Integration of N-tiers application
|
|
- Brenda Brown
- 6 years ago
- Views:
Transcription
1 Integration of N-tiers application Using CAS Single Sign On system a webmail application, Horde K.U.Leuven Association velpi@groupt.be
2 2
3 Introducing CAS Proxy CAS login scenario Implementing proxy CAS Beyond... 3
4 Introducing CAS: the project Originally developed by Yale University JA-SIG project since December
5 Introducing CAS: the technology Originally open-source WebISO Loosely based on Kerberos *model* Server: Java & Spring framework Client: lots of implementations + libs available ( source) velpi@groupt.be 5
6 Introducing CAS: the protocol XML 6
7 Introducing CAS: N-tiers Proxy CAS 7
8 Proxy CAS: the problem space Passwords are passing all clients Credentials have to be cached Caching has to be done in plain text 8
9 Proxy CAS: a solution One-time passwords Passwords are replaced by tickets One-time=request new for next authn velpi@groupt.be 9
10 Introducing CAS Proxy CAS login scenario Implementing proxy CAS Beyond... 10
11 login scenario BROWSER: cookies enabled BROWSER 11
12 login scenario CAS SERVER CAS: a trusted arbiter of authenticity BROWSER velpi@groupt.be 12
13 login scenario CAS SERVER Performance enhancement IMAP PROXY Horde / IMP phpcas CLIENT Service: webapp that authenticates users via CAS Proxy: service that wants to access other services on behalf of a particular user BROWSER velpi@groupt.be 13
14 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY Target (back-end service): service that accepts proxied credentials from at least one particular proxy Horde / IMP phpcas CLIENT BROWSER velpi@groupt.be 14
15 login scenario: the players CAS: a trusted arbiter of authenticity Service: webapp that authenticates users via CAS Proxy: service that wants to access other services on behalf of a particular user Target (back-end service): service that accepts proxied credentials from at least one particular proxy CAS Horde IMP IMAP velpi@groupt.be 15
16 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY Horde / IMP phpcas CLIENT BROWSER velpi@groupt.be 16
17 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY Horde / IMP phpcas CLIENT (PHP-SESSION) HTTP REQ BROWSER velpi@groupt.be 17
18 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY (+TGC) Horde / IMP phpcas CLIENT S1 (PHP-SESSION) HTTP REQ BROWSER velpi@groupt.be 18
19 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY (+TGC) (LOGIN PAGE) (LT) (LT) (CREDENTIALS) Horde / IMP phpcas CLIENT S1 (PHP-SESSION) HTTP REQ BROWSER velpi@groupt.be 19
20 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY Horde / IMP phpcas CLIENT S1 (PHP-SESSION) HTTP REQ (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 20
21 login scenario: Credentials OR TicketGrantingCookie (TGC) response Redirect to: eg TICKET=ST m09bXdf770aEJfq9VsotayLh6OyE0MoovLM-20 21
22 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY Horde / IMP phpcas CLIENT S1 (PHP-SESSION) HTTP REQ (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 22
23 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) HTTP REQ (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 23
24 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) PGT PGTIOU HTTP REQ (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 24
25 login scenario: ServiceTicket (ST) validation 1/2 CAS server requests: eg PGT=TGT m09bXdf770aEJfq9VsotayLh6OyE0MoovLM-20 25
26 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) PGT PGTIOU HTTP REQ (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 26
27 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) PGT PGTIOU HTTP REQ NETID PGTIOU (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 27
28 login scenario: ServiceTicket (ST) validation 2/2 <cas:serviceresponse xmlns:cas=' <cas:authenticationsuccess> <cas:user>netid</cas:user> <cas:proxygrantingticket>pgtiou</cas:proxygrantingticket> </cas:authenticationsuccess> </cas:serviceresponse> 28
29 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) PGT PGTIOU HTTP REQ NETID PGTIOU (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 29
30 login scenario IMAP SERVER PAM PAM_CAS PT CAS SERVER IMAP PROXY S2 PGT Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) PGT PGTIOU HTTP REQ NETID PGTIOU (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 30
31 login scenario: ProxyGrantingTicket (PGT) response <cas:serviceresponse xmlns:cas=' <cas:proxysuccess> <cas:proxyticket>pt</cas:proxyticket> </cas:proxysuccess> </cas:serviceresponse> 31
