|
|
- Polly Jones
- 8 years ago
- Views:
Transcription
1 Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management & Security Kristian Lehment, May 2011 ASUG-Conference Session ID 3603
2 Agenda Introduction to Single Sign-On (SSO) Short demo of a federated SSO scenario The technology and the concepts behind SSO Introduction to the Security Assertion Markup Language (SAML) Browser-based Web single sign-on with SAML 2.0 Identity federation Web service-based SSO with SAML 2.0 and X.509 certificates 2011 SAP AG. All rights reserved. 2
3 Demo Introduction to Single Sign-On
4 Brokered Authentication A Core Security Pattern for Single Sign-On Security Token Issuer 1 proves his identity to a central Security Token Issuer by presenting his credentials. 2 The issuer verifies the correctness and trustworthiness of the credentials and issues a security token with s identity information. 3 presents the security token to the application(s) he wants to Single Sign-On. 4 The Application verifies the security token. ****** The Application associates an identity from its user store based on a unique value in the token. 4 3 Applications SAP AG. All rights reserved. 4
5 Examples for Brokered Authentication in SSO Technologies SSO Technology Security Token Issuer Token Format SAP Logon Ticket SAP Portal (AS Java) Cookie (digitally signed) Digital Certificate Certification Authority (CA) X.509 Certificate Kerberos Key Distribution Center (KDC) Kerberos Ticket 2011 SAP AG. All rights reserved. 5
6 Key Properties of SSO Technologies Cross-Domain Is it possible to use the SSO technology only within a security domain (i.e. the corporate Intranet) or can it be used across different domains (e.g.. to access a business partner system)? Domain A Security Token Issuer Domain B Application Cross-Platform Which platforms are supported by the SSO technology? Does it work in a heterogeneous system landscape? Is it based on industry standards? Token Content Model Does the security token only allow a fixed set of identity attributes or can it be extended dynamically? Security Token Issuer Application 2011 SAP AG. All rights reserved. 6
7 SSO Technologies Compared SSO Technology Cross-Domain Cross-Platform Token Content Model SAP Logon Ticket No No* Fixed Digital Certificate Yes Yes Fixed Kerberos No Yes Fixed SAML Yes Yes Extensible * Issuer running on SAP only, ticket validation also possible with non-sap applications 2011 SAP AG. All rights reserved. 7
8 Agenda Introduction to Single Sign-On (SSO) Short demo of a federated SSO scenario The technology and the concepts behind SSO Introduction to the Security Assertion Markup Language (SAML) Browser-based Web single sign-on with SAML 2.0 Identity federation Web service-based SSO with SAML 2.0 and X.509 certificates 2011 SAP AG. All rights reserved. 8
9 Security Assertion Markup Language (SAML) in a Nutshell Industry standard for cross-vendor Web-based Single Sign-On and Single Log-Out with wide adoption in the industry XML-based framework for security and identity information and exchanging it across administrative and technical domain boundaries SAML profiles describe a variety of end use cases for the framework SAML Security Token: the Assertion contains a statement about a user s authentication that happened in the past, i.e. when and how the user authenticated at the issuer who is the issuer of the assertion can contain additional information (a.k.a. attributes) about the user s identity, i.e. role information 2011 SAP AG. All rights reserved. 9
10 SAML 2.0 Terminology for Web Browser based SSO Identity Provider (IdP) Identity Provider (IdP) Authority responsible for authenticating an end user and asserting an identity for that user in a security token based on a trusted fashion to trusted partners. Synonyms: (Security Token) Issuer Service Provider (SP) Offers services/resources to users and has a trust relationship with an IdP to accept and trust vouch-for information provided by the IdP on behalf of a user Synonyms: (Web) Application, Relying Party Subject A subject is the user who has been authenticated by the IdP. Synonyms: User, Principal Subject Service Provider (SP) 2011 SAP AG. All rights reserved. 12
11 SAML 2.0 Terminology for Web Service based SSO Security Token Service (STS) Security Token Service (STS) Authority responsible for authenticating an end user and asserting an identity for that user in a security token based on a trusted fashion to trusted partners. Synonyms: (Security Token) Issuer Web Service Provider (SP) Offers services/resources to users and has a trust relationship with an IdP to accept and trust vouch-for information provided by the IdP on behalf of a user Synonyms: (Web) Application, Relying Party Subject A subject is the user who has been authenticated by the IdP. Synonyms: User, Principal Subject Service Provider (SP) 2011 SAP AG. All rights reserved. 13
