Single Sign On In A CORBA-Based
|
|
- Antonia Dawson
- 8 years ago
- Views:
Transcription
1 Single Sign On In A CORBA-Based Based Distributed System Igor Balabine IONA Security Architect
2 Outline A standards-based framework approach to the Enterprise application security Security framework example: IONA Security Framework (isf) Security framework based SSO solutions Summary
3 Why A Security Framework? Security Framework: insulates middleware applications from the diverse and changing enterprise security infrastructures. provides a uniform, vendor-neutral, standards-based approach to communicating security-related requests across the enterprise. provides applications a single access point to multiple security services such as authentication, authorization, SSO, PKI, management, and notification services. Security Framework binds applications with any enterprise security infrastructure!
4 Security Framework vs Super-Directory Enterprise Security Service B Super Directory Enterprise Security Service A APP 1 APP k APP n Intermediate Security Server 1 Intermediate Security Server m Security framework approach avoids performance bottlenecks suffered by a centralized approach such as Super Directory!
5 Security Framework Architecture Request/Response messages over IIOP/http(s): support for distributed and co-located deployments J2EE or WS Application App SF Adapter Security Service (S2) S2 ESS Adapter Native API calls: no changes in the application code! Native API example: EJBContext.getCallerPrincipal() EJBContext.isCallerInRole() Enterprise Security System (ESS) Third party security system native protocol
6 Authentication and Authorization Services Authentication and authorization services are supported via dedicated adapters. Internal protocol: SAML satisfies purposes and allows extensibility. Could be easily replaced if necessary if internal interface in the application SDK is generic. Required authorization models: coarse grain RBAC (e.g. J2EE, Web Services), fine grain DAC (e.g. CORBASEC, B2Bi). SAML protocol allows communicating arbitrary security assertions between applications and the Security Server!
7 PKI Services PKI services are supported via dedicated adapters. Internal protocol: XKMS powerful and extensible. Endorsed by industry leaders (Verisign, Entrust, Microsoft). Common use: integration with certificate stores. Advanced use: certificate validation services. Many PKI vendors are expected to adopt XKMS: in such installations S2 PKI adapter becomes (almost) a pass through!
8 Framework Administration Solutions integrated with 3rd party systems are managed using native administrative tools, e.g. SiteMinder console for an enterprise which uses Netegrity SiteMinder. Framework provides out of the box facilities for Single Sign- On and authorization (RBAC and DAC) services for environments devoid of such functionality, e.g. Windows Domain. Framework Auditing Component co-located with the Security Server (S2) provides logs in standard formats (syslog, NT Event Log, Snort) easily consumable by event monitoring systems. Framework offloads administrative tasks to 3rd party tools where possible and provides components to manage custom security information!
9 Single Sign-on and End-to to-end Security Auth. tokens are passed in http header or in SOAP message SSO: User seamlessly logs into multiple services after authenticating once to Enterprise Security System via is2 Web Service J2EE application server Realm A Realm B S2 SSO facility Realm C CORBA middleware application Security Server A2 Adapter E2E Security: Services validate authentication tokens with is2 and receive fine grain user authorization information Realm D Enterprise Backend System, e.g. UNIX Servers Enterprise Directory, e.g. RACF Auth. tokens are passed in CSI v2 context
10 Crossing The Chasm S2 Az Manager S2 SSO Facility A2 Adapter Alice Credentials 1,000,000 users Web Services Gateway Authenticate + Authorize User=Alice URL= GetInfo J2EE application server Realm B Enterprise Security System, e.g. Netegrity Authorize User=Alice action= Get info Authorize Authorize Security Server B CORBA middleware application Realm C Sys101 action= Get info origin= Alice Security Server A A2 Adapter Authorize ~100 Technical accounts Realm D Enterprise Backend System, e.g. OS/390 Enterprise Security System, e.g. RACF
11 Framework Scalability and Fail-over Authentication Token structure: { issuer id, [backup id,] <unique value>} m,n Authorization Interceptor This interceptor is configured to access is2 instance k Session info is replicated upon session creation m,n Primary m,n 1 is2 m is2 k Backup is2 n m,n 2 Authorization Info Security framework clustering schema guarantees that principal s authorization information is no more than two hops away!
