About Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack



Similar documents
Egnyte Single Sign-On (SSO) Installation for OneLogin

Agenda. How to configure

Authentication Methods

SAML-Based SSO Solution

Getting Started with AD/LDAP SSO

Single Sign On. SSO & ID Management for Web and Mobile Applications

Authentication and Single Sign On

Configuring EPM System for SAML2-based Federation Services SSO

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER

Q&A Session for Understanding Atrium SSO Date: Thursday, February 14, 2013, 8:00am Pacific

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

Copyright: WhosOnLocation Limited

Securing Splunk with Single Sign On & SAML

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Authentication Integration

Security Assertion Markup Language (SAML) Site Manager Setup

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

How To Use Saml 2.0 Single Sign On With Qualysguard

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

SAML Security Option White Paper

SAML SSO Configuration

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

WebCenter Release notes

SAML-Based SSO Solution

Flexible Identity Federation

Using Shibboleth for Single Sign- On

Perceptive Experience Single Sign-On Solutions

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Advanced Configuration Administration Guide

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Using SAML for Single Sign-On in the SOA Software Platform

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo

CA Performance Center

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Configuration Worksheets for Oracle WebCenter Ensemble 10.3

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

BusinessObjects Enterprise XI Release 2

CA Nimsoft Service Desk

Deploying RSA ClearTrust with the FirePass controller

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

INTEGRATION GUIDE. DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

The increasing popularity of mobile devices is rapidly changing how and where we

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

HP Software as a Service. Federated SSO Guide

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

Single Sign On for ShareFile with NetScaler. Deployment Guide

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

Introductions. Christopher Cognetta Practice Manager Client Field Engineering Microsoft Dynamics CRM MVP

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Building Secure Applications. James Tedrick

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

Shibboleth Identity Provider (IdP) Sebastian Rieger

Configuring. Moodle. Chapter 82

USING FEDERATED AUTHENTICATION WITH M-FILES

Configuring Parature Self-Service Portal

Configuring User Identification via Active Directory

File Share Navigator Online 1

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Secure the Web: OpenSSO

Google Apps Deployment Guide

Active Directory Requirements and Setup

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

The saga of WebFTS and Federated Identity

SAP NetWeaver AS Java

Connected Data. Connected Data requirements for SSO

September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence

Copyright Pivotal Software Inc, of 10

NETASQ ACTIVE DIRECTORY INTEGRATION

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

How To Use Salesforce Identity Features

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter

User Management Tool 1.5

OneLogin Integration User Guide

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Alfresco Share SAML. 2. Assert user is an IDP user (solution for the Security concern mentioned in v1.0)

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

Integration of Shibboleth and (Web) Applications

Flexible Identity Federation

How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data

Opacus Outlook Addin v3.x User Guide

Operating Level Agreement for NYU Login Service

Microsoft Office 365 Using SAML Integration Guide

SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS

Transcription:

Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer since 2012 Author and maintainer of CloudMonkey Rides castorboards like a boss TM Loves to experiment with woodwinds such as Bansuri, Concert Flutes. Rusty beatboxing skills

About ShapeBlue ShapeBlue are expert builders of public & private clouds. They are the leading global Apache CloudStack integrator & consultancy and we re hiring!

Agenda CloudStack in your organization Authentication and Authorization in CloudStack SAML2 SSO Plugin for CloudStack Design and Implementation Assumptions and limitations Real world usage and example Demo and Q&A

CloudStack in your organization CloudStack provides notion of accounts, users (aliases to an account), domains and roles Organization creates and maps users in their user directory services either manually or using LDAP plugin to import users or some custom automation scripts Organization may create their own UI/business layer and integrate on unauthenticated port 8096 (default integration port) Bypass or proxied authentication using single pre- shared key

Authentication & Authorization in CloudStack Authentication: you are what you say you are Authorization: you can do what you re trying to do Existing authentication methods: CloudStack own cookie based authentication Signature/HMAC based authentication (apikey/secretkey) Single pre- shared key based authentication Authentication bypass on integration port (default: 8096) Static Role based Authorization: Admin, Resource Admin, Domain Admin, User. Statically set in command.properties file

Single Sign On in your Organization SSO is widely used in many small to large organizations Typical user management using a directory service such as LDAP or Microsoft AD Common use- case: Authentication using SAML Identity Provider server backed by LDAP/AD SAML server provider means to authentication (protocol) and LDAP/AD providers means to user/group management (identity)

SAML Concepts Service Provider: Your application that communicates with IdP in order to obtain information about the user it interacts with Identity Provider: Entity that knows how to authenticate users and provide information about their identify to service providers or relaying parties Agent: User or the browser Metadata: XML describing IdP or SP used to establish federation Bindings: Mechanism used to delivery SAML messages such as HTTP- POST, HTTP- Redirect etc.

How SAML works?

CloudStack SAML2 Plugin SSO Process Admin imports or adds user. Enables SAML SSO for a user account against a specific IdP server. User visits CloudStack login page, selects a IdP server from the dropdown (or local login, in case of CloudStack s own username/ password based login) User is taken to the IdP login page, on successful authentication browser is redirected to CloudStack CloudStack SAML2 plugin checks if the authenticated user exists in CloudStack for the IdP server and is allowed to proceed User is logged into CloudStack or is shown an error message

SAML2 SSO CloudStack Plugin features Support for multiple IdP servers and federated SSO Pre- authorization based workflow UI enhancements Supports both file and URL based metadata discovery Switching across multiple SAML enabled domain/accounts Tested and works with Shibboleth IdP server, Microsoft AD with SAML SSO, OneLogin, OpenFiede etc.

Assumptions and Limitations CloudStack s SAML2 SP Plugin requires pre- authorization i.e. user account need to be added (if they don t exist) and authorized to allow SAML based SSO, by an admin or domain admin, prior to SSO SSO is SP initiated, IdP provider cannot initiate SSO. This means users need to start the SSO process from CloudStack s screen

Configuring/Using CloudStack SAML2 Plugin Available with CloudStack 4.5.2+ Global settings (Demo) Configuring IdP server to allow CloudStack SP, using SP Metadata Both file and URL based

Real World Usage and Examples USP s CloudStack cloud uses SAML2 SSO Plugin CAFe federated SSO login tested Dev- test environments know to be running successfully against Microsoft ADFS Upcoming Brazilian universities to use federated SAML2 based SSO, CAFe compliant

Thank You Questions? www.shapeblue.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information