The Fedlet: Real World Examples
|
|
- Curtis Park
- 5 years ago
- Views:
Transcription
1 The Fedlet: Real World Examples Sun Iden(ty Management User Group 12 March 2009
2 Agenda BIT Systems Overview Federal Agency Architecture Iden>ty Federa>on Fedlet Introduc>on Enhancing Fedlet Capabili>es Real World Fedlet Applica>ons Fedlet Benefits and Tradeoffs Conclusion and Open Discussion
3 Company Overview BIT Systems, Inc. Founded in 1999 Beginning to end SIGINT Company 290+ TS/SCI cleared employees Loca>ons in Dulles, Denver, Sarasota, and Santa Clara Since 2005, BITS has delivered over 50 fully operagonal systems to 25 sites around the world BITS is the leading provider of SIGINT metadata to IC and DoD consumers, delivering cukng edge web based technologies to solve challenging data access problems Enterprise IT Capabilty Infrastructure Development First to deliver to our customer: Significant web based apps ( 98) Cross site Java apps ( 00) Web service interfaces ( 00) Enterprise database services ( 06) Enterprise Applica>ons SIGINT tasking, mission status, & modeling tools Mission support data warehouse services Common Directory Services So\ware Development Extensive Java, XML, and ESB exper>se Open source, SOA SI JSIS and DCID 6/3 compliant Agile, rapid prototyping
4 Terminology 101 Service Provider (SP) en>ty provider of services, typically web based Iden(ty Provider (IdP) en>ty provider for iden>ty services Circle of Trust (CoT) specifica>on of level of trust between en>ty providers Security Asser(on Markup Language (SAML) XML based standard for exchanging authen>ca>on and authoriza>on data Role/AIribute Based Access Control (RBAC/ABAC) access control methods based on a user s role or abribute value Lightweight Directory Access Protocol (LDAP) protocol for querying and modifying directory services X.509 AIribute Based Sharing Profile (XASP) SAML profile for providing abribute querying for X.509 enabled service providers extensible Access Control Markup Language (XACML) declara>ve access control policy language implemented in XML
5 Federal Agency Architecture The Problem Redundant User Provisioning Agency A No Enterprise Single Sign-on Agency D Federal Community Agency B No Enterprise Federation Standards Agency C Limited Authorization Attributes
6 Federal Agency Architecture The Solution: Identity Federation Limited Provisioning Redundancies Agency A SAML:XASP XACML Agency D Federal Community Agency B Common Authorization Attribute Set Agency C Enterprise Single Sign-on
7 IdenGty FederaGon What is Iden>ty Federa>on? Iden>ty Federa>on can be defined many ways based on the domain and problem with which it is being applied to. In the federal community, there are two primary forms of iden>ty federa>on: Intra Domain Federa>on Iden>ty portability provided by IdP to SPs within domain Common iden>ty assembled from mul>ple data sources in a domain Cross Domain Federa>on iden>ty portability between domains using open standards In the federal community iden>ty federa>on provides the governance and availability of a common iden>ty across the enterprise
8 IdenGty FederaGon Intra-Domain Federation Cross Domain Federation SP SP IdP SP Agency Agency Agency Federal Community
9 Sun Access Management Sun Provides Identity Federation OpenSSO Enterprise OpenSSO Express Federa>on Manager + Access Manager
10 Sun Enterprise SoluGon Agency A Agency B App 1 Abribute Service App A SDK App 2 OpenSSO IdP 2.2 Agent App B 3.0 Agent DSEE LDAP ID WS App 3 Fedlet IDM LDAP App C JNDI
11 IntroducGon to the Fedlet The Fedlet: a lightweight en>ty which enables service providers to quickly federate with an iden>ty provider Introduced in early 2008 in OpenSSO Express builds Commercially introduced with OpenSSO Enterprise in September 2008 Early access.net version of Fedlet available for preview
12 Fedlet Features & Benefits Plug and play federa>on No addi>onal hardware needed for SP. OpenSSO performs all Fedlet configura>on and deployment packaging. SAML v2 enablement Communica>on between IdP and SP uses standards based protocols Developers use Java API to create SAML compliant abribute requests Single Sign on Authen>ca>on tokens with IdP shared by SP Open Source Enables easy extension and maintenance of Fedlet capability Fedlets do not need session management Greatly increases performance and scalability