12 Analogy of an Interoperable, Cross-Domain Security Token in the Real World TRUST German Government US Government ID Card Passport Citizen of Germany Passport Immigration Officer 2011 SAP AG. All rights reserved. 14
13 Agenda Introduction to Single Sign-On (SSO) Short demo of a federated SSO scenario The technology and the concepts behind SSO Introduction to the Security Assertion Markup Language (SAML) Browser-based Web single sign-on with SAML 2.0 Identity federation Web service-based SSO with SAML 2.0 and X.509 certificates 2011 SAP AG. All rights reserved. 16
14 Browser-Based Web SSO with SAML Part 1/2 1 invokes the URL of an access protected Web Application with his browser 2 The Web Application redirects the request to its trusted Security Token Issuer Identity Provider (IdP) 3 If is not already logged on at the Security Token Issuer, he will be asked to provide his credentials ****** 3 2 redirect request 1 Service Provider (SP) 2011 SAP AG. All rights reserved. 17
15 <form> with Assertion Browser-Based Web SSO with SAML Part 2/2 Identity Provider (IdP) The Security Token Issuer returns a SAML Assertion for in a <form> HTML element 5 s Web Browser (automatically) submits the SAML Assertion in the <form> element 6 The Web Browser sends the SAML Assertion with a HTTP POST Request to the Web Application 7 The Web Application validates the SAML Assertion, assigns a local user account to s session and returns the web page 6 POST <form> Service Provider (SPs) SAP AG. All rights reserved. 18
16 Support for Web SSO with SAML 2.0 in SAP NetWeaver Identity Center SAP NetWeaver Identity Management 7.20 Virtual Directory Server SAML 2.0 IdP SAML 2.0 SP AS ABAP 7.02 AS Java 7.20 WS-Trust STS Min. Java 7.0 SP 14 Min. Java 7.20 The IdP software component is independent from the other SAP NW IdM software components E.g. if you have the license for SAP NW IdM 7.20, the IdP can be used without using the other software components like Identity Center or VDS 2011 SAP AG. All rights reserved. 19
17 Support for Web SSO using IdP and older Releases than AS ABAP 7.02 / AS Java 7.20 Identity Provider (IdP) For SP with AS ABAP >= 7.02 AS Java >= 7.20 For SP with AS ABAP < 7.02 AS Java < 7.20 ABAP SP Java SP 2011 SAP AG. All rights reserved. 20
18 Summary SAML 2.0 The main benefits of SAML 2.0 are: SSO with SAML 2.0 SAML provides a standard for cross-domain Single Sign-On (SSO) SAML 2.0 supports identity-provider-initiated SSO (as in SAML 1.x) SAML 2.0 also supports service-provider-initiated SSO SLO with SAML 2.0 Single Log-Out (SLO) enables users to cleanly close all their sessions in a SAML landscape, even across domains Identity federation Identity federation provides the means to share identity information between partners 2011 SAP AG. All rights reserved. 21
19 Agenda Introduction to Single Sign-On (SSO) Short demo of a federated SSO scenario The technology and the concepts behind SSO Introduction to the Security Assertion Markup Language (SAML) Browser-based Web single sign-on with SAML 2.0 Identity federation Web service-based SSO with SAML 2.0 and X.509 certificates 2011 SAP AG. All rights reserved. 22
20 SSO and Identity Federation The challenge ****** Identity Provider (IdP) Service Provider (SPs) CRM john.do e Partner Portal sale s ERP JDO E How and where are s SP accounts linked to his central account at the IdP to enable SSO across all applications? 2011 SAP AG. All rights reserved. 23
21 SSO and Identity Federation and three solutions to solve it Use an existing common, unique NAME to map the accounts IdP SP jdoe Create a new common, unique IDENTIFIER to link the accounts IdP SP ID: abc123 SP jdoe IdP ID: abc123 Federate the accounts based on identity ATTRIBUTES and mapping rules IdP Department: Sales Department = Sales? SP sales 2011 SAP AG. All rights reserved. 24
22 Identity Federation in SAP NetWeaver Identity Management 7.2 Identity federation provides the means to share identity information across company boundaries User must be unambiguous and clearly identifiable, even though different user identifiers may exist across the landscape The name identifier (name ID) is the means to establish a common identifier Once the name ID has been established, the user is said to have a federated identity Identity federation enables SSO for web browser based access (user-centric) and web services (system centric) across domains SAP s solution relies on standards for interoperability between SAP and non SAP systems For web browser based access, identity federation uses an identity provider that supports SAML 2.0 For web services, identity federation uses a security token service (STS) that supports WS-Trust 1.3, supporting X.509, SAML 1.1, and SAML 2.0 tokens 2011 SAP AG. All rights reserved. 25
