Single Sign On Integration Guide. Document version: 20.01.12



Similar documents
Getting Started with AD/LDAP SSO

PARTNER INTEGRATION GUIDE. Edition 1.0

Feide Integration Guide. Technical Requisites

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

OIOSAML Rich Client to Browser Scenario Version 1.0

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

HP Software as a Service

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

IBM WebSphere Application Server

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

SAML Security Option White Paper

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Egnyte Single Sign-On (SSO) Installation for OneLogin

HP Software as a Service. Federated SSO Guide

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

How To Use Saml 2.0 Single Sign On With Qualysguard

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Siebel CRM On Demand Single Sign-On. An Oracle White Paper December 2006

Authentication Methods

WebCenter Release notes

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

Logout Support on SP and Application

Configuring SAML2 for Single Sign On to Smartsheet (Enterprise Only)

CA SiteMinder. Federation Security Services Release Notes. r12.0 SP3

Configuring. Moodle. Chapter 82

Server based signature service. Overview

SAML Single-Sign-On (SSO)

Perceptive Experience Single Sign-On Solutions

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Configuring Salesforce

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

MONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY. ASR 2006/2007 Final Project. Supervisers: Maryline Maknavicius-Laurent, Guy Bernard

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

PHP Integration Kit. Version User Guide

Department Service Integration with e-pramaan

Implementation Guide SAP NetWeaver Identity Management Identity Provider

OpenLogin: PTA, SAML, and OAuth/OpenID

OSOR.eu eid/pki/esignature Community Workshop in Brussels, 13. November 2008 IT Architect Søren Peter Nielsen - spn@itst.dk

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

Using SAML for Single Sign-On in the SOA Software Platform

SAML Authentication Quick Start Guide

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

McAfee Cloud Identity Manager

Connected Data. Connected Data requirements for SSO

Agenda. How to configure

Single Log-Out. Andreas Åkre Solberg Malaga, June 2009

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

Single Sign-On between SAP Portal and SuccessFactors

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

An Oracle White Paper August Oracle OpenSSO Fedlet

PingFederate. IWA Integration Kit. User Guide. Version 3.0

Department Service Integration with e-pramaan

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

Automated Testing of SAML 2.0 Service Providers. Andreas Åkre Solberg UNINETT

PingFederate. IWA Integration Kit. User Guide. Version 2.6

Egnyte Single Sign-On (SSO) Installation for Okta

PingFederate. SSO Integration Overview

SAML Authentication within Secret Server

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

Logout in Single Sign-on Systems

SSO Plugin. Case study: Integrating with Ping Federate. J System Solutions. Version 4.0

Saba Cloud. Overview of SSO for mobile applications

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Microsoft Office 365 Using SAML Integration Guide

Securing Web Services With SAML

Policy Guide Access Manager 3.1 SP5 January 2013

SAML single sign-on configuration overview

SAP Cloud Identity Service Document Version: SAP Cloud Identity Service

OIOSAML 2.0 Toolkits Test results May 2009

Configuring Parature Self-Service Portal

Safewhere*Identify 3.4. Release Notes

Copyright: WhosOnLocation Limited

Single Sign On for ShareFile with NetScaler. Deployment Guide

Internet Information Services Integration Kit. Version 2.4. User Guide

SAP NetWeaver AS Java

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

How to Implement Enterprise SAML SSO

Configuring. SuccessFactors. Chapter 67

SAML Authentication with BlackShield Cloud

How to create a SP and a IDP which are visible across tenant space via Config files in IS

Configuring SuccessFactors

Flexible Identity Federation

Authentication and Single Sign On

An SAML Based SSO Architecture for Secure Data Exchange between User and OSS

This section includes troubleshooting topics about single sign-on (SSO) issues.

IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>>

Crawl Proxy Installation and Configuration Guide

Increase the Security of Your Box Account With Single Sign-On

Secure the Web: OpenSSO

Get Success in Passing Your Certification Exam at first attempt!

