GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK
|
|
- Fay MargaretMargaret Franklin
- 8 years ago
- Views:
Transcription
1 Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment Jyväskylä University Department of Computer Science and Information Systems Jyväskylä
2 TABLE OF CONTENTS 1 INTRODUCTION THE 'ORDINARY' SSO OVERVIEW OF THREE DIFFERENT SSO SYSTEMS Active Directory (AD) Google SSO Facebook SSO DISCUSSION REFERENCES... 16
3 3 1 INTRODUCTION In this study we have taken a brief look at what SSO (Single Sign-On) is and what it means. We have tried to explain the SSO as shortly and simply as possible. Besides making it clear what an 'ordinary' SSO is, we have compared three different SSO systems and studied how they differ from each other both technically and in principle. 2 THE 'ORDINARY' SSO According to Fleury et al (2006) Single sign-on (SSO) is the ability to allow multiple actions to take place on behalf of a user, without requiring multiple authentications by that user. In quite a same way Anchan and Pegah (2003) say that Single sign-on is a mechanism whereby a single user-id and password pair will allow a user to access all authorized computer resources in a distributed, multiplatform computing environment, without the need for multiple authentication information. However, the most comprehensible definition for SSO can be found from the Wikipedia: Single sign-on (SSO) is a method of access control that enables a user to authenticate once and gain access to the resources of multiple software systems. (Wikipedia Single sign-on) In other words, the user gives his/her username and password only once and is able to access a few different services without repeating this action. A simple example of this could be for instance Google s services: once you sign in e.g. in Gmail, you are able to use other Google services like Google Calendar or Google Docs without having to signing on in them again. What is common to nearly all ordinary SSO services is that they consist of services brought by a single service provider. In our example above the service provider is Google. Before the SSO systems, the user had to sign in singly every service at a time. Figure 1 illustrates this situation that is, user using few services with no SSO system available.
4 4 Figure 1: Using few services with no SSO system available. (Source: The Open Group) As seen in Figure 1, the User has both the Primary and Secondary Domain Signons and Shells where the Domains can be seen as services brought by a single service provider. Each Domain has its own sign-on system and management information base that manages the user account. In order to use a service the user needs to sign in singly each service, even though they are connected to each other at least in principle via the producer. Using the ordinary SSO changes the case quite different.
5 5 Figure 2: The ordinary Single Sign-on. (Source: The Open Group) In this case, the services are under SSO system through which all the Secondary Domains are trusted fellow services with the Primary Domain. Now the user needs to sign in only once in order to use also all the other (secondary) services which one is able to access from the Primary Domain the user signs in first. Unlike seen in the Figure 1, there is only one User Account Manager that handles the user s account information on behalf of the Domains. 3 OVERVIEW OF THREE DIFFERENT SSO SYSTEMS In this chapter we compare three different SSO systems with each other and try to open up them for the reader. The chosen SSOs are Microsoft s Active Directory (AD), Google SSO and naturally Facebook SSO. When selecting the SSOs for this assignment, we tried to choose three systems that differ from each other, still being essential and good to know.
6 6 3.1 Active Directory (AD) Active Directory (AD) is an implementation of Lightweight Directory Access Protocol (LDAP) directory services by Microsoft that manages information about users and their resources, and allows users to access and manipulate this information. By using Active Directory, operators can manage all elements of their networks, including computers, groups, users, security policies etc. across a domain. In addition, multiple domains can be managed simultaneously. Domains may have trust for each other meaning that domains may share authentication information (user authenticated to domain A will automatically be authenticated to domain B). (Microsoft 2008; Wikipedia 2008 Active Directory) Active Directory holds information about the objects in hierarchical tree model. Objects have three categories: resources, services and users. Each entity (for example a user) has its unique identifier (Distinguished Name (DN)) and attributes, for example first name, last name and password. Attributes are defined in schemas, where attribute syntax is also presented. For example, attribute might require a value -character. Figure 3 illustrates a single user object in Active Directory. (Wikipedia 2008 Active Directory; Dulaney et al. 1999)
7 7 Figure 3: User properties in Active Directory AD is common in large computer networks where ability to manage different users and resources effectively is needed; for example, Jyväskylä University s (JYU) network is operated using Active Directory. Signing in to JYU s domain can be seen as a single sign-on function client communicates with Active Directory in order to gain access to applications/services/resources on the network. Procedure follows this pattern:
8 8 Figure 4 - Kerberos authentication (Microsoft 2008) The figure presents how Windows uses Kerberos authentication protocol as primary method for authenticating users. Authentication is based on tickets; ticket is a validation to use network resources. When user logs on to a domain client s logon credentials are sent to Kerberos authentication service (KDC in this case), which checks their validity from Active Directory. If whole authentication process succeeds, KDC gives client a session ticket that tells which services/resources user can access. Each application server then verifies that all accessing users have a valid session ticket. If application server needs to contact another application server, it can use this ticket to impersonate client and that way access other service. This can only happen, if trust exists in network within domains. (Microsoft 2008; Dulaney et al. 1999) However, this SSO method is problematic as not all services can be easily mapped to Active Directory. Some applications might offer web-based authentication (like Korppi does) and therefore users need to continue logging in to different applications, as there was no SSO present. In summary, Active Directory is a good way to simplify network management in terms of restrictions and policies, but does not offer easy way to make a true SSO system where a single login would be enough for everything.