13 Fedlet Development Fedlet deploys to container as a web archive (WAR) Consists of: Code libraries Java Archive files (JARs) Exposes Java API for communica>on with IdP (OpenSSO) Proper>es and configura>on files Proper>es contain Java Server Pages (JSPs) Web pages which contain sample code to perform federa>on opera>ons (SSO, SAML, Abribute Queries) Fedlet services are easy to access and extend: Map map = SPACSU>ls.processResponseForFedlet(request, response); Response samlresp = (Response) map.get(saml2constants.response); Asser>on asser>on = (Asser>on) map.get(saml2constants.assertion); Subject subject = (Subject) map.get(saml2constants.subject); Map abrs = (Map) map.get(saml2constants.attribute_map);
14 CreaGng a Fedlet Fedlets can be created in OpenSSO console in 2 minutes! Define SP Add SP to CoT Create Fedlet Deploy fedlet.war to SP
15 OASIS SAML v2 Compliant SAML v2 tags <samlp:response xmlns:samlp="urn:oasis:names:tc:saml:2.0:protocol" ID="s2a21adbdb831e263d646018bc45f80fdccda53061 " InResponseTo="s26a5d2b878e962deb84e78b a09fc4c536" Version="2.0" IssueInstant=" T19:31:41Z Destination=" xmlns:saml="urn:oasis:names:tc:saml :2.0:assertion"> xmlns:samlp="urn:oasis:names:tc:saml:2.0:protocol"> <samlp:statuscode xmlns:samlp="urn:oasis:names:tc:saml:2.0:protocol"value="urn:oasis:names:tc:saml:2.0:status:success"> </samlp:statuscode> <saml:attributestatement><saml:attribute Name=" Address"><saml:AttributeValue xmlns:xs=" " xmlns:xsi=" <saml:attribute Name="address"><saml:AttributeValue xmlns:xs= xmlns:xsi=" xsi:type="xs:string">herndon</saml:attributevalue></saml:attribute> </saml:attributestatement> Schema Compliant Attribute Value Burden of creating SAML compliant messages is lifted from the SP developer
16 Extending the Fedlet Fedlets provide federa>on and single sign on using SAML 2.0 between an IdP and SP Fedlets can be extended to support specific business cases XASP: in a PKI enabled environment where authen>ca>on is X.509 cer>ficate based SAML queries can be configured to use X.509 dis>nguished name XACML: when policy decisions need to be extended beyond basic SAML authoriza>on decision statement
17 Extending the Fedlet: XASP XASP is suited for deployments where: service providers perform cer>ficate based authen>ca>on IdP can resolve queries using dis>nguished name from X.509 cer>ficate Cross domain iden>ty federa>on using dis>nguished names Fedlet Java code uses dis>nguished name from presented X.509 cer>ficate: SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE X509Cer>ficate[] allcerts = (X509Cer>ficate[]) request.getabribute("javax.servlet.request.x509cer>ficate"); String userid = allcerts[0].getsubjectdn().tostring(); Response samlresp = AbributeQueryU>l.sendAbributeQuery(abrQuery, abrauthorityen>tyid, realm, abrqueryprofile, abributeprofile, SAML2Constants.SOAP);
18 XASP SpecificaGon Intra-Domain Federation Principal Service Provider Iden>ty Provider Service Request X.509 Authentication Attribute Request Ac>ons governed by OASIS XASP Specifica>on {XASP enabled Fedlet capabili>es} Attribute Response Service Response
19 XASP: Enterprise FederaGon Cross Domain Federation Agency A Sun OpenSSO RSA FIM PingFederate Agency C XASP Agency B
20 Extending the Fedlet: XACML XACML Used to query policies defined in OpenSSO SAML v2 schema can be extended to support XACML request/response Embedded in xacml context schema within SAML payload Can be used by Fedlet or SDK to support authoriza>on requests XACML policy queries built using Java API in Fedlet JSP Attribute attribute = ContextFactory.getInstance().createAttribute(); attribute.setattributeid(new URI(XACMLConstants.SUBJECT_ID)); attribute.setattributeid(new URI(XACMLConstants.RESOURCE_ID)); attribute.setattributeid(new URI(XACMLConstants.TARGET_SERVICE)); Response xacmlresponse = XACMLRequestProcessor.getInstance().processRequest(Xrequest, pdpentityid, pepentityid);
