ELM Manages Identities of 4 Million Government Program Users with. Identity Server



Similar documents
The Top 5 Federated Single Sign-On Scenarios

managing SSO with shared credentials

Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

SAML-Based SSO Solution

Perceptive Experience Single Sign-On Solutions

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

Leveraging SAML for Federated Single Sign-on:

Security Assertion Markup Language (SAML) Site Manager Setup

Flexible Identity Federation

SAML SSO Configuration

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

SAML-Based SSO Solution

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Introduction to SAML

OIOSAML Rich Client to Browser Scenario Version 1.0

Virtualization and Cloud Computing

Using SAML for Single Sign-On in the SOA Software Platform

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

USING FEDERATED AUTHENTICATION WITH M-FILES

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK

Implementation Guide SAP NetWeaver Identity Management Identity Provider

SAML Security Option White Paper

Agenda. How to configure

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

WebNow Single Sign-On Solutions

WHITE PAPER. Active Directory and the Cloud

Server based signature service. Overview

Server-based Password Synchronization: Managing Multiple Passwords

Introduction to Directory Services

Integrating CRM On Demand with the E-Business Suite to Supercharge your Sales Team

Security Services. Benefits. The CA Advantage. Overview

Virtual Cabinet Document Portal User Guide

The Role of Federation in Identity Management

Safewhere*Identify 3.4. Release Notes

The increasing popularity of mobile devices is rapidly changing how and where we

In this topic we will cover the security functionality provided with SAP Business One.

Architecture Guidelines Application Security

OSOR.eu eid/pki/esignature Community Workshop in Brussels, 13. November 2008 IT Architect Søren Peter Nielsen - spn@itst.dk

TrustedX - PKI Authentication. Whitepaper

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Authentication Integration

OIO Web SSO Profile V2.0.5

Integrating Single Sign-on Across the Cloud By David Strom

Collaborating with External Users

HP Software as a Service. Federated SSO Guide

SAML Authentication Quick Start Guide

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

Getting Started with AD/LDAP SSO

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

HP Software as a Service

Increase the Security of Your Box Account With Single Sign-On

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

White paper December Addressing single sign-on inside, outside, and between organizations

Absorb Single Sign-On (SSO) V3.0

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

SAP NetWeaver AS Java

TRIPwire HSIN Federation:

OpenHRE Security Architecture. (DRAFT v0.5)

ShareFile Security Overview

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

OPENIAM ACCESS MANAGER. Web Access Management made Easy

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

An Overview of Samsung KNOX Active Directory-based Single Sign-On

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Auth0 SSO Drives B2B Expansion

OpenSSO: Cross Domain Single Sign On

Authentication: Password Madness

Enterprise Digital Identity Architecture Roadmap

nexus Hybrid Access Gateway

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Flexible Identity Federation

Cisco Software-as-a-Service (SaaS) Access Control

NCSU SSO. Case Study

SOA, case Google. Faculty of technology management Information Technology Service Oriented Communications CT30A8901.

CA Nimsoft Service Desk

NetworkingPS Federated Identity Solution Solutions Overview

PeopleSoft Enterprise Directory Interface

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Federated Identity in the Enterprise

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Provide access control with innovative solutions from IBM.

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia Pedro Borges

Oracle Business Intelligence Enterprise Edition LDAP-Security Administration. White Paper by Shivaji Sekaramantri November 2008

YubiKey Authentication Module Design Guideline

Last Updated: July STATISTICA Enterprise Server Security

Enhancing Web Application Security

Improving Security and Productivity through Federation and Single Sign-on

Deploying RSA ClearTrust with the FirePass controller

Transcription:

ELM Manages Identities of 4 Million Government Program Users with Identity Server

ELM Implements Single Sign-on With WSO2 Identity Server to Streamline Administration, Improve Productivity, and Reduce Costs In Saudi Arabia, ELM is a trusted provider of secure electronic services. Providing deep expertise in innovative and specialized e-services for government transaction and e-government initiatives, it is the first company in Saudi Arabia to have successfully launched a fully compliant e-government process. Recently ELM architected and implemented a system to manage a range of processes for the Saudi national Unemployment Assistance Program. Today, ELM relies on WSO2 Identity Server to manage some 4 million users of the Unemployment Assistance Program and ensure secure online transactions. Accommodating Unemployment Assistance Program Growth In 2011, the Unemployment Assistance Program launched to provide an allowance for all Saudi citizens who were currently unemployed and searching for a job. ELM had implemented the system, which included a portal where citizens could submit their requests, as well as applications running in the background that managed all the processes for qualifying the users and handling any payments. Initially, the project just covered one program. However, a year later, as the Saudi government expanded services to include several programs, ELM recognized the need to streamline the administration for managing the user identities of everyone involved with the program. The ELM Unemployment Assistance Program team decided that the best solution would be to implement single sign-on (SSO) between a set of relying party vendors. The next step was determining the right technology provider to help deliver that solution. We evaluated identity management options from all the large vendors, recalled Abdullah Al Tahhan, a senior project manager at ELM. Out of all the solutions we tested, WSO2 had the most flexible solution. We liked that it was customizable and could be modified to fit our needs. WSO2 had the most flexible solution. We liked that it was customizable and could be modified to fit our needs. 2

