Directories Services and Single Sign-On for Collaboration
|
|
- Leo Perkins
- 5 years ago
- Views:
Transcription
1
2 Directories Services and Single Sign-On for Collaboration Paulo Jorge Correia BRKUCC-2664
3 Agenda Identity Challenges and Market Analysis SSO Technologies and protocol Deep Dive OAuth Protocol SAML Protocol Identity Management for on-premise Identity Management for WebEx Identity Management for Spark SSO with IDaaS vendors Conclusions and Key Takeaways
4 Identity Challenges and Market Analysis
5 2016 Internet Security Report BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6 Known breaches Breaches don t happen only in Web organisations that mainly target consumers Source net/visualizations/worlds-biggestdata-breaches-hacks/ BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7 Need For Strong Authentication Additional identification steps significantly increases security Username and passwords are no match for today s sophisticated hackers Solution is easy to deploy and easy to use ensuring user adoption Strong Authentication strengthens identity and access security by combining two or more identifiable elements Something you HAVE Something you KNOW Something you ARE BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 7
8 SSO Technologies and Protocol Deep Dive
9 Identity Framework Explicit Initial Trust Agreement IdP Identity Provider RP Relying Party Users BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10 Authentication and Authorisation (AuthN and AuthZ) The process of authorisation is distinct from that of authentication. Whereas authentication is the process of verifying that "you are who you say you are", authorisation is the process of verifying that "you are permitted to do what you are trying to do". When you enter a hotel and walk up to reception, the receptionist authenticates you by checking your passport. Authentication Your room key is your authorisation token to enter your room and any resource that you are entitled in the Hotel Paulo You do not need your passport to enter your room. Your room key authorises you to enter your room only, and not any other rooms. The room key / authorisation token does not identify the holder of the key / token. Authorisation After authentication has taken place, the receptionist gives you a room key. BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 Single Sign-On Definition Single Sign-On (SSO) is a session/user authentication process that permits a user to provide credentials only once in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session. With SSO the barriers for deploying stronger authentication is much lower. BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12 Role of Identity Providers (IdP) Validate who you are? Review personally identifying information to prove you are who you say you are (identity proofing), such as drivers license, passport, or biometric data Assign attributes [(name, role, address] in the identity management system. Validate and transact authentication requests? Verifying that the person seeking access to a resource is the one previously identified and approved by utilising some form of authentication system, often a username and password. BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 Which IdP Does Cisco Supports? Cisco supports any IdP vendor that is compliant with the SAMLv2 Oasis Standard. Internally in our development test cycles, we test our products against selected authentication methods of the follow IdP s : Microsoft Active Directory Federation Services (ADFS) 2.0 Open Access Manager (OpenAM) 11.0 PingFederate BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 OAuth Protocol
15 OAuth 2.0 The OAuth 2.0 authorisation protocol enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. It is an Authorisation protocol Valet key concept Eliminate the need for web sites to ask for passwords when you are accessing to your information. The resource owner authorise a client to access to resources in a server Client can be web app, desktop/phone app, JS in browser BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 OAuth main purpose OAuth provides the ability for these applications to access a user s data securely, without requiring the user to hand over his account password Web applications that use OAuth (over 16,000 API s) auth=oauth A common protocol for handling API authorisation greatly improves the developer experience because it lessens the learning curve required to integrate with a new API BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 SAML Protocol