21 BITS Web ApplicaGon Service Provider BITS_APP1 User Browser X.509 Tomcat Fedlet Identity Provider OpenSSO 1. User establishes TLS/SSL connec>on with BITS_APP1 a. User s X.509 cer>ficate presented to container (Tomcat) hos>ng BITS_APP1 Directory Server
22 BITS Web ApplicaGon Service Provider BITS_APP1 User Browser X.509 Tomcat Fedlet Identity Provider OpenSSO 2. BITS_APP1 container authen>cates user a. Cer>ficate validity dates confirmed b. Signing Authority validated c. Cer>ficate revoca>on data checked Directory Server
23 BITS Web ApplicaGon Service Provider BITS_APP1 User Browser X.509 Tomcat Fedlet Identity Provider OpenSSO 3. BITS_APP1 fedlet performs SAML/XACML query using dis>nguished name (DN) value from user cer>ficate Directory Server
24 BITS Web ApplicaGon Service Provider BITS_APP1 User Browser X.509 Tomcat Fedlet Identity Provider OpenSSO 4. OpenSSO confirms whether user is authorized to access BITS_APP1 a. Access to BITS_APP1 is governed via OpenSSO policy b. BITS_APP1 policy uses filtered role (ABAC) to check user s clearancelevel, na>onality_extended, and siteloca>on abribute values Directory Server
25 BITS Web ApplicaGon Service Provider BITS_APP1 User Browser X.509 Tomcat Fedlet Identity Provider OpenSSO 5. BITS_APP1 receives XACML decision and either permits or denies user access to applica>on Directory Server
26 BITS Web ApplicaGon Service Provider BITS_APP1 User Browser X.509 Tomcat Fedlet Identity Provider OpenSSO Create Fedlet: 2 min Create Policy: 2 min Deploy Fedlet in SP: 5 min Modify SP to use Fedlet: 2 hrs Total Time to enable SP for SAML:XASP w/xacml : ~2 hrs Directory Server
27 Conclusion The Fedlet is an exci>ng new tool in the Sun Access Management offerings The Fedlet offers a low cost solu>on to iden>ty federa>on enablement Adheres to open standards (SAML, XACML) Ideal candidate for access management in a PKI enabled enterprise Perfect agencies in the federal government BIT Systems has many deployment varia>ons of the Fedlet on classified and unclassified networks Please contact BIT Systems to discuss enablement of Iden>ty and Access in your enterprise
28 Questions?
29 Contact InformaGon Dan Rolph Iden1ty & Security Services Lead Business Court Dulles, VA sys.com Phone: x154 Robin Heyner Business Development Business Court Dulles, VA sys.com Phone: x163 Ryan Fairchild Business Development Business Court Dulles, VA sys.com Phone: x264 Brad Worsham CTO, Business Development Business Court Dulles, VA sys.com Phone: x248
30
31 Fedlet References Fedlet GnR video hbps://slx.sun.com/download/ /prod_ mp4 Sun OpenSSO Enterprise 8.0 Deployment Planning Guide hbp://dlc.sun.com/pdf/ / pdf Sun OpenSSO Java API hbp://docs.sun.com/source/ / Steven Jarosz Wiki hbp://wikis.sun.com/display/mylabnotes/steven+jarosz Sun OpenSSO Enterprise 8.0 Technical Overview hbp://dlc.sun.com/pdf/ / pdf OpenSSO Fedlet Demo (deployed in Jboss) hbp://tech.gpuri.com/wp content/uploads/2009/01/fedlets demo.doc OpenSSO Open Source Project (OpenSSO Express) hbps://opensso.dev.java.net/ Sun OpenSSO Enterprise product page hbp://
AWS Iden)ty And Access Management (IAM) Manohar Rapolu
AWS Iden)ty And Access Management (IAM) Manohar Rapolu Topics Introduc5on Principals Authen5ca5on Authoriza5on Other Key Feature -> Mul5 Factor Authen5ca5on -> Rota5ng Keys -> Resolving Mul5ple Permissions
More informationSSO Integration Overview
SSO Integration Overview 2006-2014 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 7.2 June, 2014 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,
More informationImplement SAML 2.0 SSO in WLS using IDM Federation Services
Implement SAML 2.0 SSO in WLS using IDM Federation Services Who we are Experts At Your Service > Over 60 specialists in IT infrastructure > Certified, experienced, passionate Based In Switzerland > 100%
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationHow the Cloud is Changing Federated Iden4ty Requirements. Patrick Harding CTO, Ping March 1, 2010