9 9 3.2 Google SSO Google SSO system uses SAML (Security Assertion Markup Language) technique, which is a XML standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions) (Wikipedia Security Assertion Markup Language). The Google SSO is a good example of a SSO system, where there is only one service provider who does not have to worry about the trust issues between the primary domain and the secondary domains, that is, the external service/application providers. In this case, the SSO system uses identity provider services to check whether the user is granted the access to the service he/she has requested or not. The basic functioning of the Google SSO system is explained in the Figure 5 below.
10 10 Figure 5: Logging in to Google Apps using SAML (Source: Google Single Sign-On (SSO) Service for Google Apps) 1. The user requests to get an access to a hosted Google application (Gmail, Google Calendar, Google Docs...) 2. Google generates a SAML authentication request, which is embedded into the URL for the partner s SSO service. There is also the URL of the Google service embedded in the SSO URL. 3. Google redirects the user s browser to the partner. The redirected URL includes the SAML authentication request. 4. The URL reaches the partner that decodes the SAML request and extracts the URL for both the Google s authentication service (ACS, Assertion Consumer Service) and the user s destination URL. The partner
11 11 authenticates the user by either requesting the user for valid username and password or by checking for valid session cookies. 5. The partner generates a SAML response that includes the authenticated username. 6. The partner encodes the SAML response and returns it to the user s browser that forwards the information to Google s authentication service. 7. Google ACS verifies the SAML response. If the response is successfully verifies, authentication service redirects the user to the destination URL, he/she originally requested. 8. The user has been redirected to the destination URL and is logged in to the Google s application (or Google Applications). According to Google they are providing extremely reliable safekeeping for their customers to ensure the most secure, reliable, and private environment for your data (Google Welcome to Google Apps). Since Google has tens of millions of customers, both individuals and companies, it is easy to believe that the security is and will be quite a big issue in their service planning and implementation. In brief, Google divides its security roughly under three subtitles: Physical security, Threat identification and management and Safe access. The last-mentioned, safe access includes among others a mention about the protection during the transmission of data on the wire, so that confidential data is not intercepted on the network (Google Welcome to Google Apps). In general SAML-based SSO systems are considered highly secure. When it comes down to single sign-on systems, SAML is a prevalent standard used popularly in many companies. The OASIS (Organization for the Advancement of Structured Information Standards) Security Services Technical Committee, which has created SAML, has taken extensively into account different kinds of security and privacy threats and when used properly, SAML provides a workable and secure technique to build up SSO systems for web applications. 3.3 Facebook SSO The initial Facebook Platform API was released on August 2006, and since, developers around the globe have been able to build applications for Facebook. Official release of Facebook Platform on May 2007 also opened up the site itself,
12 12 giving developers stronger distribution models and access to all the integration points Facebook uses to build applications. According to Facebook itself, Facebook Platform has unlocked an access to its core value: the social graph. (Facebook Facebook Developers High-Level Specification) "The Facebook Platform is a standards-based Web service with methods for accessing and contributing Facebook data." In addition to the Interface (API), these methods include FBML (Facebook Markup Language), FQL (Facebook Query Language) and FBJS (Facebook JavaScript). Facebook API uses a RESTlike interface, which means that every Facebook method call is made over the Internet by sending HTTP GET or POST requests to the Facebook API REST server. With the API, developers can add social context to the applications by utilizing social data like profile, friend, photo and event data. (Facebook API - Facebook Developers Wiki) FBML is a subset of HTML, which enables a developer to gain access to many of the integration points Facebook has to offer. An example flow for how the HTML for a web app canvas is rendered is illustrated in Figure 6. Application server, which has to take care of all the business logic, calls the APIs on Facebook and produces FBML as a result, which is then presented to the user. (Facebook Random questions - Facebook Developers Wiki)