23 Agenda Introduction to Single Sign-On (SSO) Short demo of a federated SSO scenario The technology and the concepts behind SSO Introduction to the Security Assertion Markup Language (SAML) Browser-based Web single sign-on with SAML 2.0 Identity federation Web service-based SSO with SAML 2.0 and X.509 certificates 2011 SAP AG. All rights reserved. 26
24 SAML Web Service SSO A service is required to transform the successful authentication into an SSO token which..can be used for authentication at the Service Provider..can transfer the authentication information beyond the domain boundary...enables the Web Service consumer to prove Doe s identity to the SAP Web Service by strong cryptographic means WS Consumer Doe SAML Issuer JDoe WS Provider 2011 SAP AG. All rights reserved. 28
25 Role of an STS in Service-Based Single Sign-On Scenarios The Security Token Service (STS) is a distinguished Web Service that issues security tokens based on a standardized protocol (WS-Trust) Security Token Service (STS) 2 Authenticate user Generate requested Token The STS enhances security tokens with identity information needed for authentication Security Token Request Authentication Data 1 3 Security Token Response The STS has broad applicability - it can be used to issue security tokens in a wide range of formats Web Service Consumer Supported Securty Tokens from SAP STS: SAML 1.1 SAML 2.0 X.509 Certificates* 2011 SAP AG. All rights reserved. *short live X.509 Certificate 29
26 Support for Web SSO with SAML 2.0 in SAP NetWeaver Identity Center SAP NetWeaver Identity Management 7.20 Virtual Directory Server SAML 2.0 IdP STS The IdP software component is independent from the other SAP NW IdM software components Min. Java 7.0 SP 14 SAML 2.0 WS- Consumer AS ABAP 7.02 / 7.30 No AS Java Min. Java 7.20 SAML 2.0 WS- Provider AS ABAP 7.02 / 7.01 No AS Java E.g. if you have the license for SAP NW IdM 7.20, the IdP can be used without using the other software components like Identity Center or VDS 2011 SAP AG. All rights reserved. 30
27 Support for Web service based SSO using STS Security Token Service (STS) 2011 SAP AG. All rights reserved. 31
28 STS Issued Token Format at a Glance 2011 SAP AG. All rights reserved. 32
29 Thank You! SAP NetWeaver goes Single Sign-On Tuesday, May 17 th, 2:30 PM in the Technology Theater on the show floor learn about the new solution: SAP NetWeaver Single Sign-On, that resulted from the acquisition of assets from the company Secude. SAP will release new Single Sign-On capabilities with this product.
SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationDisclaimer. SAP 2008 / SAP TechEd 08 / SIM202 / Page 2
SIM202 SAML 2.0 and Identity Federation Yonko Yonchev, NW PM Security SAP AG Dimitar Mihaylov, NW Security and Identity Management SAP Labs Bulgaria Tsvetomir Tsvetanov, Active Global Support SAP America
More informationFirst-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2
First-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2 SAP Product Management, SAP NetWeaver Identity Management & Security Kristian
More informationNext Generation SSO for SAP Applications with SAML 2.0. SAP TG Solution Management Security April 2010
Next Generation SSO for SAP Applications with SAML 2.0 SAP TG Solution Management Security April 2010 Disclaimer This presentation outlines our general product direction and should not be relied on in
More informationImplementation Guide SAP NetWeaver Identity Management Identity Provider
Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationCloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper
Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper TABLE OF CONTENTS INTRODUCTION... 3 Where we came from... 3 The User s Dilemma with the Cloud... 4 The Administrator
More informationStep-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x
Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies
More informationThe Challenges of Web single sign-on
Serge Vereecke Security Architect IBM Security Services serge_vereecke@be.ibm.com The Challenges of Web single sign-on GSE Event September 7, 2012 Agenda Single sign-on technology Why single sign-on Challenges
More informationAn Oracle White Paper Dec 2013. Oracle Access Management Security Token Service
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More informationINUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE
INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user
More informationFederated Identity in the Enterprise
www.css-security.com 425.216.0720 WHITE PAPER The proliferation of user accounts can lead to a lowering of the enterprise security posture as users record their account information in order to remember
More informationPingFederate. SSO Integration Overview
PingFederate SSO Integration Overview 2006-2012 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 6.6 January, 2012 Ping Identity Corporation 1001 17th Street,
More informationHP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationSAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.