How the Cloud is Changing Federated Iden4ty Requirements Patrick Harding CTO, Ping Iden3ty @pingcto March 1, 2010 http://www.flickr.com/photos/quinnanya/2690873096/ The Return of Timesharing http://www.flickr.com/photos/quinnanya/2690873096/
More informationSession 2.1: Federations: Foundation. Scott Koranda Support provided by the National Institute of Allergy and Infectious Diseases
Session 2.1: Federations: Foundation Scott Koranda Support provided by the National Institute of Allergy and Infectious Diseases Scott Koranda's participation has been funded in whole or in part with federal
More informationJBoss Federated SSO Framework
JBoss Federated SSO Framework Presenter: Sohil Shah Company: Red Hat, JBoss Division Title: Software Engineer Projects: JBoss Portal, JBoss Federated SSO Date: February 14, 2008 Agenda Single Sign On Benefits
More informationConfiguration Guide - Single-Sign On for OneDesk
Configuration Guide - Single-Sign On for OneDesk Introduction Single Sign On (SSO) is a user authentication process that allows a user to access different services and applications across IT systems and
More informationAn introduc/on to Sir0i
Authen4ca4on and Authorisa4on for Research and Collabora4on An introduc/on to Sir0i Addressing Federated Security Incident Response Hannah Short CERN hannah.short@cern.ch TF-CSIRT May, 2016 Agenda Federated
More informationRSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013
Ping Identity RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 13, 2013 Product Information Partner Name Ping Identity Web Site www.pingidentity.com Product Name PingFederate
More informationVersion 7.x. Quick-Start Guide
Version 7.x Quick-Start Guide 2005-2013 Ping Identity Corporation. All rights reserved. PingFederate Quick-Start Guide Version 7.x September, 2013 Ping Identity Corporation 1001 17th Street, Suite 100
More informationNa#ve Applica#ons WG (NAPPS) May 5/14 Paul Madsen, Ping
Na#ve Applica#ons WG (NAPPS) May 5/14 Paul Madsen, Ping NAPPS value proposi#on OAuth & Connect enable na#ve applica#ons calling APIs Popularity of na#ve applica#on model has led to an explosion enterprise
More informationUsing Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee
Using Your Own Authentication System with ArcGIS Online Cameron Kroeker and Gary Lee Agenda ArcGIS Platform Structure What is SAML? Meet the Players Relationships Are All About Trust What Happens During
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Task Flow, page 5 Reconfigure OpenAM SSO to SAML SSO Following an Upgrade, page 9 SAML SSO Deployment Interactions and Restrictions, page 9 Prerequisites NTP
More informationCoreBlox Integration Kit. Version 2.2. User Guide
CoreBlox Integration Kit Version 2.2 User Guide 2015 Ping Identity Corporation. All rights reserved. PingFederate CoreBlox Integration Kit User Guide Version 2.2 November, 2015 Ping Identity Corporation
More informationIntroducing Shibboleth. Sebastian Rieger
Introducing Shibboleth Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford eresearch Center
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Workflow, page 5 Reconfigure OpenAM SSO to SAML SSO After an Upgrade, page 9 Prerequisites NTP Setup In SAML SSO, Network Time Protocol (NTP) enables clock
More informationCoreBlox Token Translator. Version 1.0. User Guide
CoreBlox Token Translator Version 1.0 User Guide 2014 Ping Identity Corporation. All rights reserved. PingFederate CoreBlox Token Translator User Guide Version 1.0 April, 2014 Ping Identity Corporation
More informationContents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29
Oracle Access Manager Configuration Guide 16 R1 March 2016 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 8 Installing Oracle HTTP Server...
More informationIdentity Provider for SAP Single Sign-On and SAP Identity Management
Implementation Guide Document Version: 1.0 2017-05-15 PUBLIC Identity Provider for SAP Single Sign-On and SAP Identity Management Content 1....4 1.1 What is SAML 2.0.... 5 SSO with SAML 2.0.... 6 SLO with
More informationOracle Access Manager Configuration Guide
Oracle Access Manager Configuration Guide 16 R2 September 2016 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...