18 SAML 2.0? The SAML standard is managed by the OASIS Security Services Technical Committee SAML is a protocol specification to use when two servers need to share users identity information. Nothing in the SAML specification provides the actual authentication service, with it we can : Single Sign-On across domains Cookies prevent the need for reauthorisation SSO interoperability between different entities Web Service Security (SAML allows for the exchange of assertions within a SOAP document) Federated Identity (consolidate identities across organisational boundaries) BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 SAML 2.0 SP inititate Flow 5. Authentication Statement 3. SAML request 4. Authenticate method define by IdP IdP Identity Provider 6. SAML Subject passes statement to RP ( this includes any attributes that are requested ) 1. Resource Request 2. Authentication Request RP Relying Party Ex: Spark, WebEx, CUCM, etc. BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 19 19
20 SAML Cookies to Prevent Re-authentication IdP Identity Provider RP Relying Party Ex: CUCM BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 SAML Cookies to Prevent Re-authentication IdP Cookie -> our recommendation for the Session Timer is 48 hours But most of the IdP s issue session base cookies Service Cookie -> Our recommendation for the Session Timer is 30 minutes BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22 SAML 2.0 Cookies to Prevent Re-authentication Cisco Jabber 4. Authentication method define by IdP 3.GET with SAML authentication request Identity Provider IdP Cookie 5. Signed response in hiden HTML form with IdP cookie 1. Resource Request 6. POST signed response 2. Redirect with SAML authentication request CUCM Cookie CUCM 7. Supply resource with cookie BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 SAML 2.0 Cookies to Prevent Re-authentication Cisco Jabber 3.GET with SAML authentication request with IdP Cookie No Authentication needed since IdP Cookie is valid CUCM Cookie IdP Cookie IdP Cookie 4. Signed response in hidden HTML form Identity Provider 5. POST signed response 1. Resource Request 2. Redirect with SAML authentication request 6. Supply resource with cookie WebEx Cookie CUCM Unity Connections WebEx MC BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 SAML Establish Initial Agreement
25 Establish Trust Metadata File exchange IdP Identity Provider Metadata Exchange RP Relying Party Ex: WebEx BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 25
26 Establish Trust CUCM Metadata file Single Cluster always Agreement the CUCM & IM&P cluster IdP Identity Provider With Single Cluster agreement the entityid is Publisher FQDN <?xml version="1.0" encoding="utf-8"?> <md:entitydescriptor entityid="cucm0a.identitylab20.ciscolabs.com" ID="cucm0a.identitylab20.ciscolabs.com" xmlns:md="urn:oasis:names:tc:saml:2.0:metadata"> <md:spssodescriptor protocolsupportenumeration="urn:oasis:names:tc:saml:2.0:protocol" WantAssertionsSigned="false" We don t require for AuthN or AuthnRequestsSigned="false"> <md:keydescriptor use="signing"> signed Assertions but comply <ds:keyinfo xmlns:ds=" to what the IdP requests <ds:x509data> <ds:x509certificate>miigjjcc..</ds:x509certificate> </ds:x509data> </ds:keyinfo> </md:keydescriptor> <md:keydescriptor use="encryption"> We use the Tomcat Multi <ds:keyinfo xmlns:ds=" <ds:x509data> Server SAN for Signing <ds:x509certificate>miigjjcc..