SAML:The Cross-Domain SSO Use Case

Similar documents
Biometric Single Sign-on using SAML

SAML-Based SSO Solution

Biometric Single Sign-on using SAML Architecture & Design Strategies

Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0

The Emerging Infrastructure for Identity and Access Management

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

SAML SSO Configuration

SAML basics A technical introduction to the Security Assertion Markup Language

How To Get A Single Sign On (Sso)

SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Agenda. How to configure

SAML-Based SSO Solution

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

CS 356 Lecture 28 Internet Authentication. Spring 2013

Perceptive Experience Single Sign-On Solutions

Approaches to Enterprise Identity Management: Best of Breed vs. Suites

NCSU SSO. Case Study

Identity Management for Interoperable Health Information Exchanges

Secure Identity in Cloud Computing

The Primer: Nuts and Bolts of Federated Identity Management

Securing Administrator Access to Internal Windows Servers

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

USING FEDERATED AUTHENTICATION WITH M-FILES

Building Secure Applications. James Tedrick

End-to-End Identity Management With Oblix and Microsoft WHITEPAPER

Interoperable Provisioning in a Distributed World

Connected Data. Connected Data requirements for SSO

Open Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0

Oracle Access Manager. An Oracle White Paper

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

Leveraging SAML for Federated Single Sign-on:

The Primer: Nuts and Bolts of Federated Identity Management

Mobile Security. Policies, Standards, Frameworks, Guidelines

Cloud SSO and Federated Identity Management Solutions and Services

Entitlements Access Management for Software Developers

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Liberty Alliance Project Setting the Standard for Federated Network Identity

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

SAML and OAUTH comparison

OpenSSO: Cross Domain Single Sign On

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

SAML Security Analysis. Huang Zheng Xiong Jiaxi Ren Sijun

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

Configuring. SugarCRM. Chapter 121

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

The Top 5 Federated Single Sign-On Scenarios

WebLogic Server 7.0 Single Sign-On: An Overview

How to Implement Enterprise SAML SSO

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture

SAML Security Option White Paper

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

ABFAB and OpenStack(in the Cloud)

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Web Applications Access Control Single Sign On

December 2014 Keywords/Summary

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics

First-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2

SAML 101. Executive Overview WHITE PAPER

Enabling SAML for Dynamic Identity Federation Management

White paper December Addressing single sign-on inside, outside, and between organizations

Authentication Context Classes for Levels of Assurance for the Swedish eid Framework

Course 50382A: Implementing Forefront Identity Manager 2010 OVERVIEW

WebNow Single Sign-On Solutions

Introduction to SAML

Oracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

Canadian Access Federation: Trust Assertion Document (TAD)

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Flexible Identity Federation

managing SSO with shared credentials

Configuring Parature Self-Service Portal

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

HP Software as a Service. Federated SSO Guide

Authorization-Authentication Using

Enterprise Access Control Patterns For REST and Web APIs

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

An Introduction to SCIM: System for Cross-Domain Identity Management

PRODUCT BRIEF OpenAM. Delivering secure access for customers, applications, devices and things

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Security Assertion Markup Language (SAML) Site Manager Setup

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

Secure the Web: OpenSSO

Cloud-based Identity and Access Control for Diagnostic Imaging Systems

Federated Identity in the Enterprise

OneLogin Integration User Guide

Transcription:

SAML:The Cross-Domain SSO Use Case Chris Ceppi Oblix Corporate Engineer Ed Kaminski OBLIX Federal Business Manager 410-349-1828 ekaminski@oblix.com Mike Blackin Principal Systems Engineer Oblix, Inc. 202-588-7397 mblackin@oblix.com

Railroad Industry It is a very sad thing unquestionably that railways, which mechanically have succeeded beyond anticipation and are quite wonderful for their general utility and convenience, should have failed commercially. The Economist, 1857 2

The Golden Spike The Central Pacific and Union Pacific meet at Promontory Summit, Utah May 10 th, 1869 3

Agenda Web Security Primer Security and Interoperability SAML Background Airline Industry Case Study Lessons Learned SAML and Identity Management Business Drivers SAML Readiness 4

Web Security Primer User Access User provides credentials to authenticate and generate session. Application Directory Server or Database User Credentials for Authentication and Authorization Security Domain Policy Enforcement Point (PEP) Policy Decision Point (PDP) 5

Web Security and Interoperability Many scenarios require users to access resources in multiple, independent security domains. These scenarios drive the need for standards. B-2-B Scenarios Service Levels Aggregated Services Application Application Security Domain Security Domain 6

SAML Background Security Assertion Markup Language (SAML) Defines XML schema for security assertions and protocol. Became an official OASIS standard in November, 2002. SAML Assertions Authentication Authorization Attribute SAML and Cross Domain SSO Related Web Services Standards Liberty Alliance WS-Security XACML SPML 7

Airline Industry Case Study Step 1: User must login at Airline to gain access Step 2: User must login at Aerospace company to gain access Airline Application Multiple Logins are inconvenient for users Aerospace Company Application User credentials must be maintained in both security domains Help desk calls to both domains User Credentials for Authentication No single point of user revocation User Credentials for Authentication 8

Airline Industry Case Study Step 1. User login at Security Domain 1 to gain access Airline Application Step 2. After SAML assertion exchange, user seamlessly accesses Security Domain 2 without additional login Aerospace Company Application SAML Assertions (Authn, Authz, Attrib) Internet User Credentials for Authentication With SAML, user credentials are only maintained in Security Domain 1 9

Airline Industry Case Study Airline 3 Airline 2 Airline 1 Aerospace Company Oblix NetPoint Employees SSO Portal SAML-Powered Link SAML- Powered Access Oblix NetPoint SSO Apps COREid Functionality Admins User Identities for Authentication and Authorization Common Identifiers 10

Lessons Learned Project Plan Should Include Out of Band Considerations: Coordination Intra Company Processes Technical Integration PKI Attention to Detail Shared Support Common Identifiers Ongoing Administration Identity Management 11

SAML and Cross Domain Identities Users in Common Model Ongoing Identity Administration User Lifecycle Entitlements Delegated Administration Workflow Self-Service Identity Web Services 12

SAML Business Drivers Significant Business Impact Cost Avoidance/Reduction Improved User Experience Embedded Services Opportunity for IT/Business Partnership 13

SAML Readiness Assessment Survey Existing B2B Relationships User Experience Administration Structure Help Desk Password Reset Existing Security Model 14

NetPoint SAML Services In Production Support for Inbound and Outbound SAML Tightly Integrated With COREid Leading solution for delegated admin, self-service, self-registration Identity Web Services (IdentityXML) Support for Bookmarked URL s Support for Domain Verification Domain Aware Error Messages 15

Discussion For More Information: Oblix Web Site http://www.oblix.com OASIS SAML Information http://www.oasis-open.org/committees/wss/ 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information