32 login scenario IMAP SERVER PAM PAM_CAS PT CAS SERVER IMAP PROXY S2 PGT Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) PGT PGTIOU HTTP REQ NETID PGTIOU (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 32
33 login scenario IMAP SERVER PAM PAM_CAS PT CAS SERVER PT NETID (PT) NETID IMAP PROXY S2 PGT Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) PGT PGTIOU HTTP REQ NETID PGTIOU (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 33
34 login scenario IMAP SERVER PAM PAM_CAS PT CAS SERVER PT NETID (PT) NETID IMAP PROXY S2 PGT Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) PGT PGTIOU HTTP REQ NETID PGTIOU (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 34
35 login scenario IMAP SERVER =? PAM PAM_CAS PT S2 NETID S1(proxy[]) PT CAS SERVER PT NETID (PT) NETID IMAP PROXY S2 PGT Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) PGT PGTIOU HTTP REQ NETID PGTIOU (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 35
36 login scenario: ProxyTicket (PT) validation <cas:serviceresponse xmlns:cas=' <cas:authenticationsuccess> <cas:user>netid</cas:user> <cas:proxygrantingticket>pgtiou</cas:proxygrantingticket> <cas:proxies> <cas:proxy>proxy1</cas:proxy> <cas:proxy>proxy2</cas:proxy>... </cas:proxies> </cas:authenticationsuccess> </cas:serviceresponse> 36
37 login scenario IMAP SERVER =? PAM PAM_CAS PT S2 NETID S1(proxy[]) PT CAS SERVER PT NETID (PT) NETID IMAP PROXY S2 PGT Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) PGT PGTIOU HTTP REQ NETID PGTIOU (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 37
38 login scenario IMAP SERVER =? PAM PAM_CAS PT S2 NETID S1(proxy[]) PT CAS SERVER persistent connection IMAP PROXY imap PT NETID (PT) NETID S2 PGT Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) PGT PGTIOU HTTP REQ NETID PGTIOU (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) velpi@groupt.be 38
39 login scenario IMAP SERVER =? PAM PAM_CAS PT S2 NETID S1(proxy[]) PT CAS SERVER persistent connection IMAP PROXY imap PT NETID (PT) NETID S2 PGT Horde / IMP phpcas CLIENT pgt-url ok? ST S1 S1 PGT-URL (PHP-SESSION) PGT PGTIOU HTTP REQ NETID PGTIOU (+TGC) (LT) (LOGIN PAGE) (CREDENTIALS) (LT) ST BROWSER (SET TGC) HTTP RESP PHP-SESSION velpi@groupt.be 39
40 login scenario IMAP SERVER PAM PAM_CAS CAS SERVER IMAP PROXY PT imap NETID persistent connection Horde / IMP phpcas CLIENT (PHP-SESSION) HTTP REQ BROWSER HTTP RESP PHP-SESSION velpi@groupt.be 40
41 login scenario IMAP SERVER =? PAM PAM_CAS PT S2 NETID S1(proxy[]) PT CAS SERVER persistent connection IMAP PROXY imap PT NETID PT NETID S2 PGT Horde / IMP phpcas CLIENT (PHP-SESSION) HTTP REQ BROWSER HTTP RESP PHP-SESSION velpi@groupt.be 41
42 Tickets... LT: Login Ticket timeout for login page: if user typed password but didn't press login TGC: Ticket Granting Cookie browser cookie CAS-server: Single Sign On (https; host scope!) ST: Service Ticket CAS->service using browser get, user+service specific, validated PGT: Proxy Granting Ticket CAS->service directly using https, user+service specific PGTIOU: Proxy Granting Ticket IOU also sent PGT so webapp can correlate netid PT: Proxy Ticket CAS->proxy->backend ~ password, user(+proxy)+service2 specific velpi@groupt.be 42
43 Introducing CAS Proxy CAS login scenario Implementing proxy CAS Beyond... 43
44 Implementing proxy CAS IMAPPROXY => standard :) & absolutely necessary now IMAP: pam enabled => pam_cas standard pam; openssl dependency Apache/horde/IMP => phpcas+glue code; Apache CAS trust phpcas client library using ESUP glue-code 44
45 Implementing: IMAPPROXY (IMAPPROXY+) ~0min Requires no changes :) Keeps the IMAP connection alive and checks if PT ( password ) is still the same using a hash => PT replayed to local IMAPPROXY velpi@groupt.be 45
46 Implementing: IMAP&pam_cas Compile it: pam_cas.so needs: pam devel, openssl devel Configure it: pam_cas.conf needs to trust CA cert of CAS-server! Enable it: /etc/pam.d/imap 46
47 Implementing: IMAP&pam_cas /etc/pam.d/imap auth sufficient /lib/security/pam_cas.so -simap://localhost -f/etc/security/pam_cas.conf options: -s serviceid -e excludeuser -f configurationfile (IMAP+) ~2h required: this really has to be ok, though pam continues to check the other modules requisite: if this is not ok, it's not ok and do not continue checking the others sufficient: if this is ok, it's ok and do not continue checking the others optional: only decides if no other flags decided before or after You'll probably want to chain pam_cas pam_unix, pam_ldap,... pam_cas only tries validation on ticket-shaped passwords (eg PT-1-nFBuJY5SdWiuSvb3BPxn) this might be someone's real password ;) but that's unlikely => put pam_cas first as sufficient or last as required/requisite, depending on setup 47