</ds:x509certificate> </ds:x509data> </ds:keyinfo> </md:keydescriptor> <md:nameidformat>urn:oasis:names:tc:saml:2.0:nameid-format:transient</md:nameidformat> <md:assertionconsumerservice index="0" Location=" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/> <md:assertionconsumerservice index="1 Location=" URL for the Client to POST the Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/> <md:assertionconsumerservice index="2" answer from the IdP, two per Location=" node in the cluster Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>.. </md:spssodescriptor> </md:entitydescriptor> BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27 Establish Trust CUCM Metadata files Per node Agreement CUCM & IM&P cluster IdP Identity Provider <?xml version="1.0" encoding="utf-8"?> <md:entitydescriptor entityid="cucm0a.identitylab20.ciscolabs.com" ID="cucm0a.identitylab20.ciscolabs.com" xmlns:md="urn:oasis:names:tc:saml:2.0:metadata"> <md:spssodescriptor protocolsupportenumeration="urn:oasis:names:tc:saml:2.0:protocol" WantAssertionsSigned="false" AuthnRequestsSigned="false"> <md:keydescriptor use="signing"> <ds:keyinfo xmlns:ds=" <ds:x509data> <ds:x509certificate>miigjjcc..</ds:x509certificate> </ds:x509data> </ds:keyinfo> </md:keydescriptor> <md:keydescriptor use="encryption"> <ds:keyinfo xmlns:ds=" <ds:x509data> <ds:x509certificate>miigjjcc..</ds:x509certificate> </ds:x509data> </ds:keyinfo> </md:keydescriptor> <md:nameidformat>urn:oasis:names:tc:saml:2.0:nameid-format:transient</md:nameidformat> <md:assertionconsumerservice index="0" Location=" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/> <md:assertionconsumerservice index="1 Location=" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/> <md:assertionconsumerservice index="2" Location=" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>.. </md:spssodescriptor> </md:entitydescriptor> BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 Identity Management for On- Premise
29 Identity Management for WebEx
30 Identity Management for Spark
31 Spark Client Spark Service Common Identity Customer IdP Access to Service Prompt for address, metric service contacted BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 Spark Client Spark Service Common Identity Customer IdP Verify Address BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 32
33 Spark Client Spark Service Common Identity Customer IdP OAuth Server Exchange Go to CI OAuth Server and request a token -> URL for Authentication Server will be provided BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34 Spark Client Spark Service Common Identity Customer IdP Identity Broker Exchange If SSO is enabled, Identity Broker redirect to the IdP. IdP URL was provided in the metadata Exchange, when configured SAML initial agreement BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 Spark Client Spark Service Common Identity Customer IdP HTTP POST Spark will request a SAML assertion from the IdP by doing a SAML HTTP POST 35
36 Spark Client Spark Service Common Identity Customer IdP Authentication Authentication will happen between Operating System Web resource and the IdP BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37 Spark Client Spark Service Common Identity Customer IdP HTTP POST Client does an HTTP POST back to CI with the attributes provided by the IdP and agreed with the initial agreement 37
38 SAML Assertion from IdP to Spark Same Relay state as the SAML request from the Spark <saml2p:response Destination=" f8-22de53230d1e/sp" ID="_ b8068bb78f4cb242ad4f006" InResponseTo="s2e747a3b284812b71ccd8ac1dce98d00cbfa7555b" IssueInstant=" T17:13:22.572Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:saml:2.0:protocol" > <saml2:issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:saml:2.0:assertion" > <saml2p:status> <saml2p:statuscode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </saml2p:status> <saml2:assertion ID="_574a68c9ba c606a48902e50f" IssueInstant=" T17:13:22.572Z" Sucessefull SAML Version="2.0" Assertion xmlns:saml2="urn:oasis:names:tc:saml:2.0:assertion" xmlns:xs=" > <saml2:issuer Format="urn:oasis:names:tc:SAML:2.0:nameidformat:entity"> When the assertion was created <ds:signature xmlns:ds=" <ds:signedinfo> <ds:canonicalizationmethod Algorithm=" /> <ds:signaturemethod Algorithm=" /> <ds:reference URI="#_574a68c9ba c606a48902e50f"> <ds:transforms> <ds:transform Algorithm=" /> <ds:transform Algorithm=" <ec:inclusivenamespaces