12 Security Platform Example: IONA Security Framework (isf)
13 IONA Security Framework Components Custom Application, Web Service, Application Server - provided by IONA - optionally provided by IONA - custom component Orbix E2A, XMLBus, Orbix E2A J2EE Server Product specific adapter IONA C/C++ SAML/XKMS Library Product specific adapter IONA Java SAML/XKMS Library Product specific interface example: EJBContext.getCallerPrincipal() EJBContext.isCallerInRole() 3 rd party A2 system adapter: Netegrity, Windows Domain, LDAP, Evidian, etc. To Au+Az system IIOP Interface IONA Security Server (is2) SAML/A2 adapter A2 System Adapter http/https Interface IONA ART or App Server XKMS/PKI adapter PKI System Adapter 3 rd party PKI system adapter: Entrust Authority, Baltimore, Verisign, etc. To PKI system
14 Optional is2 Components - provided by IONA - optionally provided by IONA - custom component IONA ART or App Server IONA Security Service iazmgr Facility SSO Facility is2 Adapter Optional: Implements Role Based Access Control model Optional: Provides session management functions Interacts with Enterprise Security Service isf provides optional built-in components which augment the existing ESS functionality or provide mechanisms absent in the existing ESS!
15 Single Sign On (SSO) Facility Provides session management features to is2 client applications. Issues authentication tokens which clients can use for subsequent access to the services provided by is2 client applications. Authentication token is valid for a certain period configured by SysAdmin. Authentication token expires if idle period between two subsequent service requests exceeds maximum configured by SysAdmin. is2 SSO facility provides single sign on functionality across Enterprise security domains!
16 is2 Authorization Manager iazmgr keeps information which supports implementation of the Role Based Access Control (RBAC) model by IONA or third party products. iazmgr stores information about Principals, Roles and privilege scopes called Realms. iazmgr answers a simple question: Which Roles are assigned to this Principal in a given Realm? iazmgr database of Principals, Roles and Realms is stored in an abstract repository accessed via JDBC. iazmgr keeps authorization information in environments devoid of robust authorization facilities such as Windows Domain!
17 iazmgr Feature: Scoped Roles Realm HR Engineering Accounting Role Employee Manager Administrator Operator Principal Alice Bob Carol Alice HR: Employee Accounting: Manager isf implements a superset of the proposed NIST RBAC standard compatible with the J2EE requirements!
18 isf Adapter Example: OS/390 SAF passwd(name, pwd, null) SAML(name, pwd) is2 check_resource_auth_np() Invoke for the FACILITY class and all known ISF.xxx.yyy resources to determine a subset available to the user. In the FACILITY class use resource id syntax: ISF.<realm>.<role> Example: ISF.FINANCIALAPP.CLERK OS/390 (z/os) OS/390 SAF adapter SSL(IIOP( OK +AzInfo)) SSL(IIOP(name, pwd)) SAF RACF/ ACF2 SAF CORBA client List of isf.*.* resources SAF CORBA server A smart isf adapter allows to use RACF as a RBAC repository!