48 Implementing: Apache--CAS (SSL+) ~5min Apache/PHP that powers Horde (curl lib) checks hostname-certificate of CAS-server Reason: ST validation,pt requests (w PGT) Note: CURLOPT_SSL_VERIFYPEER is set to 0 in client.php, you may want to change that, but then you need a tiny adjustment in apache conf (mod_ssl): httpd.conf SSLCertificateFile /etc/pki/myhordeserver.pem SSLCertificateChainFile /etc/pki/ca_cert.pem #added for the trust mechanism---- SSLCACertificateFile /etc/pki/ca_cert.pem #----added velpi@groupt.be 48
49 Implementing: Apache--CAS IMPORTANT NOTE (proxy CAS only): CAS-server also needs to trust certificate of Apache/PHP Reason: PGT sent in request by CAS-server Ok: Java truststore (cacerts) contains CA's If using a self-signed cert at apache (not good!) or unknown CA: $ keytool -import -trustcacerts -alias "sensible-name-for-ca" -file CAcert.crt -keystore $JAVA_HOME/lib/security/cacerts (default pwd=changeme) (SSL+) ~0min velpi@groupt.be 49
50 Implementing: Horde3/IMP4 install phpcas cp -r source/cas/* $HORDE_DIR/lib/CAS/ install glue-code (from ESUP package) cp $CAS_DIR/cas.php $HORDE_DIR/lib/Horde/Auth/ cp $CAS_DIR/casProxy.php $HORDE_DIR/ patch Horde&IMP imp/lib/imap.php: to fetch new PT if needed config/conf.xml: easy admin configuration [recommended] config/hooks.php: _cas_hook_authorisation() to a backend (Horde+) ~4h velpi@groupt.be 50
51 IMAP SERVER IMAP PROXY Implementing PAM (IMAP+) PAM_CAS ~2h compile,install,configure (IMAPPROXY+) ~0min CAS SERVER configure if using allowedservices Horde / IMP phpcas CLIENT (Horde+) ~4h install, patch, configure BROWSER velpi@groupt.be 51
52 Implementing proxy CAS CAS Server: 1-2days, fully operational (excl Java, Spring, auth backend) regular CAS client: ½ day... (excl knowing the technology of the application) Proxy CAS client: ½ week... BUT ALSO 52
53 Implementing: the catch... Think about everything that can go wrong when using SSL and add some Distributed systems & knowledge eg: case insensitive login at the CAS server but not proxy, firewalls... Multiple technologies & knowledge 53
54 Implementing: the beauty... Multiple deployments since 2006 K.U.Leuven: 2 front-end Horde web-servers (Apache) 4 backend mail-servers (UW-IMAP on AIX) ~40000 users (total) ~40000/d webmail logins ~60000/d portlet logins No stability issues so far... velpi@groupt.be 54
55 Introducing CAS Proxy CAS login scenario Implementing proxy CAS Beyond... 55
56 Beyond...: portals & webservices portlet/building block for Blackboard <create your own client>: various libs Webservices
57 Beyond...: SAML CAS supports 1-tier SAML1.1/2.0 (Google) PAML: Pluggable Authentication Mod-AML? KAML: IETF Kerberos-SAML discussions 57
58 Introducing CAS Proxy CAS login scenario Implementing proxy CAS? Beyond... References:
How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT
How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT Ta Table of Contents Table of Contents TA TABLE OF CONTENTS 1 TABLE OF CONTENTS 1 BACKGROUND 2 CONFIGURATION STEPS 2 Create a SSL
More informationOpen Source in the Corporate World. Open Source. Single Sign On. Erin Mulder
Open Source in the Corporate World Open Source Single Sign On Erin Mulder Agenda Introduction Single Sign On for Multiple s Shared directory (e.g. OpenLDAP) Proxy systems (e.g. Yale CAS) X.509 certificates
More informationAuthentication for Web Services. Ray Miller Systems Development and Support Computing Services, University of Oxford
Authentication for Web Services Ray Miller Systems Development and Support Computing Services, University of Oxford Overview Password-based authentication Cookie-based authentication
More informationKerberos and Single Sign On with HTTP
Kerberos and Single Sign On with HTTP Joe Orton Red Hat Overview Introduction The Problem Current Solutions Future Solutions Conclusion Introduction WebDAV: common complaint of poor support for authentication
More informationOkta Integration Guide for Web Access Management with F5 BIG-IP
Okta Integration Guide for Web Access Management with F5 BIG-IP Contents Introduction... 3 Publishing SAMPLE Web Application VIA F5 BIG-IP... 5 Configuring Okta as SAML 2.0 Identity Provider for F5 BIG-IP...