PrefixList="xs" xmlns:ec=" /> </ds:transform> </ds:transforms> <ds:digestmethod Algorithm=" /> <ds:digestvalue>f4b90sjgqwcrjauycrl7xs2ncdw=</ds:digestvalue> </ds:reference> </ds:signedinfo> <ds:signaturevalue>l0n0sdiaxfyl4eg6sc9jrajnia85a9oj77bftwflk8vcqomtleqtcopc08zxhsdszyw hivi/wfyqjnjninmmda8f7xdfh+qfrhlsbgw0d4wry4qt3xz59ucsgfdwkafy6ou2kqrb5zzracexx/pqyvsrfkl 7zhw83KvU5Wm/hYbaHpI4eu+0lZ/O4Dyr2r7tz/MF/XBipN3IMATQbswiFDtFFlqpFtfnp0mPqSYwgakDG4ZSslCEw O2ateKlI8c2pelKkDOxO1fvbJV8CjykxBV/k8a+GPuxCrl27EP12MN3MZ/VxPgaNiLQeNXS8z3UlO47kN/wYmxfNcQ YEbHWHg==</ds:SignatureValue> <ds:keyinfo> <ds:x509data> IdP Signature and Certificate for Spark to validate <ds:x509certificate>miidkzccahogawibagiunxwxwlgu07iluaaqto3xa/xhfi0wdqyjkozihvcnaqefbqawg zezmbcg 6k9FCGi2Hd3q9GW0iYUJi68=</ds:X509Certificate> </ds:x509data> </ds:keyinfo> </ds:signature> BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39 SAML Assertion from IdP to Spark <saml2:subject> <saml2:nameid Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameID format, Spark NameQualifier=" SPNameQualifier=" supported transient, </saml2:nameid> <saml2:subjectconfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:subjectconfirmationdata Address=" " InResponseTo="s2e747a3b284812b71ccd8ac1dce98d00cbfa7555b NotOnOrAfter=" T17:18:22.572Z" Recipient=" </saml2:subjectconfirmation> </saml2:subject> <saml2:conditions NotBefore=" T17:13:22.572Z" NotOnOrAfter=" T17:18:22.572Z"> <saml2:audiencerestriction> <saml2:audience> </saml2:audiencerestriction> </saml2:conditions> Entity ID that this assertion should apply to Time window when this SAML assertion is accepted unspecified and BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 39
40 NameID formats support by Spark UNSPECIFIED <saml2:nameid Format="urn:oasis:names:tc:SAML:1.1:nameidformat:unspecified NameQualifier=" SPNameQualifier=" _306e0e97b606cc3199a28e72c95aa206 </saml2:nameid> <saml2:attributestatement> <saml2:attribute Name="uid NameFormat="urn:oasis:names:tc:SAML:2.0:attrnameformat:unspecified"> <saml2:attributevalue xmlns:xsi= xsi:type="xs:string"> </saml2:attributevalue> </saml2:attribute> </saml2:attributestatement> NameID format unspecified require SPNameQualifier and the extra attribute (uid) statement NameID format transient require SPNameQualifier and the extra attribute (uid) statement NameID format require SPNameQualifier but doesn t require any extra attribute <saml:nameid Format="urn:oasis:names:tc:SAML:1.1:nameidformat: Address SPNameQualifier=" f8-22de53230d1e"> paucorre@identitylab20.ciscolabs.com </saml:nameid> TRANSIENT <saml:nameid Format="urn:oasis:names:tc:SAML:2.0:nameidformat:transient" NameQualifier="ping8a.uc8sevtlab13.com SPNameQualifier=" RbtO77X6eKfPUF5OhPrAKTCE88e </saml:nameid> <saml:attributestatement> <saml:attribute Name="uid NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue xsi:type="xs:string xmlns:xs= xmlns:xsi=" paucorre@uc8sevtlab13.com </saml:attributevalue> </saml:attribute> </saml:attributestatement> BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 40
41 Spark Client Spark Service Common Identity Customer IdP HTTP POST Gets an authorisation Code that will be replaced with an OAuth access and refresh Token, and will be use from here on to access resources on behalf of the user BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 Cisco Spark Spark Thick Client Embedded Browser Spark Service Common Identity OAuth Identity Broker Customer IdP Access Service Redirect to Authorisation Service Authz URL AuthZ URL Redirect to the AuthN AuthN Request Provide IdP URL for SAML Exchange SAML GET Authentication request Authentication Provided SAML POST with uid and IdP cookie Access_token POST SAML Assertion Redirect to the Oauth Service with SAML cookie and UID of the user Provides SAML cookie and UID to OAuth Service Send back OAuth Token Validates Assertion and create the SAML SP cookie Verifies Entitlement and Scope for the user and generate OAuth Token Access to the Spark Service BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 42
43 SSO with IDaaS Vendors