19 Putting It All Together First invocation: user credentials are passed, e.g. Alice:secret Alice Server implements a credential collector which passes client credentials to isf via the exposed is2 Client SDK interface Authorization: 1. Server maintains a table which maps requested actions to authorizations ( roles ) 2. Server queries the AuthenticatedPrincipal interface provided by isf to determine if the Client possesses a necessary role ( iscallerinrole ). Security Aware Client-side Component Security Aware Server-side Component Next-tier Service Server sends back session authentication token received from isf SSO: Client passes session authentication token for all subsequent invocations or Opaque isf Cloud is2 Client SDK Library is2 Server isfassertionprovider interface End-to-end security: Server propagates Client s session authentication token when delegating the task to the next tier service To Authn + Authz System (3 rd party)
20 Security Framework Based SSO Solutions
21 A Spanish subsidiary of a Swiss Insurance Servlet EJB application Authenticate: Alice Alice is OK! Session token = T(W) Security Platform Server AA Adapter S EJB-Authorization per request iscallerinrole, getcallerprincipal Enterprise Security Store SunOne LDAP
22 Deployment with isf Accessibility list: S11: role1, role2, S2n: role1, role5, {S1} Bank Specific Svc Locator CORBA Services 2 Client Application IIOP Firewall Transport: IIOP only! Maintains a list of available services and makes access control decisions 3 Requests service Optional: Routes authenticated Client s requests and redirects requests without authentication tokens to the Authentication Service. Authenticates clients and caches authorization data 1 Authentication Service is2 is2 CORBA Services {S2} is2 Competence System Adapter Competence Domain 1 A collection of services which requires authorization from CD1 ESS 1 Authorization Interceptor ESS 2 RACF Policy Enforcement Point: ASP CORBA enforces access control to CORBA services Competence Domain 2 A collection of services which requires authorization from CD2
23 SSO For CORBA Clients org.omg.securitylevel2.principalauthenticator.authenticate(, userid= Alice, pass= secret, ) Alice CORBA Login Server Alice, secret 3 1 CORBA Client C O2K CSI v2 plug-in 2 <AT> 5 <AT>, SSO Token 4 LoginUP.login( Alice, secret ) Login.login(<token>) LoginSSLCert.login() CORBA Server S O2K CSI v2 plug-in <AT> 6 To is2 and Authz System isf remedies CSI v2 deficiencies and provides a robust SSO solution for CORBA applications!
24 A Government Agency Requirements: Use Kerberos credentials to authenticate and authorize requests to non-kerberized services Support secure invocation of Kerberized services by non- Kerberized CORBA applications using delegated Kerberos credentials Solution: Use CSI v2 context for transmitting Kerberos service request tokens Use isf to authorize Kerberos users for invoking non-kerberos services
25 Government Agency Deployment Kerberos KDC Kerberos TGS Servers S1 and S2 are registered with Kerberos Alice Kerberos Client (GSS API) Delegated credential (Proxy STkt or TGT) Another Kerberos Service CORBA Client C O2K CSI v2 plug-in Authorization info Alice s delegated Kerberos credential LDAP CORBA Server S1 O2K CSI v2 plug-in is2 Alice s delegated Kerberos credential CORBA Server S2
26 Big Telco is2 Az Manager is2 SSO Facility A2. Adapter Alice Credentials 1,000,000 users User=Alice URL= GetInfo Web Services Gateway Authenticate Web Service J2EE application server Realm B Enterprise Security System, e.g. Netegrity Authorize Realm A User=Alice action= Get info Authorize Authorize Realm C Middleware application IONA Security Server A A2 Adapter IONA Security Server B Authorize Sys101 action= Get info origin= Alice Realm D Enterprise Backend System, e.g. OS/390 Enterprise Security System, e.g. RACF ~100 Technical accounts Map id
27 Summary - Security Platform benefits Security Framework approach provides applications a robust integration broker layer with Enterprise wide security services. Framework based architecture is flexible and allows integration with diverse security solutions from Windows domain to OS/390 RACF. Security framework covers important aspects of security such as authentication, authorization, SSO and PKI services.
28 Additional Information IONA Security Framework (isf) and its application to providing security services to J2EE, CORBA applications and Web Services is described in the Orbix E2A Security white paper. You may download it at
IONA Security Platform
IONA Security Platform February 22, 2002 Igor Balabine, PhD IONA Security Architect Copyright IONA Technologies 2001 End 2 Anywhere Agenda IONA Security Platform (isp) architecture Integrating with Enterprise
More information> Please fill your survey to be eligible for a prize draw. Only contact info is required for prize draw Survey portion is optional
Web Access Management May 2008 CA Canada Seminar > Please fill your survey to be eligible for a prize draw Only contact info is required for prize draw Survey portion is optional > How to Transform Tactical
More informationIntegrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies
Guideline Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies Product(s): IBM Cognos 8 BI Area of Interest: Security Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies 2 Copyright
More informationWeb Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.
Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On
More informationGlassFish Security. open source community experience distilled. security measures. Secure your GlassFish installation, Web applications,
GlassFish Security Secure your GlassFish installation, Web applications, EJB applications, application client module, and Web Services using Java EE and GlassFish security measures Masoud Kalali PUBLISHING
More informationIdentity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE
Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication
More informationenterprise^ IBM WebSphere Application Server v7.0 Security "publishing Secure your WebSphere applications with Java EE and JAAS security standards
IBM WebSphere Application Server v7.0 Security Secure your WebSphere applications with Java EE and JAAS security standards Omar Siliceo "publishing enterprise^ birmingham - mumbai Preface 1 Chapter 1:
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationThe Enterprise Service Bus
1 ESBs: Essential Infrastructure for a Successful SOA March 2005 2 at a glance Customers include world s largest firms! 80% of Global Telecom! 70% of Financial Services in Global 100! Blue Chip System
More informationSSO Plugin. Release notes. J System Solutions. http://www.javasystemsolutions.com Version 3.6
SSO Plugin Release notes J System Solutions Version 3.6 JSS SSO Plugin v3.6 Release notes What's new... 3 Improved Integrated Windows Authentication... 3 BMC ITSM self service... 3 Improved BMC ITSM Incident
More informationSAP Mobile - Webinar Series SAP Mobile Platform 3.0 Security Concepts and Features
SAP Mobile - Webinar Series SAP Mobile Platform 3.0 Security Concepts and Features Dirk Olderdissen Solution Expert, Regional Presales EMEA SAP Brought to you by the Customer Experience Group 2014 SAP
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationArchitecture Guidelines Application Security
Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation
More informationOracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007
Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...
More informationOpen Directory. Apple s standards-based directory and network authentication services architecture. Features
Open Directory Apple s standards-based directory and network authentication services architecture. Features Scalable LDAP directory server OpenLDAP for providing standards-based access to centralized data
More informationNetworkingPS Federated Identity Solution Solutions Overview
NetworkingPS Federated Identity Solution Solutions Overview OVERVIEW As the global marketplace continues to expand, new and innovating ways of conducting business are becoming a necessity in order for
More informationEnabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1
Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1 Agenda Introduction PAGE 2 Organization Speakers Security Spectrum Information Security Spectrum Oracle Identity Management
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationIBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide
IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices
More informationAn Oracle White Paper Dec 2013. Oracle Access Management Security Token Service
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
More informationSecure the Web: OpenSSO
Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based
More informationAPI-Security Gateway Dirk Krafzig
API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing
More informationRequirement Priority Name Requirement Text Response Comment
N-Tiered Architecture Accessibility Application architecture shall consist of a minimum of four tiers: proxy, presentation, application, and data [base]. Each of the fours tiers shall be separated with
More informationWeb Express Logon Reference
IBM WebSphere Host On-Demand Version 10 Web Express Logon Reference SC31-6377-01 IBM WebSphere Host On-Demand Version 10 Web Express Logon Reference SC31-6377-01 Note Before using this information and
More informationSiteminder Integration Guide
Integrating Siteminder with SA SA - Siteminder Integration Guide Abstract The Junos Pulse Secure Access (SA) platform supports the Netegrity Siteminder authentication and authorization server along with
More informationIdentity Management: The authentic & authoritative guide for the modern enterprise
Identity Management: The authentic & authoritative guide for the modern enterprise Ellen Newlands, Product Manager Dmitri Pal, Director, Engineering 06-26-15 Goals of the Presentation Introduce Identity
More informationOracle Access Manager. An Oracle White Paper
Oracle Access Manager An Oracle White Paper NOTE: The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any
More informationOracle Identity Analytics Architecture. An Oracle White Paper July 2010
Oracle Identity Analytics Architecture An Oracle White Paper July 2010 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may
More informationSAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationWindows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation
Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication
More informationQ&A Session for Understanding Atrium SSO Date: Thursday, February 14, 2013, 8:00am Pacific
Q: Is the challenge required or can pass through authentication be used with regard to automatic login after you login to your corporate domain? A: You can configure the system to pass on the challenge
More informationAPIs The Next Hacker Target Or a Business and Security Opportunity?
APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone
More informationTowards an Open Identity Infrastructure with OpenSSO. RMLL Nantes July 10 2009. Fulup Ar Foll Master Architect fulup@sun.com
Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll Master Architect fulup@sun.com 1 Towards an Open Identity Infrastructure with OpenSSO OpenSSO Overview > Integration
More informationCisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief
Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents
More informationSoftware Requirement Specification Web Services Security
Software Requirement Specification Web Services Security Federation Manager 7.5 Version 0.3 (Draft) Please send comments to: dev@opensso.dev.java.net This document is subject to the following license:
More informationTrustedX - PKI Authentication. Whitepaper
TrustedX - PKI Authentication Whitepaper CONTENTS Introduction... 3 1... 4 Use Scenarios... 5 Operation... 5 Architecture and Integration... 6 SAML and OAuth 7 RESTful Web Services 8 Monitoring and Auditing...
More informationDirectory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.
Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta
More informationGuide to SASL, GSSAPI & Kerberos v.6.0
SYMLABS VIRTUAL DIRECTORY SERVER Guide to SASL, GSSAPI & Kerberos v.6.0 Copyright 2011 www.symlabs.com Chapter 1 Introduction Symlabs has added support for the GSSAPI 1 authentication mechanism, which
More informationWebLogic Server 7.0 Single Sign-On: An Overview
WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationJOHN KNEILING APRIL 3-5, 2006 APRIL 6-7, 2006 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS JOHN KNEILING CREATING XML AND WEB SERVICES SOLUTIONS SECURING THE WEB SERVICES ENVIRONMENT APRIL 3-5, 2006 APRIL 6-7, 2006 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME
More informationMicrosoft Solutions for Security and Compliance Microsoft Identity and Access Management Series
Microsoft Solutions for Security and Compliance Microsoft Identity and Access Management Series Developing Identity-Aware ASP.NET Applications 2006 Microsoft Corporation. This work is licensed under the
More informationSession Service Architecture
Session Service Architecture Open Web Single Sign-On Version 1.0 Please send comments to: opensso@sun.com Author Alan Chu (alan.chu@sun.com) Session Service Architecture, Version 1.0 This document is subject
More informationSamsung KNOX EMM Authentication Services. SDK Quick Start Guide
Samsung KNOX EMM Authentication Services SDK Quick Start Guide June 2014 Legal notice This document and the software described in this document are furnished under and are subject to the terms of a license
More informationAccess Management Analysis of some available solutions
Access Management Analysis of some available solutions Enterprise Security & Risk Management May 2015 Authors: Yogesh Kumar Sharma, Kinshuk De, Dr. Sundeep Oberoi Access Management - Analysis of some available
More informationWeb Applications Access Control Single Sign On
Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,
More informationCrawl Proxy Installation and Configuration Guide
Crawl Proxy Installation and Configuration Guide Google Enterprise EMEA Google Search Appliance is able to natively crawl secure content coming from multiple sources using for instance the following main
More informationOracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010
Oracle Platform Security Services & Authorization Policy Manager Vinay Shukla July 2010 The following is intended to outline our general product direction. It is intended for information purposes only,
More informationCA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam
CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam (CAT-140) Version 1.4 - PROPRIETARY AND CONFIDENTIAL INFORMATION - These educational materials (hereinafter referred to as
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationIntegrating Hitachi ID Suite with WebSSO Systems
Integrating Hitachi ID Suite with WebSSO Systems 2015 Hitachi ID Systems, Inc. All rights reserved. Web single sign-on (WebSSO) systems are a widely deployed technology for managing user authentication
More informationFederated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.
PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading
More informationImprove your mobile application security with IBM Worklight
Improve your mobile application security with IBM Worklight Contents 1 Introduction 2 IBM Worklight overview 4 Enabling mobile security with IBM Worklight 6 Integrating IBM Worklight with enterprise security
More informationCentrify Mobile Authentication Services
Centrify Mobile Authentication Services SDK Quick Start Guide 7 November 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject
More informationSeptember 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence
September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple
More informationSecurity solutions Executive brief. Understand the varieties and business value of single sign-on.