More informationIdentity Provider for SAP Single Sign-On and SAP Identity Management
Implementation Guide Document Version: 1.0 2017-05-15 PUBLIC Identity Provider for SAP Single Sign-On and SAP Identity Management Content 1....4 1.1 What is SAML 2.0.... 5 SSO with SAML 2.0.... 6 SLO with
More informationSAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites
SAML 2.0 SSO Agiloft integrates with a variety of SAML authentication providers, or Identity Providers (IdPs). SAML-based SSO is a leading method for providing federated access to multiple applications
More informationLotus IBM WebShere Portal 6 Deployment and Administration.
Lotus 190-825 IBM WebShere Portal 6 Deployment and Administration http://killexams.com/exam-detail/190-825 QUESTION: 131 While managing your Portal environment, you chose to externalize the access control
More informationSpotfire Security. Peter McKinnis July 2017
Spotfire Security Peter McKinnis July 2017 Outline Authentication in Spotfire Spotfire Server 7.9 Sites Feature and Authentication Authorization in Spotfire Data Security Spotfire Statistics Services Security
More informationJohn Heimann Director, Security Product Management Oracle Corporation
John Heimann Director, Security Product Management Oracle Corporation Oracle9i Application Server v2 Security What s an Application Server? Development and deployment environment Web(HTML,XML,SOAP) J2EE
More information1Integrate for ArcGIS Installation Guide. Server Edition
1Integrate for ArcGIS Installation Guide Server Edition Product version: v 2.1 Document version: v 1.9 Document date: 03/08/2018 Copyright 2018 1Spatial plc and its affiliates. All rights reserved. Other
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationOIOIDWS Integration testing
1 of 6 07-09-2010 16:39 OIOIDWS Integration testing This document describes how to install and configure the OIOIDWS components and run a few manual tests based on them. The test setup consists of the
More informationHow to Configure Mutual Authentication using X.509 Certificate in SMP SAP Mobile Platform (3.X)
How to Configure Mutual Authentication using X.509 Certificate in SMP SAP Mobile Platform (3.X) Author: Ali Chalhoub Global Support Architect Engineer Date: July 2, 2015 Document History: Document Version
More informationHow SSL works with Middle Tier Oracle HTTP Server:
Enabling SSL in Oracle E-Business Suite Release 12 The most significant change for Secure Sockets Layer (SSL) support in E-Business Suite Release 12 is the use of the mod_ossl module for the Oracle HTTP
More informationSAS Viya 3.3 Administration: Authentication
SAS Viya 3.3 Administration: Authentication Authentication: Overview...................................................................... 1 Authentication: How To........................................................................
More informationSETTING UP ORACLE ULTRA SEARCH FOR ORACLE PORTAL 10G (10.1.4)
Oracle Application Server Portal Technical Note SETTING UP ORACLE ULTRA SEARCH FOR ORACLE PORTAL 10G (10.1.4) November 2005 INTRODUCTION This Technical Note describes how to setup up and configure Oracle
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationSecurity Guide. Configuration of Permissions
Guide Configuration of Permissions 1 Content... 2 2 Concepts of the Report Permissions... 3 2.1 Security Mechanisms... 3 2.1.1 Report Locations... 3 2.1.2 Report Permissions... 3 2.2 System Requirements...
More informationBitnami ProcessMaker Community Edition for Huawei Enterprise Cloud
Bitnami ProcessMaker Community Edition for Huawei Enterprise Cloud Description ProcessMaker is an easy-to-use, open source workflow automation and Business Process Management platform, designed so Business
More informationAssuming you have Icinga 2 installed properly, and the API is not enabled, the commands will guide you through the basics:
Icinga 2 Contents This page references the GroundWork Cloud Hub and the Icinga 2 virtualization environment. 1.0 Prerequisites 1.1 Enable the API The Icinga 2 system you run needs to have the API feature
More informationmaxecurity Product Suite
maxecurity Product Suite Domain Administrator s Manual Firmware v2.2 ii Table of Contents BASICS... 1 Understanding how maxecurity products work in your company... 1 Getting started as a Domain Administrator...