More informationDirectories Services and Single Sign-On for Collaboration
Directories Services and Single Sign-On for Collaboration Paulo Jorge Correia BRKUCC-2664 Agenda Identity Challenges and Market Analysis SSO Technologies and protocol Deep Dive OAuth Protocol SAML Protocol
More informationOracle OpenSSO E
Oracle OpenSSO Release Notes Release 11gR1. Version 11.1.1.3.0 E17846-03 June 2011 Provides latest release information including known issues and important late-breaking product news. Oracle OpenSSO Release
More informationAccess Control Service Oriented Architecture
http://www.cse.wustl.edu/~jain/cse571-09/ftp/soa/index.html 1 of 13 Access Control Service Oriented Architecture Security Yoon Jae Kim, yj1dreamer AT gmail.com (A project report written under the guidance
More informationISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University
Identity Management and Federated ID (Liberty Alliance) ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Identity Identity is the fundamental concept of uniquely
More informationImplementing a Ground Service- Oriented Architecture (SOA) March 28, 2006
Implementing a Ground Service- Oriented Architecture (SOA) March 28, 2006 John Hohwald Slide 1 Definitions and Terminology What is SOA? SOA is an architectural style whose goal is to achieve loose coupling
More informationIntegration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate
SafeNet Authentication Manager Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationPingFederate 5.0. Release Notes
PingFederate 5.0 Release Notes 2008 Ping Identity Corporation. All rights reserved. January, 2008 Ping Identity Corporation 1099 18th Street, Suite 2950 Denver, CO 80202 U.S.A. Phone: 877.898.2905 (+1
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS 03 EXECUTIVE OVERVIEW 05 INTRODUCTION 07 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS 09 IDENTITY FEDERATION IN
More informationCA CloudMinder. SSO Partnership Federation Guide 1.53
CA CloudMinder SSO Partnership Federation Guide 1.53 This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation ), is
More informationIdentity Management (IdM) is a crosscutting focus area for DHS
DHS & Identity Management Anil John Telephone: (443) 778-0612 Email: anil.john@jhuapl.edu 1 Identity Management (IdM) is a crosscutting focus area for DHS Enabling Homeland Capabilities EHC #1: Cross-Agency
More informationFederated Web Services with Mobile Devices
Federated Web Services with Mobile Devices Rajeev Angal Architect Sun Microsystems Pat Patterson Architect Sun Microsystems Session TS-6673 Copyright 2006, Sun Microsystems, Inc., All rights reserved.
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More information<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8
RSA SECURID ACCESS Implementation Guide PingIdentity John Sammon & Gina Salvalzo, RSA Partner Engineering Last Modified: February 27 th, 2018 Solution Summary Ping Identity
More information1z0-479 oracle. Number: 1z0-479 Passing Score: 800 Time Limit: 120 min.
1z0-479 oracle Number: 1z0-479 Passing Score: 800 Time Limit: 120 min Exam A QUESTION 1 What is the role of a user data store in Oracle Identity Federation (OIF) 11g when it is configured as an Identity
More informationCA Adapter. CA Adapter Installation Guide for Windows 8.0
CA Adapter CA Adapter Installation Guide for Windows 8.0 This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation
More informationCA SiteMinder. Federation Manager Guide: Partnership Federation. r12.5
CA SiteMinder Federation Manager Guide: Partnership Federation r12.5 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationSAP NetWeaver Cloud Security Tutorial Single Sign-On and Identity Federation with ForgeRock OpenAM
Single Sign-On and Identity Federation with ForgeRock OpenAM TABLE OF CONTENTS OVERVIEW... 3 PREREQUISITES AND REQUIREMENTS... 4 GETTING STARTED... 4 STEP 1: ESTABLISH TRUST TO SAP NETWEAVER CLOUD IN ITELO
More informationOpenID Cloud Identity Connector. Version 1.3.x. User Guide
OpenID Cloud Identity Connector Version 1.3.x User Guide 2016 Ping Identity Corporation. All rights reserved. PingFederate OpenID Cloud Identity Connector User Guide Version 1.3.x January, 2016 Ping Identity
More informationRealMe. SAML v2.0 Messaging Introduction. Richard Bergquist Datacom Systems (Wellington) Ltd. Date: 15 November 2012
RealMe Version: Author: 1.0 APPROVED Richard Bergquist Datacom Systems (Wellington) Ltd Date: 15 November 2012 CROWN COPYRIGHT This work is licensed under the Creative Commons Attribution 3.0 New Zealand
More informationCentrify for Dropbox Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Centrify for Dropbox Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of
More informationNovell Access Manager 3.1
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell Access Manager 3.1 Access Control, Policy Management and Compliance Assurance Novell Access Manager 3.1 Table of Contents: 2..... Complete
More informationMajor SAML 2.0 Changes. Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007
Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007 Tokens, Protocols, Bindings, and Profiles Tokens are requests and assertions Protocols bindings are communication
More informationQuick Connection Guide
Amazon Web Services Connector Version 1.0 Quick Connection Guide 2004-2013 Ping Identity Corporation. All rights reserved. PingFederate Amazon Web Services Connector Quick Connection Guide Version 1.0
More informationSAML 2.0 Software comparison Andreas Åkre Solberg EuroCAMP, Athens,
SAML 2.0 Software comparison Andreas Åkre Solberg andreas.solberg@uninett.no EuroCAMP, Athens, 2008-11-06 SAML 2.0 gives you the choice Earlier: Educational federation = shibboleth Now:? - Many shibboleth
More informationCA SiteMinder Federation
CA SiteMinder Federation Legacy Federation Guide 12.52 SP1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationIntroduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...