Security solutions Executive brief Understand the varieties and business value of single sign-on. August 2005 2 Contents 2 Executive overview 2 SSO delivers multiple business benefits 3 IBM helps companies
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationControlling Web Access with BMC Web Access Manager WHITE PAPER
Controlling Web Access with BMC Web Access Manager WHITE PAPER Table of Contents Executive Summary...2 The BMC Identity and Access Management Approach...3 BMC Enforcement Agent Deployment Flexibility...3
More informationActive Directory Compatibility with ExtremeZ-IP
Active Directory Compatibility with ExtremeZ-IP A Technical Best Practices White Paper Group Logic White Paper October 2010 About This Document The purpose of this technical paper is to discuss how ExtremeZ-IP
More informationSession Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo
Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple how-to whitepapers will
More informationBlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide
BlackBerry Enterprise Service 10 Version: 10.2 Configuration Guide Published: 2015-02-27 SWD-20150227164548686 Contents 1 Introduction...7 About this guide...8 What is BlackBerry Enterprise Service 10?...9
More informationCA SiteMinder. Implementation Guide. r12.0 SP2
CA SiteMinder Implementation Guide r12.0 SP2 This documentation and any related computer software help programs (hereinafter referred to as the "Documentation") are for your informational purposes only
More informationCross-domain Identity Management System for Cloud Environment
Cross-domain Identity Management System for Cloud Environment P R E S E N T E D B Y: N A Z I A A K H TA R A I S H A S A J I D M. S O H A I B FA R O O Q I T E A M L E A D : U M M E - H A B I B A T H E S
More informationArchitectural Overview
Architectural Overview Version 7 Part Number 817-2167-10 March 2003 A Sun ONE Application Server 7 deployment consists of a number of application server instances, an administrative server and, optionally,
More informationEnabling Single Signon with IBM Cognos ReportNet and SAP Enterprise Portal
Guideline Enabling Single Signon with IBM Cognos ReportNet and SAP Enterprise Portal Product(s): IBM Cognos ReportNet Area of Interest: Security 2 Copyright Copyright 2008 Cognos ULC (formerly Cognos Incorporated).
More informationCentrify Mobile Authentication Services for Samsung KNOX
Centrify Mobile Authentication Services for Samsung KNOX SDK Quick Start Guide 3 October 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under
More informationConfiguring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite. Abstract
Configuring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite Abstract This white paper outlines the deployment and configuration of a Single Sign-On solution for EMC Documentum
More informationSecuring Data in Oracle Database 12c
Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationCross-Realm Trust Interoperability, MIT Kerberos and AD
Cross-Realm Trust Interoperability, MIT Kerberos and AD Dmitri Pal Sr. Engineering Manager Red Hat Inc. 10/27/2010 1 INTERNAL ONLY PRESENTER NAME What is our focus? Traditional view on Kerberos interoperability
More informationMac OS X Directory Services
Mac OS X Directory Services Agenda Open Directory Mac OS X client access Directory services in Mac OS X Server Redundancy and replication Mac OS X access to other directory services Active Directory support
More informationEnabling the Information Age
Enabling the Information Age Web Application Server 4.0 Agenda Architecture Overview Features 2 1 (OAS) 4.0 Strategy Provide High Enterprise Quality of Service Scalable: Multithreaded, Distributed Server
More informationHOL9449 Access Management: Secure web, mobile and cloud access
HOL9449 Access Management: Secure web, mobile and cloud access Kanishk Mahajan Principal Product Manager, Oracle September, 2014 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationConfiguration Guide BES12. Version 12.2
Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining
More informationWhat Is the Java TM 2 Platform, Enterprise Edition?
Page 1 de 9 What Is the Java TM 2 Platform, Enterprise Edition? This document provides an introduction to the features and benefits of the Java 2 platform, Enterprise Edition. Overview Enterprises today
More informationIBM WebSphere Application Server
IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application
More informationAn Oracle White Paper December 2013. Access Manager for Oracle Access Management 11gR2 PS2
An Oracle White Paper December 2013 Access Manager for Oracle Access Management 11gR2 PS2 Technical White Paper Access Manager for Oracle Access Management 11gR2 Introduction... 1 Access Manager Overview...