13 13 Figure 6 - An example flow on Facebook architecture (Facebook Facebook Developers High-Level Specification) Furthermore, Facebook uses a certain API key system to authenticate applications that make requests to the Facebook API server. Authentication process is illustrated in the following two figures: Figure 7 - External Facebook web application authentication process In order for a Facebook API client to use the API, the user of the client application must be logged in to Facebook. To ensure this, (1) users are redirected to a Facebook login page, which will prompt the user to log in if
14 14 necessary. An API key, which is uniquely assigned to the vendor, is passed along with every request. API key identifies, among other things, that the source IP for the call is acceptable. (2) Upon successful authentication, if the user has never logged in to this application before, he/she will be asked to accept the terms of service for using the application. (3) Finally, for web-based applications, the user is redirected to URL defined by the developer along with an auth_token parameter. Figure 8 - External Facebook web application session establishment The application then exchanges this token for a session key via the facebook.auth.getsession() method. This session key is then used when making request calls to the Facebook API. We presume, that users are allowed to access their Facebook applications through Facebook in a similar manner by opening sessions to applications they have joined before. There is very limited amount of information about this procedure and therefore we cannot describe this process any more specifically. 4 DISCUSSION In our essay we began by explaining what SSO is and the basic idea behind it. After that we proceeded by presenting three different SSO systems: AD, Google SSO and Facebook SSO, and gave a brief overview of principles and techniques behind them. To summarize the benefits of SSO system we can conclude that SSO is very important to the user because then users do not have to sign in singly every service they need, and they only need one pair of login credentials to access all their services. This reduces the number of authentication problems related to forgotten passwords and therefore enhances the security by reducing number of login credentials users need if the amount of accounts would grow too big, users would have to write their login information down in order to remember all of them. By using SSO, operators can more easily restrict services user may access and therefore make the system more secure. Application developers also
15 15 benefit from SSO systems, as they do not have to think about security and authentication in their applications. This is very important in Facebook, as users are allowed to make their own applications and integrate them to Facebook by using Facebook SSO. (The Open Group 2008; Huntington Ventures Ltd 2006) Still, SSO does not come without any problems; traditional single sign-on systems are under high load as all traffic to system goes through them. This requires fault tolerant signing systems to prevent authentication problems if one of the authentication services goes down. From the three different SSOs we studied in this research, the AD system is designed for more local computer systems whereas Google SSO and Facebook SSO are clearly developed for distributed web services. Furthermore the AD system requires substantially more administration and control as access to use one must be requested and granted. Added to this the AD system is intended for more administrative tasks, unlike the other two systems. In principle, the main difference between Google SSO and Facebook SSO is that Facebook does not use a third party as an identity provider like Google does. Another difference is that Google provides only applications developed by itself, whereas Facebook also provides applications developed by its users. This means that Facebook needs to handle lots of trust issues considering cooperation between Facebook, application developers and the users, which must also have been a big affair to take into consideration while designing their SSO. From technical point of view, Google and Facebook differ in the way their platforms work: unlike Google, Facebook uses a REST-like interface. Google SSO system uses SAML technique, which is a XML standard for exchanging authentication and authorization data between security domains. Facebook uses a certain key-token authentication system through its REST-like interface, which allows external applications to gain access to Facebook API and thus making signing on singly possible for the users. For further research we recommend study on e.g. subjects privacy and data security within SSO systems and more specific knowledge about the functioning of authority and authentication in different SSO systems.