OpenID Vs. SAML 2.0 for Single Sign-on To support the implementation of WSO2 Identity Server, ELM obtained a two-month consulting engagement with WSO2 s engineers. As the ELM and WSO2 developers began outlining the architecture, they realized that the first decision would be whether to use OpenID or the Security Assertion Markup Language 2.0 (SAML 2.0). OpenID and SAML 2.0 are the two most widely used standards for single sign-on across the Web, and both offer a platform-agnostic approach that allows enterprise architects to implement a uniform security layer with existing assets. Furthermore, WSO2 Identity Server supports both standards. However, there are significant differences in the standards. 1. SAML 2.0 supports single sign-out. OpenID does not. 2. SAML 2.0 service providers are coupled with the SAML 2.0 identity providers. OpenID relying parties are not coupled with OpenID providers. Instead, OpenID has a discovery protocol, which dynamically discovers the corresponding OpenID provider once an OpenID is given. 3. With SAML 2.0, the user is coupled to the SAML 2.0 identity provider, so a user s SAML 2.0 identifier is only valid for the provider that issued it. By contrast with OpenID, users own their identifiers and can map them to any OpenID provider they wish. 4. SAML 2.0 offers different bindings while the only binding OpenID has is HTTP. 5. SAML 2.0 can be either service provider-initiated or identity provider-initiated, but OpenID is always service provider-initiated. 6. SAML 2.0 is based on XML while OpenID is not XML-based. After weighing the differences between OpenID and SAML 2.0, the ELM and WSO2 engineers decided to proceed with OpenID in directed identity mode to support both dumb and smart relying parties. With OpenID dumb mode, relying parties would not have to worry about handling signatures themselves, hence the load on client is less. With smart mode, each client has to process signatures and the load on the server and the network traffic are less. WSO2 Identity Server supports both OpenID dumb and smart modes simultaneously with an option to disable dumb mode. 3

We like the fact that with the OpenID directed identity mode, users do not have to remember lengthy URLs, Mr. Al Tahhan explained. Users are simply redirected automatically to the Unemployment Assistance Program OpenID provider for authentication, and then they can just login with their Unemployment Assistance Program user name and password. It is a simple and elegant approach. Implementing the SSO Solution With the architecture solidly in place, ELM was ready to put the project into action, and with two WSO2 engineers working onsite side by side with the ELM technical team, the system was up and running within two months. WSO2 has provided great, around-the-clock support. They are the most available support team we have worked with. WSO2 has provided great, around-the-clock support. They are the most available support team we have worked with. When we ask for technical service, we get a response in no time, Mr. Al Tahhan observed. In production since April 2013, the Unemployment Assistance Program SSO system manages about 4 million users with 2,000 login requests per second. The entire architecture implemented by ELM sits behind a firewall to ensure secure, authorized access. F5 application networking software manages incoming requests from users and authenticates these users through the four WSO2 Identity Server instances that have been installed. WSO2 Identity Server then checks user information, which resides in a Microsoft SQL Server that sits behind a second firewall. Key features in WSO2 Identity Server, such as the role-based access control (RBAC) convention, fine-grained policy based access control, and SSO bridging, help to reduce identity provisioning time, guarantee secure online interactions, and deliver a reduced single sign-on environment. Realizing Single Sign-on Advantages Since implementing single sign-on through WSO2 Identity Server, ELM has been able to significantly streamline the administration of user identities, as well as improve the overall user experience. The benefits delivered by SSO include: 4

Improved productivity. Single sign-on eliminates the need to enter a password each time users log in to a resource, which saves around 20 seconds and increases productivity. Also, users only have one password to remember and update, and only one set of password rules to remember, reducing the frustration of multiple log-on events and forgotten passwords. Additionally, SSO facilitates adoption, since it reduces the barriers to using resources and applications. Centralized management and reporting. Using a single registry of user identities with a centralized management interface enabled the quick and easy provisioning and deactivation of users. There is also an improvement in reporting and monitoring, and having a single repository for auditing and logging access to resources provides streamlined regulatory compliance. Increased security. Having implemented a secure, enterprise-wide infrastructure with common password and security policies, ELM allows user identities to be managed and secured centrally. Since OpenID is platform-agnostic, it adds a uniform security layer. Moreover, users are less likely to write down their passwords when there is only one to remember. Reduced helpdesk costs. Because SSO provides an easier way for users to authenticate their identities, there are fewer helpdesk calls for password resets, resulting in bottom-line savings. The SSO environment implemented with WSO2 Identity Server has fully met our expectations and is enabling us to realize the goals we set out for simplifying our user identity administration, Mr. Al Tahhan says. We are quite pleased with WSO2 s technology, but more than anything, when we think of future engagements, we are going to think of WSO2 because of the great support. Load Balancer WSO2 IS Cluster Identity Server Identity Server Identity Server Identity Server Unemployment Assistance Program Single Sign-On Solution Architecture Figure 01 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information