More informationGoogle Apps Integration
Google Apps Integration Contents 1 Using Swivel for Google Apps Authentication 2 Prerequisites 3 Google SSO 4 Swivel and Google Apps 5 User Experience 6 Install the Swivel Google software 7 Create private
More informationScan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 02/18/2018 Scan expiration date: 05/19/2018 Part 2. Component
More informationApache Security with SSL Using FreeBSD
Apache Security with SSL Using FreeBSD cctld Workshop February 14, 2007 Hervey Allen Network Startup Resource Center Some SSL background Invented by Netscape for secure commerce. Only available using Netscape
More informationHow to social login with Aruba controller. Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00
Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00 Overview This short document describes the basic setup for social login using Aruba ClearPass and Aruba wireless LAN controller. Aruba ClearPass, version
More informationPROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH THE WEB AS A DISTRIBUTED SYSTEM 2 WEB HACKING SESSION 3 3-TIER persistent
More informationIBM LOT-825. IBM WebSphere Portal 6 Deployment and(r) Administration.
IBM LOT-825 IBM WebSphere Portal 6 Deployment and(r) Administration http://killexams.com/exam-detail/lot-825 QUESTION: 97 Your LDAP configuration must support users to login to Portal with their Internet
More informationBIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1
BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 13.1 Table of Contents Table of Contents Authentication Concepts... 15 About AAA server support... 15 About AAA high availability
More informationxcp 2.0 SSO Integrations RAJAKUMAR THIRUVASAGAM
xcp 2.0 SSO Integrations RAJAKUMAR THIRUVASAGAM Contents Overview... 4 General Information... 5 Kerberos Integration... 6 Snapshots... 6 Demo Environment... 7 Setup Instructions... 7 Kerberos setup...
More informationPractical Exercise: Smartcard-based authentication in HTTP
MIECT: Security 2015-16 Practical Exercise: Smartcard-based authentication in HTTP November 24, 2015 Due date: no date Changelog v1.0 - Initial Version. 1 Introduction Smartcards can be used to authenticate
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationTRAINING GUIDE. Tablet: Cradle to Mobile Configuration and Setup
TRAINING GUIDE Tablet: Cradle to Mobile Configuration and Setup Tablet Cradle to Mobile The Lucity Android Tablet and Lucity ios applications have been designed to work under the same framework as the
More informationScan Report Executive Summary
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 11/20/2017 Scan expiration date: 02/18/2018 Part 2. Component
More informationdjango-mama-cas Documentation
django-mama-cas Documentation Release 2.4.0 Jason Bittel Oct 06, 2018 Contents 1 Contents 3 1.1 Installation................................................ 3 1.2 Settings..................................................
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationVMware Identity Manager Connector Installation and Configuration (Legacy Mode)
VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until
More informationBefore the first run of a node, it is recommended to check the settings of the embedded database for better performances.
Node settings Before the first run of a node Database configuration Other settings SSL cipher suites and protocols configuration Modify the granularity of evolution of the Time Machine latest knowledge
More informationU.S. E-Authentication Interoperability Lab Engineer
Using Digital Certificates to Establish Federated Trust chris.brown@enspier.com U.S. E-Authentication Interoperability Lab Engineer Agenda U.S. Federal E-Authentication Background Current State of PKI
More informationTechnical Background Information
Technical Background Information Ueli Kienholz, SWITCH Rolf Gartmann, SWITCH Claude Lecommandeur, EPFL December 2, 2002 2002 SWITCH PAPI Rolf Gartmann, SWITCH Security Group December 2, 2002 2002 SWITCH
More informationBitnami Dolibarr for Huawei Enterprise Cloud
Bitnami Dolibarr for Huawei Enterprise Cloud Description Dolibarr is an open source, free software package for small and medium companies, foundations or freelancers. It includes different features for
More informationAn internal CA that is part of your IT infrastructure, like a Microsoft Windows CA
Purpose This document will describe how to setup to use SSL/TLS to provide encrypted connections to the. This document can also be used as an initial point for troubleshooting SSL/TLS connections. Target
More informationEnabling Secure Sockets Layer for a Microsoft SQL Server JDBC Connection
Enabling Secure Sockets Layer for a Microsoft SQL Server JDBC Connection Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser.