Oracle Access Manager Configuration Guide for On-Premises Version 17 October 2017 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing
More informationOpenIAM Identity and Access Manager Technical Architecture Overview
OpenIAM Identity and Access Manager Technical Architecture Overview Overview... 3 Architecture... 3 Common Use Case Description... 3 Identity and Access Middleware... 5 Enterprise Service Bus (ESB)...
More informationKaltura MediaSpace SAML Integration Guide. Version: 5.0
Kaltura MediaSpace SAML Integration Guide Version: 5.0 Kaltura Business Headquarters 200 Park Avenue South, New York, NY. 10003, USA Tel.: +1 800 871 5224 Copyright 2014 Kaltura Inc. All Rights Reserved.
More informationRamnish Singh IT Advisor Microsoft Corporation Session Code:
Ramnish Singh IT Advisor Microsoft Corporation Session Code: Agenda Microsoft s Identity and Access Strategy Geneva Claims Based Access User access challenges Identity Metasystem and claims solution Introducing
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationSingle Sign-On (SSO)Technical Specification
Single Sign-On (SSO)Technical Specification Audience: Business Stakeholders IT/HRIS Table of Contents Document Version Control:... 3 1. Overview... 4 Summary:... 4 Acronyms and Definitions:... 4 Who Should
More informationCA SiteMinder Federation
CA SiteMinder Federation Partnership Federation Guide 12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationOracle Utilities Opower Energy Efficiency Web Portal - Classic Single Sign-On
Oracle Utilities Opower Energy Efficiency Web Portal - Classic Single Sign-On Configuration Guide E84772-01 Last Update: Monday, October 09, 2017 Oracle Utilities Opower Energy Efficiency Web Portal -
More informationMorningstar ByAllAccounts SAML Connectivity Guide
Morningstar ByAllAccounts SAML Connectivity Guide 2018 Morningstar. All Rights Reserved. AccountView Version: 1.55 Document Version: 1 Document Issue Date: May 25, 2018 Technical Support: (866) 856-4951
More informationArchitecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World
Technology for a Changing World Architecture Assessment Case Study Single Sign on Approach Document PROBLEM: Existing portal has Sign on Capabilities based on the SQL Server database and it s not having
More informationPingFederate 6. Getting Started
PingFederate 6 Getting Started 2009 Ping Identity Corporation. All rights reserved. Part Number 3007-398 Version 6.0 April, 2009 Ping Identity Corporation 1099 18th Street, Suite 2950 Denver, CO 80202
More informationSAML 2.0 SSO Extension for Dynamically Choosing Attribute Values
SAML 2.0 SSO Extension for Dynamically Choosing Attribute Values Authors: George Inman University of Kent g.inman@kent.ac.uk David Chadwick University of Kent d.w.chadwick@kent.ac.uk Status of This Document
More informationNew trends in Identity Management
New trends in Identity Management Peter Gietz, DAASI International GmbH peter.gietz@daasi.de Track on Research and Education Networking in South East Europe, Yu Info 2007, Kopaionik, Serbia 14 March 2007
More informationNetScaler Automa.on USING POWERSHELL TO TALK NITRO
NetScaler Automa.on USING POWERSHELL TO TALK NITRO Tweet about this session with hashtags #syn325 and #citrixsynergy Stock Image Comp 2 About Esther 20 years of Technical Consulting Solutions Architect
More informationCA Adapter. Installation and Configuration Guide for Windows. r2.2.9
CA Adapter Installation and Configuration Guide for Windows r2.2.9 This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationIBM IBM IBM Tivoli Federated Identity Manager V6.1. Practice Test. Version
IBM 000-891 IBM 000-891 IBM Tivoli Federated Identity Manager V6.1 Practice Test Version 1.1 QUESTION NO: 1 IBM 000-891: Practice Exam Which protocol supports only PULL Single Sign-On (SSO)? A. SAML V2.0
More informationSAML Authentication with Pulse Connect Secure and Pulse Secure Virtual Traffic Manager
SAML Authentication with Pulse Connect Secure and Pulse Secure Virtual Traffic Manager Deployment Guide Published 14 December, 2017 Document Version 1.0 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San
More informationQuick Start Guide for SAML SSO Access