More informationImplementation Guide SAP NetWeaver Identity Management Identity Provider
Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before
More informationPassword Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos
Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website:
More informationProtect Everything: Networks, Applications and Cloud Services
Protect Everything: Networks, Applications and Cloud Services Tokens & Users Cloud Applications Private Networks Corporate Network API LDAP / Active Directory SAML RADIUS Corporate Network LDAP / Active
More informationPASS4TEST 専 門 IT 認 証 試 験 問 題 集 提 供 者
PASS4TEST 専 門 IT 認 証 試 験 問 題 集 提 供 者 http://www.pass4test.jp 1 年 で 無 料 進 級 することに 提 供 する Exam : 000-003 Title : Fundamentals of Applying Tivoli Security and Compliance Management Solutions V2 Vendors :
More informationTIBCO Spotfire Platform IT Brief
Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily
More informationOpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way
OpenAM Written and tested with OpenAM Snapshot 9 the Single Sign-On (SSO) tool for securing your web applications in a fast and easy way Indira Thangasamy [ PUBLISHING 1 open source 1 community experience
More informationNovell Access Manager
Novell Access Manager Product Overview Kiran Mova Agenda Introduction Architecture IDP AG SSL VPN Administration Console How it works? Web SSO Federation SSO Protect HTTP Resources Protect non-http Resources
More informationExecutive Summary. What is Authentication, Authorization, and Accounting? Why should I perform Authentication, Authorization, and Accounting?
Executive Summary As the leader in Wide Area Application Delivery, Blue Coat products accelerate and secure applications within your WAN and across the Internet. Blue Coat provides a robust and flexible
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES
pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon
More informationMcAfee Cloud Identity Manager
SAML2 Cloud Connector Guide McAfee Cloud Identity Manager version 1.2 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,
More informationAVG Business SSO Connecting to Active Directory
AVG Business SSO Connecting to Active Directory Contents AVG Business SSO Connecting to Active Directory... 1 Selecting an identity repository and using Active Directory... 3 Installing Business SSO cloud
More informationConfiguring Single Sign-on for WebVPN
CHAPTER 8 This chapter presents example procedures for configuring SSO for WebVPN users. It includes the following sections: Using Single Sign-on with WebVPN, page 8-1 Configuring SSO Authentication Using
More informationEnabling Single Signon with IBM Cognos 8 BI MR1 and SAP Enterprise Portal
Guideline Enabling Single Signon with IBM Cognos 8 BI MR1 and SAP Enterprise Portal Product: IBM Cognos 8 BI Area of Interest: Security 2 Copyright Copyright 2008 Cognos ULC (formerly Cognos Incorporated).
More informationInteroperate in Cloud with Federation
Interoperate in Cloud with Federation - Leveraging federation standards can accelerate Cloud computing adoption by resolving vendor lock-in issues and facilitate On Demand business requirements Neha Mehrotra
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More informationOAuth Guide Release 6.0
[1]Oracle Communications Services Gatekeeper OAuth Guide Release 6.0 E50767-02 November 2015 Oracle Communications Services Gatekeeper OAuth Guide, Release 6.0 E50767-02 Copyright 2012, 2015, Oracle and/or
More informationHow To Protect Your Computer From Being Hacked On A J2Ee Application (J2Ee) On A Pc Or Macbook Or Macintosh (Jvee) On An Ipo (J 2Ee) (Jpe) On Pc Or
Pistoia_ch03.fm Page 55 Tuesday, January 6, 2004 1:56 PM CHAPTER3 Enterprise Java Security Fundamentals THE J2EE platform has achieved remarkable success in meeting enterprise needs, resulting in its widespread
More informationAxway Validation Authority Suite
Axway Validation Authority Suite PKI safeguards for secure applications Around the world, banks, healthcare organizations, governments, and defense agencies rely on public key infrastructures (PKIs) to
More informationPingFederate. SSO Integration Overview
PingFederate SSO Integration Overview 2006-2012 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 6.6 January, 2012 Ping Identity Corporation 1001 17th Street,
More informationCA SOA Security Manager
CA SOA Security Manager Implementation Guide r12.1 Second Edition This documentation and any related computer software help programs (hereinafter referred to as the "Documentation") are for your informational
More information