The Challenges of Web single sign-on



Similar documents
Securing WebFOCUS A Primer. Bob Hoffman Information Builders

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

The Role of Identity Enabled Web Services in Cloud Computing

IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>>

Tivoli Access Manager for e-business FP4 with Tivoli Federated Identity Manager FP2 Security Target

Get Success in Passing Your Certification Exam at first attempt!

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Leveraging SAML for Federated Single Sign-on:

The increasing popularity of mobile devices is rapidly changing how and where we

NCSU SSO. Case Study

Adding Stronger Authentication to your Portal and Cloud Apps

Flexible Identity Federation

Thru. Secure File Sync And Share - For The Enterprise

Single Sign On. SSO & ID Management for Web and Mobile Applications

> Please fill your survey to be eligible for a prize draw. Only contact info is required for prize draw Survey portion is optional

Securing the Cloud through Comprehensive Identity Management Solution

Perceptive Experience Single Sign-On Solutions

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

Federated Identity and Single Sign-On using CA API Gateway

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Federated Identity for Cloud Computing and Cross-organization Collaboration

Single Sign-on (SSO) technologies for the Domino Web Server

OPENIAM ACCESS MANAGER. Web Access Management made Easy

SAML-Based SSO Solution

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps

Access Management Analysis of some available solutions

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

IBM Tivoli Federated Identity Manager

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

Enable Your Applications for CAC and PIV Smart Cards

SEC 07 : L IAM : Comment accorder sécurité et productivité?

Interoperate in Cloud with Federation

HP Software as a Service

TrustedX - PKI Authentication. Whitepaper

IBM Security Systems Division

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Egnyte Single Sign-On (SSO) Installation for OneLogin

An Overview of Samsung KNOX Active Directory and Group Policy Features

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

Azure Active Directory

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

Security as Architecture A fine grained multi-tiered containment strategy

nexus Hybrid Access Gateway

SAML and OAUTH Technologies WebSphere Application Server

Agenda. How to configure

Safewhere*Identify 3.4. Release Notes

Building Secure Applications. James Tedrick

The Top 5 Federated Single Sign-On Scenarios

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

managing SSO with shared credentials

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

White paper. Planning for SaaS Integration

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

Identity. Provide. ...to Office 365 & Beyond

JVA-122. Secure Java Web Development

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Secure Identity in Cloud Computing

API-Security Gateway Dirk Krafzig

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Configuring Salesforce

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Administering Jive Mobile Apps

IBM WebSphere Application Server

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009.

Thales ncipher modules. Version: 1.2. Date: 22 December Copyright 2009 ncipher Corporation Ltd. All rights reserved.

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

How To Use Salesforce Identity Features

PingFederate. SSO Integration Overview

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

Microsoft SharePoint Architectural Models

Cloud Authentication. Getting Started Guide. Version

Sun Infrastructure Solution for Network Identity Seamlessly extend secure access to your enterprise fast, with reduced deployment time and cost

Copyright: WhosOnLocation Limited

IT Exam Training online / Bootcamp

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Integrating the Google Search Appliance with WebSphere Portal and Lotus Web Content Management

Identity Federation Broker for Service Cloud

Connecting Users with Identity as a Service

How To Write An Architecture For An Bm Security Framework

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

USING FEDERATED AUTHENTICATION WITH M-FILES

OpenID Connect 1.0 for Enterprise

SINGLE & SAME SIGN-ON ASPECTS

Role of Multi-biometrics in Usable Multi- Factor Authentication

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

How To Manage A Plethora Of Identities In A Cloud System (Saas)

Ensuring the Security of Your Company s Data & Identities. a best practices guide

HP Software as a Service. Federated SSO Guide

Identity Implementation Guide

CA Single Sign-On Migration Guide

White Paper Converting Lotus Notes Applications to the Cloud Using the CIMtrek converter Product

Transcription:

Serge Vereecke Security Architect IBM Security Services serge_vereecke@be.ibm.com The Challenges of Web single sign-on GSE Event September 7, 2012

Agenda Single sign-on technology Why single sign-on Challenges of single sign-on Technology journey of SSO SSO use case Lessons learned Summary

Single sign-on technologies Single sign-on Goal of SSO Technology failed to live up to consumer expectations

Single sign-on technologies Terminology & synonyms Definition & properties

Single sign-on : user perspective BEFORE Access Manager Security Services AFTER Unified policy SSingle user registry Centralized audit and other J2EE Figure 1. Unified, Policy-Based Security for the Web 5

Single sign-on : IT perspective 6

Single sign-on technologies Classes of SSO

Technology shifts Technology shift impact on SSO

SSO Technology journey Kerberos technology

SSO Technology journey Web access management technology

SSO Technology journey Federated Identity technology

Scenario: Provide Federated SSO to employees and customers, using internal and partner applications Customers Existing Web Access Management Solution Employee Portal Travel Services Provider 401K Federated Identity Management (e.g. TAMeb) Portal Server Customer Portal Billing Processing We all use this everyday! Tax/Salary information Education Financial/401K/Benefits Travel Bookings Regional Insurance Providers

SSO Technology journey Web services technology

SSO Technology journey Policy 1. Get Token Security Token Service Policy Security Token Claims Requestor 3. Validate Token Claims Security Token 2. Send Message (including token) Provider Policy Security Token Claims Identity Federation and Web Services requires trust This trust is based on agreements between partners & expressed as policies Trust can be enabled by technology Trust requirements expressed as infrastructure policies and requirements Security tokens include identity information; Cryptographic keys used to sign Security Tokens Technology needs to be standards based Standard ways to express and exchange policies that reflect trust relationships Agreed token format, information content, signing and encryption methods

SSO Technology journey User centric identity technology

OAuth What is it? User wants to share information (Resource Owner) OAuth Service Provider Provides Access based on Resource Owner s authorization User wants to access information (Consumer or Client) Delegated Authorization for enabling the sharing of information

OAuth What is it? Delegated Authorization for enabling the sharing of information

SSO Technology journey

Customer example: Securing access and SSO to banking applications

Customer example: Securing access and SSO to banking applications

Customer example: Securing access and SSO to banking applications

Customer example: Securing access and SSO to banking applications TAMeB WebSEAL server Proof of server identity User identity Credential Proof of server identity Credential WebSphere Application Server Web Authenticator Java Subject PDPrincipal Credential Build credential Forwarded request Credential Proof of server identity Credential PDPrincipal Java Subject ETAI Validate origin Return identity

Customer example: Securing access and SSO to banking applications Browser WebSEAL instance LRR application (SharePoint 2010) Request Need to Local Response Redirect to Local Response Redirect URL Http://websealhostname/lrr/ handler.aspx?tam_op=value?macro=value Request to Local Response Redirect URL Generate page Response

Customer example: Securing access and SSO to banking applications

SSO Architecture - TAI++ Web Application TAI++ Web Application User management system HTTP(S) TAM WebSEAL HTTP(S) EAI TFIM STS SharePoint 2010 Browser TMRP++ STS 25

SSO use case : lessons learned

Scenario: Securing access to SaaS and Services in Cloud SMB A FIM BG Enterprise B FIM BG SAML SAML Google Apps Partners/Consumers Merged Companies Application Providers Tivoli Federated Identity Manager Single Sign On to Salesforce.com CRM resources based on authentication to the enterprise directory only Access Salesforce.com CRM resources in context and based on web & email launch points (providing the user with seamless navigation across applications)

Summary

Questions?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information