16 16 REFERENCES Anchan, D. & Pegah, M Regaining single sign-on taming the beast. In Proceedings of the 31st Annual ACM SIGUCCS Conference on User Services (San Antonio, TX, USA, September 21-24, 2003). SIGUCCS '03. ACM, New York, NY, Dulaney, E., Sankar, V. & Sankar, S Active Directory: An Overview [online]. 29th Street Press [refered ]. Available in the wwwaddress < Facebook API - Facebook Developers Wiki [online]. Facebook [refered ]. Available in the www-address < Facebook Facebook Developers High-Level Specification [online]. Facebook [refered ]. Available in the www-address < Facebook Random questions - Facebook Developers Wiki [online]. Facebook [refered ]. Available in the www-address < Fleury, T., Basney, J., & Welch, V Single sign-on for java web start applications using myproxy. In Proceedings of the 3rd ACM Workshop on Secure Web Services (Alexandria, Virginia, USA, November 03-03, 2006). SWS '06. ACM, New York, NY, Google SAML Single Sign-On (SSO) Service for Google Apps [online]. Google [refered ]. Available in the www-address < n.html>. Google Welcome to Google Apps [online]. Google [refered ]. Available in the www-address < Huntington Ventures Ltd Single Sign On Authentication [online]. Huntington Ventures Ltd [refered ]. Available in the www-
17 17 address < Authentication/>. Microsoft Windows 2000 Security Technical Overview [online]. Microsoft [refered ]. Available in the www-address < The Open Group Introduction to Single Sign-On [online]. The Open Group [refered ]. Available in the www-address < Wikipedia Active Directory [online]. Wikipedia [refered ]. Available in the www-address < Wikipedia Security Assertion Markup Language [online]. Wikipedia [refered ]. Available in the www-address < Wikipedia Single sign-on [online]. Wikipedia [refered ]. Available in the www-address <
SAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationLeveraging SAML for Federated Single Sign-on:
Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationArchitecture Guidelines Application Security
Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationEnabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management
More informationGetting Started with AD/LDAP SSO
Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationAllidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
More informationSingle Sign-on (SSO) technologies for the Domino Web Server
Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145
More informationComputer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt
Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationHP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationINUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE
INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user
More informationPassword Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos
Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website:
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More informationA Standards-based Mobile Application IdM Architecture
A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationIT@Intel. Improving Security and Productivity through Federation and Single Sign-on
White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing
More informationGoogle Apps Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationCisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief
Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents
More informationWeb Applications Access Control Single Sign On
Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationDeploying RSA ClearTrust with the FirePass controller
Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationResearch and Implementation of Single Sign-On Mechanism for ASP Pattern *
Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Bo Li, Sheng Ge, Tian-yu Wo, and Dian-fu Ma Computer Institute, BeiHang University, PO Box 9-32 Beijing 100083 Abstract Software
More informationIT Exam Training online / Bootcamp
DumpCollection IT Exam Training online / Bootcamp http://www.dumpcollection.com PDF and Testing Engine, study and practice Exam : 70-534 Title : Architecting Microsoft Azure Solutions Vendor : Microsoft
More informationSafewhere*Identify 3.4. Release Notes
Safewhere*Identify 3.4 Release Notes Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations.
More informationSOA, case Google. Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901.
Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901 SOA, case Google Written by: Sampo Syrjäläinen, 0337918 Jukka Hilvonen, 0337840 1 Contents 1.