Quick Start Guide Quick Start Guide for SAML SSO Access Cisco Unity Connection SAML SSO 2 Introduction 2 Understanding Service Provider and Identity Provider 2 Understanding SAML Protocol 3 SSO Mode 4
More informationZendesk Connector. Version 2.0. User Guide
Zendesk Connector Version 2.0 User Guide 2015 Ping Identity Corporation. All rights reserved. PingFederate Zendesk Connector Quick Connection Guide Version 2.0 November, 2015 Ping Identity Corporation
More informationEnterSpace Data Sheet
EnterSpace 7.0.4.3 Data Sheet ENTERSPACE BUNDLE COMPONENTS Policy Engine The policy engine is the heart of EnterSpace. It evaluates digital access control policies and makes dynamic, real-time decisions
More informationThe Business of Identity: Business Drivers and Use Cases of Identity Web Services
The Business of Identity: Business Drivers and Use Cases of Identity Web Services Roger Sullivan, Vice President, Liberty Alliance Vice President, Oracle Corporation Liberty s Architecture Liberty Identity
More informationCA CloudMinder. SSO Partnership Federation Guide 1.51
CA CloudMinder SSO Partnership Federation Guide 1.51 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationSAML v2.0 Guide. / ForgeRock Access Management 6. Latest update:
SAML v2.0 Guide / ForgeRock Access Management 6 Latest update: 6.0.0.4 ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA +1 415-599-1100 (US) www.forgerock.com Copyright 2011-2018 ForgeRock
More informationSentinet for BizTalk Server SENTINET
Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and API Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication
More informationMozy. Implementing with Federated Identity
Mozy Implementing with Federated Identity Preface 2017 Mozy, Inc. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished
More informationAll about SAML End-to-end Tableau and OKTA integration
Welcome # T C 1 8 All about SAML End-to-end Tableau and OKTA integration Abhishek Singh Senior Manager, Regional Delivery Tableau Abhishek Singh Senior Manager Regional Delivery asingh@tableau.com Agenda
More informationWeb Access Management Token Translator. Version 2.0. User Guide
Web Access Management Token Translator Version 2.0 User Guide 2014 Ping Identity Corporation. All rights reserved. PingFederate Web Access Management Token Translator User Guide Version 2.0 August, 2014
More informationBox Connector. Version 2.0. User Guide
Box Connector Version 2.0 User Guide 2016 Ping Identity Corporation. All rights reserved. PingFederate Box Connector User Guide Version 2.0 March, 2016 Ping Identity Corporation 1001 17th Street, Suite
More informationUnified Communications Manager Version 10.5 SAML SSO Configuration Example
Unified Communications Manager Version 10.5 SAML SSO Configuration Example Contents Introduction Prerequisites Requirements Network Time Protocol (NTP) Setup Domain Name Server (DNS) Setup Components Used
More informationSAML v2.0 Guide. ForgeRock Access Management 5.5. ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA (US)
SAML v2.0 Guide ForgeRock Access Management 5.5 ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA +1 415-599-1100 (US) www.forgerock.com Copyright 2011-2017 ForgeRock AS. Abstract Guide
More informationQuick Connection Guide
WebEx Connector Version 1.0.1 Quick Connection Guide 2014 Ping Identity Corporation. All rights reserved. PingFederate WebEx Connector Quick Connection Guide Version 1.0.1 March, 2014 Ping Identity Corporation
More informationJBoss DNA. Randall Hauch Principal Software Engineer JBoss Data Services
JBoss DNA Randall Hauch Principal Software Engineer JBoss Data Services 1 JBoss DNA New project A few months old http://labs.jboss.org/dna Prior repository experience and IP MetaMatrix Repository Drools
More informationFederated Authentication with Web Services Clients
Federated Authentication with Web Services Clients in the context of SAML based AAI federations Thomas Lenggenhager thomas.lenggenhager@switch.ch Mannheim, 8. March 2011 Overview SAML n-tier Delegation
More informationDEPLOYING MULTI-TIER APPLICATIONS ACROSS MULTIPLE SECURITY DOMAINS