Exam : P_ADM_SEC_70 Title : SAP Certified Technology Professional - Security with SAP NetWeaver 7.0 Version : Demo 1 / 5 1.Which of the following statements regarding SSO and SAP Logon Tickets are true?
More informationLeveraging SAML for Federated Single Sign-on:
Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationMicrosoft Office 365 Using SAML Integration Guide
Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
More informationImprove Security, Lower Risk, and Increase Compliance Using Single Sign-On
SAP Brief SAP NetWeaver SAP NetWeaver Single Sign-On Objectives Improve Security, Lower Risk, and Increase Compliance Using Single Sign-On Single sign-on in the SAP software architecture Single sign-on
More informationIdentity Management in Telcos. Jörg Heuer, Deutsche Telekom AG, Laboratories. Munich, April 2008
Identity Management in Telcos Jörg Heuer, Deutsche Telekom AG, Laboratories. Munich, April 2008 1 Agenda. Introduction User-centric Identity and Telcos Comprehensive Identity Models IDM Reference Architecture
More informationAND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009.
MICROSOFT GENEVA SERVER AND SUN OPENSSO ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS White Paper May 2009 Abstract Interoperability between applications in heterogeneous technology
More informationFederated Identity Management Solutions
Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationHow to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On
How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On How to implement the X.509 certificate based Single Sign-On solution from SAP Page 2 of 34 How to
More informationSeptember 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence
September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple
More informationGateway Apps - Security Summary SECURITY SUMMARY
Gateway Apps - Security Summary SECURITY SUMMARY 27/02/2015 Document Status Title Harmony Security summary Author(s) Yabing Li Version V1.0 Status draft Change Record Date Author Version Change reference
More informationHP Software as a Service
HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationSession Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo
Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple how-to whitepapers will
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.
More informationSAP Single Sign-On 2.0 Overview Presentation
SAP Single Sign-On 2.0 Overview Presentation March 2016 Public Agenda SAP security portfolio Overview SAP Single Sign-On Single sign-on main scenarios Capabilities Summary 2016 SAP SE or an SAP affiliate
More informationSingle Sign-on (SSO) technologies for the Domino Web Server
Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145
More informationUsing SAP Logon Tickets for Single Sign on to Microsoft based web applications
Collaboration Technology Support Center - Microsoft - Collaboration Brief March 2005 Using SAP Logon Tickets for Single Sign on to Microsoft based web applications André Fischer, Project Manager CTSC,
More informationTIB 2.0 Administration Functions Overview
TIB 2.0 Administration Functions Overview Table of Contents 1. INTRODUCTION 4 1.1. Purpose/Background 4 1.2. Definitions, Acronyms and Abbreviations 4 2. OVERVIEW 5 2.1. Overall Process Map 5 3. ADMINISTRATOR
More informationSAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS
SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS Applies to: SAP Gateway 2.0 Summary This guide describes how you install and configure SAML 2.0 on Microsoft ADFS server and SAP NetWeaver
More informationGENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK
Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment 29.4.2008 Jyväskylä University Department of Computer Science
More informationSecurity Assertion Markup Language (SAML)
CS 595G 02/14/06 Security Assertion Markup Language (SAML) Vika Felmetsger 1 SAML as OASIS Standard OASIS Open Standard SAML V2.0 was approved in March, 2005 Blending of two earlier efforts on portable
More informationSAML SSO Configuration
SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting
More informationThe Primer: Nuts and Bolts of Federated Identity Management
The Primer: Nuts and Bolts of Federated Identity Management Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities. With so
More informationLogout Support on SP and Application
Logout Support on SP and application Logout Support on SP and Application Possibilities and and Limitations SWITCHaai Team aai@switch.ch Single Logout: Is it possible? Single Logout will work only in some
More informationOIOSAML Rich Client to Browser Scenario Version 1.0