More informationELM Manages Identities of 4 Million Government Program Users with. Identity Server
ELM Manages Identities of 4 Million Government Program Users with Identity Server ELM Implements Single Sign-on With WSO2 Identity Server to Streamline Administration, Improve Productivity, and Reduce
More informationSecure the Web: OpenSSO
Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based
More informationHow To Use Saml 2.0 Single Sign On With Qualysguard
QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,
More informationPROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN
PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationGateway Apps - Security Summary SECURITY SUMMARY
Gateway Apps - Security Summary SECURITY SUMMARY 27/02/2015 Document Status Title Harmony Security summary Author(s) Yabing Li Version V1.0 Status draft Change Record Date Author Version Change reference
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationArchitecture of Enterprise Applications III Single Sign-On
Architecture of Enterprise Applications III Single Sign-On Haopeng Chen REliable, INtelligent and Scalable Systems Group (REINS) Shanghai Jiao Tong University Shanghai, China e-mail: chen-hp@sjtu.edu.cn
More informationWebLogic Server 7.0 Single Sign-On: An Overview
WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of
More informationQR-SSO : Towards a QR-Code based Single Sign-On system
QR-SSO : Towards a QR-Code based Single Sign-On system Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David Argles School
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationHow To Use Netscaler As An Afs Proxy
Deployment Guide Guide to Deploying NetScaler as an Active Directory Federation Services Proxy Enabling seamless authentication for Office 365 use cases Table of Contents Introduction 3 ADFS proxy deployment
More informationCA Nimsoft Service Desk
CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationSCAS: AN IMPROVED SINGLE SIGN-ON MODEL BASE ON CAS
SCAS: AN IMPROVED SINGLE SIGN-ON MODEL BASE ON CAS 1,2 XIANG LIYUN, 1 FANG ZHIYI, 1 SUN HONGYU 1 College of Computer Science and Technology, Jilin University, Changchun, China 2 Department of Computer
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationIceWarp Server - SSO (Single Sign-On)
IceWarp Server - SSO (Single Sign-On) Probably the most difficult task for me is to explain the new SSO feature of IceWarp Server. The reason for this is that I have only little knowledge about it and
More informationDigital Identity Management
Digital Identity Management Roohul Halim Syed Atif Shaharyar Email: {rooha433, syesh740}@student.liu.se Supervisor: Anna Vapen, {annva@ida.liu.se} Project Report for Information Security Course Linköpings
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationSAM Context-Based Authentication Using Juniper SA Integration Guide
SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete
More informationAn Identity Management Survey. on Cloud Computing
Int. Journal of Computing and Optimization, Vol. 1, 2014, no. 2, 63-71 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ijco.2014.458 An Identity Management Survey on Cloud Computing Ardi BENUSI
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationAn Anti-Phishing mechanism for Single Sign-On based on QR-Code
An Anti-Phishing mechanism for Single Sign-On based on QR-Code Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David
More informationSTUDY ON IMPROVING WEB SECURITY USING SAML TOKEN
STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN 1 Venkadesh.M M.tech, Dr.A.Chandra Sekar M.E., Ph.d MISTE 2 1 ResearchScholar, Bharath University, Chennai 73, India. venkadeshkumaresan@yahoo.co.in 2 Professor-CSC
More informationUSING FEDERATED AUTHENTICATION WITH M-FILES
M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication
More informationSalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy
SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House
More informationSecurity Assertion Markup Language (SAML) Site Manager Setup
Security Assertion Markup Language (SAML) Site Manager Setup Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and
More informationOpenLDAP Oracle Enterprise Gateway Integration Guide
An Oracle White Paper June 2011 OpenLDAP Oracle Enterprise Gateway Integration Guide 1 / 29 Disclaimer The following is intended to outline our general product direction. It is intended for information
More informationFTP-Stream Integrating Active Directory Federation Services
FTP-Stream Integrating Active Directory Federation Services 1 Overview Active Directory Federation Services (ADFS) is a standards-based service that allows the secure sharing of identity information between
More informationPrepared by Enea S.Teresa (Italy) Version 1.0 2006-October 24
Mersea Information System: an Authentication and Authorization System to access distributed oceanographic data. Prepared by Enea S.Teresa (Italy) Version 1.0 2006-October 24 Revision History Date Version
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationConfiguring Single Sign-on for WebVPN
CHAPTER 8 This chapter presents example procedures for configuring SSO for WebVPN users. It includes the following sections: Using Single Sign-on with WebVPN, page 8-1 Configuring SSO Authentication Using
More informationIVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0
International Virtual Observatory Alliance IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 IVOA Proposed Recommendation 20151029 Working group http://www.ivoa.net/twiki/bin/view/ivoa/ivoagridandwebservices
More informationGetting Started with Clearlogin A Guide for Administrators V1.01
Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality
More informationSecuring access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001
Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance
More informationTwo SSO Architectures with a Single Set of Credentials
Two SSO Architectures with a Single Set of Credentials Abstract Single sign-on (SSO) is a widely used mechanism that uses a single action of authentication and authority to permit an authorized user to