More informationBitnami Open Atrium for Huawei Enterprise Cloud
Bitnami Open Atrium for Huawei Enterprise Cloud Description Open Atrium is designed to help teams collaborate by providing an intranet platform that includes a blog, a wiki, a calendar, a to do list, a
More informationVMware Tunnel Guide for Windows Installing the VMware Tunnel for your AirWatch environment
VMware Tunnel Guide for Windows Installing the VMware Tunnel for your AirWatch environment AirWatch v9.1 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard
More information4.2. Authenticating to REST Services. Q u i c k R e f e r e n c e G u i d e. 1. IdentityX 4.2 Updates
4.2 Authenticating to REST Services Q u i c k R e f e r e n c e G u i d e In IdentityX 4.1, REST services have an authentication and signing requirement that is handled by the IdentityX REST SDKs. In order
More informationOn-demand target, up and running
On-demand target, up and running ii On-demand target, up and running Contents Chapter 1. Assumptions........ 1 Chapter 2. Overview......... 3 Chapter 3. Component purpose.... 5 Chapter 5. Starting a session
More informationENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017
ENTRUST CONNECTOR Installation and Configuration Guide Version 0.5.1 April 21, 2017 2017 CygnaCom Solutions, Inc. All rights reserved. Contents What is Entrust Connector... 4 Installation... 5 Prerequisites...
More informationHow to Configure Guest Access with the Ticketing System
How to Configure Guest Access with the Ticketing System Set up a login or ticketing system to temporarily grant access to guest users. Ticketing admins assign guest tickets to the users. The user credentials
More informationGSI Online Credential Retrieval Requirements. Jim Basney
GSI Online Credential Retrieval Requirements Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Online Credential Retrieval Defined Client Server Authenticate Request Credential Verify
More informationVMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager
VMware Identity Manager Cloud Deployment Modified on 01 OCT 2017 VMware Identity Manager You can find the most up-to-date technical documentation on the VMware Web site at: https://docs.vmware.com/ The
More informationVMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager
VMware Identity Manager Cloud Deployment DEC 2017 VMware AirWatch 9.2 VMware Identity Manager You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationDoD Common Access Card Authentication. Feature Description
DoD Common Access Card Authentication Feature Description UPDATED: 20 June 2018 Copyright Notices Copyright 2002-2018 KEMP Technologies, Inc. All rights reserved. KEMP Technologies and the KEMP Technologies
More informationDevelop and test Web authentication with containers
Develop and test Web authentication with containers Jan Pazdziora Sr. Principal Software Engineer Identity Management Engineering, Red Hat jpazdziora@redhat.com 11 th October 2016 Authentication in Web
More informationNovell Access Manager
Setup Guide AUTHORIZED DOCUMENTATION Novell Access Manager 3.1 SP3 February 02, 2011 www.novell.com Novell Access Manager 3.1 SP3 Setup Guide Legal Notices Novell, Inc., makes no representations or warranties
More informationBitnami Tiny Tiny RSS for Huawei Enterprise Cloud
Bitnami Tiny Tiny RSS for Huawei Enterprise Cloud Description Tiny Tiny RSS is an open source web-based news feed (RSS/Atom) reader and aggregator, designed to allow you to read news from any location,
More informationInstallation Guide for antegma accallio OX Version 1.0
Installation Guide for antegma accallio OX 1.0.0 Version 1.0 INSTALLATION VIA PACKAGE MANAGER OF ADOBE EXPERIENCE MANAGER 3 Download of the content package 3 Install content package via AEM Package Manager
More informationHow to Set Up VPN Certificates
For the VPN service, you can use either self-signed certificates or certificates that are generated by an external CA. In this article: Before You Begin Before you set up VPN certificates, verify that
More informationBitnami TestLink for Huawei Enterprise Cloud
Bitnami TestLink for Huawei Enterprise Cloud Description TestLink is test management software that facilitates software quality assurance. It offers support for test cases, test suites, test plans, test
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationIntroduction to application management
Introduction to application management To deploy web and mobile applications, add the application from the Centrify App Catalog, modify the application settings, and assign roles to the application to
More informationBitnami Coppermine for Huawei Enterprise Cloud
Bitnami Coppermine for Huawei Enterprise Cloud Description Coppermine is a multi-purpose, full-featured web picture gallery. It includes user management, private galleries, automatic thumbnail creation,