> OIOSAML Rich Client to Browser Scenario Version 1.0 Danish Agency for Digitization December 2011 Contents > 1 Introduction 4 1.1 Purpose 1.2 Background 4 4 2 Goals and Assumptions 5 3 Scenario Details
More informationSAM Context-Based Authentication Using Juniper SA Integration Guide
SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete
More informationThe Role of Federation in Identity Management
The Role of Federation in Identity Management August 19, 2008 Andrew Latham Solutions Architect Identity Management 1 The Role of Federation in Identity Management Agenda Federation Backgrounder Federation
More informationUSING FEDERATED AUTHENTICATION WITH M-FILES
M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationEliminating Authentication Pop- Ups in SAP Landscapes
Eliminating Authentication Pop- Ups in Landscapes Cristina Buchholz, Patrick Hildenbrand Product Security, Learning Objectives As a result of this workshop, you will be able to: Understand Authentication
More informationContents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in
at a Glance 1 Introduction 17 2 Basic Principles of IT Security 23 3 Authentication and Authorization in SAP NetWeaver Application Server Java 53 4 Single Sign-On 151 5 Identity Provisioning 289 6 Secure
More informationUnleash the Power of Single Sign-On with Microsoft and SAP
Collaboration Technology Support Center Microsoft Collaboration Brief September 2007 Unleash the Power of Single Sign-On with Microsoft and SAP White Paper Authors Tilo Boettcher, Microsoft Corp (tiloboet@microsoft.com)
More informationFlexible Identity Federation
Flexible Identity Federation Administration guide version 1.0.1 Publication history Date Description Revision 2015.09.24 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationSingle Sign-On between SAP Portal and SuccessFactors
Single Sign-On between SAP Portal and SuccessFactors Dimitar Mihaylov 7/1/2012 Contents 1. Overview... 3 2. Trust between SAP Portal 7.3 and SuccessFactors... 5 2.1. Initial configuration in SAP Portal
More informationSingle-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps
Sofia Event Center 14-15 May 2014 Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps Radi Atanassov SharePoint MCM & MVP
More informationSAP NetWeaver AS Java
Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is
More informationConnected Data. Connected Data requirements for SSO
Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to ServiceNow
Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to ServiceNow Table of Contents
More information2015-11-30. Web Based Single Sign-On and Access Control
0--0 Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationHow to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions
How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions Introduction This paper provides an overview of the integrated solution and a summary of implementation options
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationExtending DigiD to the Private Sector (DigiD-2)
TECHNISCHE UNIVERSITEIT EINDHOVEN Department of Mathematics and Computer Science MASTER S THESIS Extending DigiD to the Private Sector (DigiD-2) By Giorgi Moniava Supervisors: Eric Verheul (RU, PwC) L.A.M.
More informationHow to create a SP and a IDP which are visible across tenant space via Config files in IS
How to create a SP and a IDP which are visible across tenant space via Config files in IS This Documentation is explaining the way to create a SP and IDP which works are visible to all the tenant domains.
More informationDocuSign Single Sign On Implementation Guide Published: March 17, 2016
DocuSign Single Sign On Implementation Guide Published: March 17, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents
More informationWhy Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity)
Why Identity Management Identity Management Claudiu Duma Identity crisis Privacy concerns Identity theft Terrorist threat Department of Computer and Information Science cladu@ida.liu.se What We Cover Digital
More informationPROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN
PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationPingFederate. Integration Overview
PingFederate Integration Overview 2008 Ping Identity Corporation. All rights reserved. Part Number 3007-321 January, 2008 Ping Identity Corporation 1099 18th Street, Suite 2950 Denver, CO 80202 U.S.A.
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationWeb Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.
Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On
More informationComputer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt
Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................