More informationUser-ID Best Practices
User-ID Best Practices PAN-OS 5.0, 5.1, 6.0 Revision A 2011, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents PAN-OS User-ID Functions... 3 User / Group Enumeration... 3 Using LDAP Servers
More informationMicrosoft Office 365 Using SAML Integration Guide
Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
More informationAn Oracle White Paper Dec 2013. Oracle Access Management Security Token Service
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
More informationFlexible Identity Federation
Flexible Identity Federation Administration guide version 1.0.1 Publication history Date Description Revision 2015.09.24 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationOpenLogin: PTA, SAML, and OAuth/OpenID
OpenLogin: PTA, SAML, and OAuth/OpenID Ernie Turner Chris Fellows RightNow Technologies, Inc. Why should you care about these features? Why should you care about these features? Because users hate creating
More informationMobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com
Mobile Identity and Edge Security Forum Sentry Security Gateway Jason Macy CTO, Forum Systems jmacy@forumsys.com Evolution Evolution of Enterprise Identities Cloud Computing Iaas Infrastructure as a Service
More informationAuthentication and Single Sign On
Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication
More informationConfiguring Sponsor Authentication
CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five
More informationSAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT. How to Create a Frictionless, Secure Customer Identity Management Strategy
SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT How to Create a Frictionless, Secure Customer Identity Management Strategy PART 1: WHAT IS SAML? SAML in Context Security Assertion Markup Language
More informationCloud Computing. Chapter 5 Identity as a Service (IDaaS)
Cloud Computing Chapter 5 Identity as a Service (IDaaS) Learning Objectives Describe challenges related to ID management. Describe and discuss single sign-on (SSO) capabilities. List the advantages of
More informationLeverage Active Directory with Kerberos to Eliminate HTTP Password
Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website: www.pistolstar.com
More informationEgnyte Single Sign-On (SSO) Installation for OneLogin
Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin
More informationServer based signature service. Overview
1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...
More informationWhite Paper March 1, 2005. Integrating AR System with Single Sign-On (SSO) authentication systems
White Paper March 1, 2005 Integrating AR System with Single Sign-On (SSO) authentication systems Copyright 2005 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service
More informationOneLogin Integration User Guide
OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...
More informationSpring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious
Spring Security 3 Secure your web applications against malicious intruders with this easy to follow practical guide Peter Mularien rpafktl Pen source cfb II nv.iv I I community experience distilled
More informationSingle Sign On for ShareFile with NetScaler. Deployment Guide
Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents
More informationSymplified I: Windows User Identity. Matthew McNew and Lex Hubbard
Symplified I: Windows User Identity Matthew McNew and Lex Hubbard Table of Contents Abstract 1 Introduction to the Project 2 Project Description 2 Requirements Specification 2 Functional Requirements 2
More informationAdministrator Guide. v 11
Administrator Guide JustSSO is a Single Sign On (SSO) solution specially developed to integrate Google Apps suite to your Directory Service. Product developed by Just Digital v 11 Index Overview... 3 Main
More informationOnly LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.
This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and
More informationA Data Synchronization based Single Sign-on Schema Supporting Heterogeneous Systems and Multi-Management Mode
A Data Synchronization based Single Sign-on Schema Supporting Heterogeneous Systems and Multi-Management Mode Haojiang Gao 1 Beijing Northking Technology Co.,Ltd Zhongguancun Haidian Science Park Postdoctoral
More informationIdentity Federation Management to make Operational and Business Efficiency through SSO
2012 International Conference on Industrial and Intelligent Information (ICIII 2012) IPCSIT vol.31 (2012) (2012) IACSIT Press, Singapore Identity Federation Management to make Operational and Business
More informationHow-to: Single Sign-On
How-to: Single Sign-On Document version: 1.02 nirva systems info@nirva-systems.com nirva-systems.com How-to: Single Sign-On - page 2 This document describes how to use the Single Sign-On (SSO) features
More informationSAP NetWeaver AS Java
Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is
More informationHow to Implement Enterprise SAML SSO
How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and
More informationSchoolBooking SSO Integration Guide
SchoolBooking SSO Integration Guide Before you start This guide has been written to help you configure SchoolBooking to operate with SSO (Single Sign on) Please treat this document as a reference guide,
More informationSAML SSO Configuration
SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting
More informationPingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0
Windows Live Cloud Identity Connector Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Windows Live Cloud Identity Connector User Guide Version 1.0 April, 2011 Ping Identity
More informationSAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationWeb Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.
Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On
More informationDualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.
DualShield Integration Guide Copyright 2011 Deepnet Security Limited Copyright 2011, Deepnet Security. All Rights Reserved. Page 1 Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID,
More information