DEPLOYING MULTI-TIER APPLICATIONS ACROSS MULTIPLE SECURITY DOMAINS Igor Balabine, Arne Koschel IONA Technologies, PLC 2350 Mission College Blvd #1200 Santa Clara, CA 95054 USA {igor.balabine, arne.koschel}
More informationIDENTITY MANAGEMENT AND FEDERATION BC.Net Conference April 25, 2006
IDENTITY MANAGEMENT AND FEDERATION BC.Net Conference April 25, 2006 Lauren Wood Senior Technical Program Manager Business Alliances, CTO Office Sun Microsystems Alex Acton Software Specialist Client Solutions
More informationNetScaler Automa.on USING PUPPET TO TALK NITRO
NetScaler Automa.on USING PUPPET TO TALK NITRO About Esther 15+ years of Technical Consulting Senior Consultant at PepperByte MSc Computer Science Design Implement Troubleshooting Small Large infrastructures
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationFrom UseCases to Specifications
From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect, Global Software Practice Sun Microsystems Why Identity Related Services? Identity-enabling: Exposes identity
More informationOAM Integration Kit. Version 3.0. User Guide
OAM Integration Kit Version 3.0 User Guide 2016 Ping Identity Corporation. All rights reserved. PingFederate OAM Integration Kit User Guide Version 3.0 May, 2016 Ping Identity Corporation 1001 17th Street,
More informationServices Specifications: Realizing New Business Capabilities
Services Specifications: Realizing New Business Capabilities 1 Liberty Alliance Workshop Santa Clara, CA, March 10, 2008 (sampo@symlabs.com) 1. Introduction and agenda 2 (sampo@symlabs.com) - Speaking
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationMulG-Vendor Key Management with KMIP
MulG-Vendor Key Management with KMIP Tim Hudson CTO Cryptso2 tjh@cryptso2.com GS13A 19-May-2016 1:35pm Key Management 1000011010100100101100101010000010101000101001101001111010001100 Key Management Standards
More informationManage SAML Single Sign-On
SAML Single Sign-On Overview, page 1 Opt-In Control for Certificate-Based SSO Authentication for Cisco Jabber on ios, page 1 SAML Single Sign-On Prerequisites, page 2, page 3 SAML Single Sign-On Overview
More informationU.S. E-Authentication Interoperability Lab Engineer
Using Digital Certificates to Establish Federated Trust chris.brown@enspier.com U.S. E-Authentication Interoperability Lab Engineer Agenda U.S. Federal E-Authentication Background Current State of PKI
More informationAuthentication. Katarina
Authentication Katarina Valalikova @KValalikova k.valalikova@evolveum.com 1 Agenda History Multi-factor, adaptive authentication SSO, SAML, OAuth, OpenID Connect Federation 2 Who am I? Ing. Katarina Valaliková
More informationSAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1)
SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1) First Published: 2017-08-31 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706
More informationNot just an App. Server
Israel JBoss User Group Session 01 / 16.3.2006 JBoss Not just an App. Server By : Lior Kanfi Tikal Hosted by Tikal. w w w. t i k a l k. c o m Cost-Benefit Open Source Agenda Introduction» The problem domain
More informationCONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE
GUIDE MARCH 2019 PRINTED 28 MARCH 2019 CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE VMware Workspace ONE Table of Contents Overview Introduction Audience AD FS
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationEntrust Identification Server 7.0. Entrust Entitlements Server 7.0. Administration Guide. Document issue: 1.0. Date: June 2003
Identification Server 7.0 Entitlements Server 7.0 Administration Guide Document issue: 1.0 Date: June 2003 2003. All rights reserved. is a trademark or a registered trademark of, Inc. in certain countries.
More informationCA SiteMinder. Federation Manager Guide: Legacy Federation. r12.5
CA SiteMinder Federation Manager Guide: Legacy Federation r12.5 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationOATH : An Initiative for Open AuTHentication
OATH : An Initiative for Open AuTHentication Who Are You Really Doing Business With? 2 Oath Proprietary Confidential The New York Magazine, July 5, 1993, Peter Steiner, The Economic Promise of e-business
More information