Biometric Single Sign-on using SAML

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

Transcription:

Single Sign On Integration Guide Document version: 20.01.12

Table of Contents About this document... 3 Purpose... 3 Target... 3 Support... 3 Overview... 4 SAML... 5 SAML in general... 5 How SAML is used for SSO... 5 What you need... 7 Overview... 7 2

About this document Purpose This document describes in general how a partner may set up a Single Sign On environment with one of Signicat's customers. Target The document's intended audience is technical personnel with a general understanding of web technology. The reader should also preferably have a general understanding of how SAML 1 and/or SAML 2 can be used for federating between two web sites. Support Our support staff will be happy to help you with any questions. Phone: +47 4000 3410 Email: support@signicat.com Single Sign On 3

Overview Signicat provides an online service for authenticating end users on the web. Web sites that use Signicat's service for authenticating end users will typically send their users to Signicat's web site for authentication whenever this is needed. Signicat will do what is needed to authenticate the end user before sending the end user back to the customer s site with a verified identity. Signicat also provides SSO between selected partners and Signicat's customer. The partner and Signicat will set up a SSO environment that is further extended by a SSO environment between Signicat and Signicat's customer. The SSO environment between the partner and Signicat can be set up using either SAML 1 or SAML 2. 4

SAML SAML in general A complete description of how SAML works is outside the scope of this document. A technical overview of SAML can be downloaded from oasis-open.org (http://www.oasisopen.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf). The complete specification is also available from oasis-open.org. SAML defines a framework for exchanging security information between online business partners. In this context SAML will be used to exchange the end users identity between the partner and Signicat when the end user is about to follow a link from the partners web site to the customers web site. How SAML is used for SSO The partner has to detect that the end user is about to open a web page on Signicat's customers web site. The partner must at this point create a SAML message with the end users identity. The end user must be sent to Signicat with this message. Signicat will verify the end users identity and forward the user to Signicat's customer in the same way as if the end user had just logged in at Signicat. Signicat's customer may detect that the end user was forwarded from the partner, but they may also choose to ignore this and treat the end user in the same way as if he had just logged in. Single Sign On 5

Signicat supports SAML 1 and SAML 2. In this scenario the "IdP-Initiated SSO: POST Binding" profile is used. The partner will take the role as IdP (since the end user was identified here) while Signicat will take the role as SP. The SAML message that is sent from the partner to Signicat will contain the end users identity. This identity must be in the form of a customer number, user name or other attribute that is known for Signicat's customer. In the Scandinavian countries a national identity number like the Swedish "personnummer", Norwegian "fødselsnummer", Danish "CPR" or Finnish "Hetu" is typically used if available. Along with the SAML message, the partner must also send a "target url" (also specified by SAML). The target url is the url where Signicat is supposed to forward the end user when his identity is verified. This url must point to the web site that the end user should see. It may contain http parameters as long as the parameters is embedded in the url. Signicat will redirect the end user to this url using http code 302 (that is, a normal http redirect). The end user will normally not see any web pages at Signicat. The user experience should be that he clicks on a link on the partner web site and is immediately sent to the desired target web page. The whole SAML operation for transmitting the users identity and redirect from Signicat to Signicat's customer is done "behind the scenes". 6

What you need Overview The partner will need some sort of SAML enabled software to take the role as "identity provider" in this scenario. There is no need for a full-fledged SAML identity management suite. The software only need to handle the IdP role in the "IdP-Initiated SSO: POST Binding" protocol and the protocols for session shareing and single logout. Three different ways to fulfil this requirement is by: Using a SAML enabled federation product. A wide range of major industry players like IBM, Oracle and others provides this kind of products. Any SAML compliant product would probably work "out of the box". Using a SAML library that is integrated into the partners own software Implementing SAML functionality from scratch Signicat will strongly discourage implementing SAML from scratch, as this is a major task. Signicat provides a SAML Library for Java. This library is easy to use and Signicat provides documentation and assistance for using the library in this context. Single Sign On 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information