More informationCybersecurity and Secure Authentication with SAP Single Sign-On
Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle
More informationSingle Sign-On: Reviewing the Field
Outline Michael Grundmann Erhard Pointl Johannes Kepler University Linz January 16, 2009 Outline 1 Why Single Sign-On? 2 3 Criteria Categorization 4 Overview shibboleth 5 Outline Why Single Sign-On? Why
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationLogout in Single Sign-on Systems
Logout in Single Sign-on Systems Sanna Suoranta, Asko Tontti, Joonas Ruuskanen, Tuomas Aura IFIP IDMAN, London, UK, 8-9.4.2013 Logout in Single Sign-on Systems Motivation Single sign-on (SSO) systems SSO
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationAuthentication and Single Sign-On. Patrick Hildenbrand NW PM Security, SAP AG
Authentication and Single Sign-On Patrick Hildenbrand NW PM Security, SAP AG Agenda Authentication and Identities Authentication with SAP in a Web Based Scenario At the SAP GUI for Windows Summary SAP
More informationUsing Shibboleth for Single Sign- On
Using Shibboleth for Single Sign- On One Logon to Rule them all.. Kirk Yaros Director, Enterprise Services Mott Community College 1 Agenda Overview of Mott Overview of Shibboleth and Mott s Project Review
More informationDell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0
Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 May 2015 About this guide Prerequisites and requirements NetWeaver configuration Legal notices About
More informationMasdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae
Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation
More informationArchitecture of Enterprise Applications III Single Sign-On
Architecture of Enterprise Applications III Single Sign-On Haopeng Chen REliable, INtelligent and Scalable Systems Group (REINS) Shanghai Jiao Tong University Shanghai, China e-mail: chen-hp@sjtu.edu.cn
More informationSingle Log-Out. Andreas Åkre Solberg Malaga, June 2009
Single Log-Out Andreas Åkre Solberg Malaga, June 2009 Sessions On Web HTTP originally stateless Using Cookies to keep state Cookies in RFC2965 Set a session ID first time user visits, sent back to site
More informationLiberty Alliance. CSRF Review. .NET Passport Review. Kerberos Review. CPSC 328 Spring 2009
CSRF Review Liberty Alliance CPSC 328 Spring 2009 Quite similar, yet different from XSS Malicious script or link involved Exploits trust XSS - exploit user s trust in the site CSRF - exploit site s trust
More informationSetup Guide Central Monitoring of SAP NetWeaver Proces Integration 7.3 with SAP Solution Manager 7.1. Active Global Support February 2011
Setup Guide Central Monitoring of SAP NetWeaver Proces Integration 7.3 with SAP Solution Manager 7.1 Active Global Support February 2011 Agenda Overview Landscape Setup Recommended Setup SLD/LMDB Synchronization
More informationSEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public
SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On Public Speakers Las Vegas, Oct 19-23 Christian Cohrs, Area Product Owner Barcelona, Nov 10-12 Regine Schimmer, Product Management
More informationPingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1
PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity
More informationIdentity Server Guide Access Manager 4.0
Identity Server Guide Access Manager 4.0 June 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF
More informationSiebel CRM On Demand Single Sign-On. An Oracle White Paper December 2006
Siebel CRM On Demand Single Sign-On An Oracle White Paper December 2006 Siebel CRM On Demand Single Sign-On Introduction... 3 Single Sign-On with Siebel CRM On Demand... 4 Customer Requirements... 4 SSO
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationIT@Intel. Improving Security and Productivity through Federation and Single Sign-on
White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing
More informationUsing SAML for Single Sign-On in the SOA Software Platform
Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software
More informationUbilogin SSO. Product Description. Copyright Ubisecure Solutions, Inc., All rights reserved.
Ubilogin SSO Product Description Copyright Ubisecure Solutions, Inc., All rights reserved. 1. Introduction... 3 2. Ubilogin SSO components... 5 2.1. Ubilogin Authentication Server... 5 Management... 5
More informationApplication Gateway with Apache
Application Gateway with Apache Multi-backend scenarios Nghia Nguyen SAP NetWeaver RIG Americas, SAP Labs, LLC Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring
More informationFTP-Stream Integrating Active Directory Federation Services
FTP-Stream Integrating Active Directory Federation Services 1 Overview Active Directory Federation Services (ADFS) is a standards-based service that allows the secure sharing of identity information between
More informationIBM WebSphere Application Server
IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application
More informationDualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.
DualShield Integration Guide Copyright 2011 Deepnet Security Limited Copyright 2011, Deepnet Security. All Rights Reserved. Page 1 Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID,
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications
Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to AirWatch Applications
More informationIDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation
IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Author: Creation Date: Last Updated: Version: I. Bailey May 28, 2008 March 23, 2009 0.7 Reviewed By Name Organization
More informationSingle Sign On Integration Guide. Document version: 20.01.12
Single Sign On Integration Guide Document version: 20.01.12 Table of Contents About this document... 3 Purpose... 3 Target... 3 Support... 3 Overview... 4 SAML... 5 SAML in general... 5 How SAML is used
More information