More informationScan Report Executive Summary
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 08/28/2017 Scan expiration date: 11/26/2017 Part 2. Component
More informationAvaya Aura Experience Portal 7.2 Mobile Web Best Practices Guide Issue 1.0
Avaya Aura Experience Portal 7.2 Mobile Web Best Practices Guide Issue 1.0 Abstract This paper provides information about recommended strategies for deploying Avaya Aura Orchestration Designer Mobile Web
More informationImport Data Connection to an SAP ERP System
Import Data Connection to an SAP ERP System SAP Analytics Cloud allows you to import data from supported versions SAP ERP Central Component. NOTE: It is recommended that the SAP Cloud Platform Cloud Connector
More informationOpen XML Gateway User Guide. CORISECIO GmbH - Uhlandstr Darmstadt - Germany -
Open XML Gateway User Guide Conventions Typographic representation: Screen text and KEYPAD Texts appearing on the screen, key pads like e.g. system messages, menu titles, - texts, or buttons are displayed
More informationConfiguring SAML-based Single Sign-on for Informatica Web Applications
Configuring SAML-based Single Sign-on for Informatica Web Applications Copyright Informatica LLC 2017. Informatica LLC. Informatica, the Informatica logo, Informatica Big Data Management, and Informatica
More informationConfiguring Request Authentication and Authorization
CHAPTER 15 Configuring Request Authentication and Authorization Request authentication and authorization is a means to manage employee use of the Internet and restrict access to online content. This chapter
More informationBitnami DokuWiki for Huawei Enterprise Cloud
Bitnami DokuWiki for Huawei Enterprise Cloud Description DokuWiki is a standards-compliant, simple to use wiki optimized for creating documentation. It is targeted at developer teams, workgroups, and small
More informationQualys SAML 2.0 Single Sign-On (SSO) Technical Brief
Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief Qualys provides its customers the option to use SAML 2.0 Single SignOn (SSO) authentication with their Qualys subscription. When implemented, Qualys
More informationWHITE PAPER. Authentication and Encryption Design
WHITE PAPER Authentication and Encryption Design Table of Contents Introduction Applications and Services Account Creation Two-step Verification Authentication Passphrase Management Email Message Encryption
More informationOCSP Client Tool V2.2 User Guide
Ascertia Limited 40 Occam Road Surrey Research Park Guildford Surrey GU2 7YG Tel: +44 1483 685500 Fax: +44 1483 573704 www.ascertia.com OCSP Client Tool V2.2 User Guide Document Version: 2.2.0.2 Document
More informationVAM. CAS Installer (for 2FA) Value- Added Module (VAM) Deployment Guide
VAM CAS Installer (for 2FA) Value- Added Module (VAM) Deployment Guide Copyright Information 2018. SecureAuth is a registered trademark of SecureAuth Corporation. SecureAuth s IdP software, appliances,
More informationImport Data Connection from an SAP Universe
Import Data Connection from an SAP Universe SAP Analytics Cloud allows you to connect to SAP Universe and import your data. NOTE: It is recommended that the SAP Cloud Platform Cloud Connector (SAP CP CC)
More informationCertificate Properties File Realm
Certificate Properties File Realm {scrollbar} This realm type allows you to configure Web applications to authenticate users against it. To get to that point, you will need to first configure Geronimo
More informationIBM InfoSphere Information Server Single Sign-On (SSO) by using SAML 2.0 and Tivoli Federated Identity Manager (TFIM)
IBM InfoSphere Information Server IBM InfoSphere Information Server Single Sign-On (SSO) by using SAML 2.0 and Tivoli Federated Identity Manager (TFIM) Installation and Configuration Guide Copyright International
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationOverview of Web Services API
CHAPTER 1 The Cisco IP Interoperability and Collaboration System (IPICS) 4.0(x) application programming interface (API) provides a web services-based API that enables the management and control of various
More informationUser Identity Sources
The following topics describe Firepower System user identity sources, which are sources for user awareness. These users can be controlled with identity and access control policies: About, on page 1 The
More informationVMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1
VMware Workspace ONE Quick Configuration Guide VMware AirWatch 9.1 A P R I L 2 0 1 7 V 2 Revision Table The following table lists revisions to this guide since the April 2017 release Date April 2017 June
More informationApache Server Configuration for FLEXCUBE Oracle FLEXCUBE Universal Banking Release [December] [2017]
Apache Server Configuration for FLEXCUBE Oracle FLEXCUBE Universal Banking Release 14.0.0.0.0 [December] [2017] Table of Contents 1. PURPOSE... 1-3 2. INTRODUCTION... 2-4 3. INSTALLATION OF APACHE... 3-5
More informationApplication notes for supporting third-party certificate in Avaya Aura System Manager 6.3.x and 7.0.x. Issue 1.3. November 2017
Application notes for supporting third-party certificate in Avaya Aura System Manager 6.3.x and 7.0.x Issue 1.3 November 2017 THE INFORMATION PROVIDED IN HEREIN IS PROVIDED AS IS WITHOUT ANY EXPRESS OR
More informationArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationAT&T Cloud Web Security Service
AT&T Cloud Web Security Service Troubleshooting Guide Table of Contents 1 Summary... 3 2 Explicit Proxy Access Method... 4 2.1 Explicit Proxy Flow Diagram... 4 3 Proxy Forwarding Access Method... 6 3.1
More informationBitnami OSQA for Huawei Enterprise Cloud
Bitnami OSQA for Huawei Enterprise Cloud Description OSQA is a question and answer system that helps manage and grow online communities similar to Stack Overflow. First steps with the Bitnami OSQA Stack
More informationGenesys Interaction Recording Solution Guide. WebDAV Requirements
Genesys Interaction Recording Solution Guide WebDAV Requirements 11/24/2017 Contents 1 WebDAV Requirements 1.1 Deploying the WebDAV Server 1.2 Configuring TLS for the WebDAV Server 1.3 Next Step Genesys
More informationAuthentication. Katarina
Authentication Katarina Valalikova @KValalikova k.valalikova@evolveum.com 1 Agenda History Multi-factor, adaptive authentication SSO, SAML, OAuth, OpenID Connect Federation 2 Who am I? Ing. Katarina Valaliková
More informationWebthority can provide single sign-on to web applications using one of the following authentication methods:
Webthority HOW TO Configure Web Single Sign-On Webthority can provide single sign-on to web applications using one of the following authentication methods: HTTP authentication (for example Kerberos, NTLM,
More informationOracle Insurance Rules Palette
Oracle Insurance Rules Palette Security Guide Version 10.2.0.0 Document Part Number: E62439-01 August, 2015 Copyright 2009, 2015, Oracle and/or its affiliates. All rights reserved. Trademark Notice Oracle
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationConfiguring Content Authentication and Authorization on Standalone Content Engines
CHAPTER 10 Configuring Content Authentication and Authorization on Standalone Content Engines This chapter describes how to configure content authentication and authorization on standalone Content Engines
More informationBitnami ez Publish for Huawei Enterprise Cloud
Bitnami ez Publish for Huawei Enterprise Cloud Description ez Publish is an Enterprise Content Management platform with an easy to use Web Content Management System. It includes role-based multi-user access,
More informationPKI Cert Creation via Good Control: Reference Implementation
PKI Cert Creation via Good Control: Reference Implementation Legal Notice Copyright 2016 BlackBerry Limited. All rights reserved. All use is subject to license terms posted at http://us.blackberry.com/legal/legal.html.
More informationBitnami Piwik for Huawei Enterprise Cloud
Bitnami Piwik for Huawei Enterprise Cloud Description Piwik is a real time web analytics software program. It provides detailed reports on website visitors: the search engines and keywords they used, the
More informationCreate and Apply Clientless SSL VPN Policies for Accessing. Connection Profile Attributes for Clientless SSL VPN
Create and Apply Clientless SSL VPN Policies for Accessing Resources, page 1 Connection Profile Attributes for Clientless SSL VPN, page 1 Group Policy and User Attributes for Clientless SSL VPN, page 3
More informationSecurity Guide. Configuration of Report and System Permissions
Guide Configuration of Report and System Permissions 1 Content... 2 2 Concepts of the Report Permissions... 2 2.1 Mechanisms... 3 2.1.1 Report Locations... 3 2.1.2 Report Permissions... 3 2.2 System Requirements...
More informationBitnami ERPNext for Huawei Enterprise Cloud
Bitnami ERPNext for Huawei Enterprise Cloud Description ERPNext is an open source, web based application that helps small and medium sized business manage their accounting, inventory, sales, purchase,
More informationManual Owa Exchange 2010 Url Redirect To
Manual Owa Exchange 2010 Url Redirect To Internal Description of the OWA client connectivity flow in an Exchange 2013/2010 coexistence environment. Optional scenario for internal and external OWA clients.
More informationC IBM. IBM WebSphere App Server Network Deployment V8.0- Core Admin
IBM C2180-317 IBM WebSphere App Server Network Deployment V8.0- Core Admin Download Full Version : http://killexams.com/pass4sure/exam-detail/c2180-317 Answer: C QUESTION: 55 A system administrator needs
More information