44 What is an IDaaS? Cloud-based service in a multitenant or dedicated and hosted delivery model. The service brokers a set of functionality across multiple IAM functions specifically, identity and governance administration (IGA), access enforcement, and analytics functions. Gartner predicts that 40% of identity and access management (IAM) purchases will use the identity and access management as a service (IDaaS) delivery model by 2020, up from just 20% in Source : Gartner - Magic Quadrant for Identity and Access Management as a Service BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45 Cisco Cloud Collaboration Services Integration Some of the IDaaS vendor already have templates defined that almost doesn t need any configuration apart from providing the ORG id. The provide services for thousands of SSO enabled apps, where the users of a customer just need to login to a single apps and all other will receive information from the first login. BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 45
46 Cisco On-premise Integration with IDaaS before 11.5 Before 11.5 CUCM & IM&P cluster Before CSR 11.5 Cisco on-premise collaboration products require on IdP agreement per node in the cluster. BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47 Cisco On-premise Integration with IDaaS before 11.5 Before 11.5 CUCM & IM&P cluster But a single cluster can import a single metadata file from the IdP BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 47
48 Cisco On-premise Integration with IDaaS on and forward CUCM & IM&P cluster With CSR 11.5 and after Cisco on-premise collaboration products require on the IdP a single agreement per cluster. To achieve single cluster agreement, Cisco uses a SAML specification that allow for multiple AssertionConsumerService tags BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 48
49 Cisco On-premise Integration with IDaaS on 11.5 All the IDaaS vendor don t support multiple AssertionConsumerServices tags, you can only specify one. BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 49
50 Cisco On-premise Integration with OKTA on 11.5 With the exception of OKTA that develop the support for multiple AssertionConsumerService. In order to integrate with customer that have SAML enabled applications where multiple nodes need to access to a single IdP agreement. BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 50
51 Cisco On-premise Integration with OKTA on 11.5 For the integration to be configured we need to open the CUCM cluster metadata file and copy the AssertionConsumerService that have the bindings HTTP- POST Cisco and/or its affiliates. All rights reserved. Cisco Public 51
52 Conclusion and Key Takeaways
53 Q & A
54 Complete Your Online Session Evaluation Give us your feedback and receive a Cisco Live 2017 Cap by completing the overall event evaluation and 5 session evaluations. All evaluations can be completed via the Cisco Live Mobile App. Caps can be collected Friday 10 March at Registration. Learn online with Cisco Live! Visit us online after the conference for full access to session videos and presentations. BRKUCC Cisco and/or its affiliates. All rights reserved. Cisco Public 54
55 Thank you
56
Kaltura MediaSpace SAML Integration Guide. Version: 5.0
Kaltura MediaSpace SAML Integration Guide Version: 5.0 Kaltura Business Headquarters 200 Park Avenue South, New York, NY. 10003, USA Tel.: +1 800 871 5224 Copyright 2014 Kaltura Inc. All Rights Reserved.
More informationLeave Policy. SAML Support for PPO
Leave Policy SAML Support for PPO January 2015 Table of Contents Why SAML Support for PPO... 3 Introduction to SAML... 3 PPO Implementation... 6 ComponentSpace SAML v2.0 for.net... 6 SAML Security mode...
More informationConfigure ISE 2.3 Guest Portal with OKTA SAML SSO
Configure ISE 2.3 Guest Portal with OKTA SAML SSO Contents Introduction Prerequisites Requirements Components Used Background Information Federated SSO Network Flow Configure Step 1. Configure SAML Identity
More informationMedia Shuttle SAML Configuration. October 2017 Revision 2.0
Media Shuttle SAML Configuration October 2017 Revision 2.0 Table of Contents Overview... 3 End User Experience... 5 Portal Authentication Flow... 6 Configuration Steps... 7 Technical Details... 11 SAML
More informationImplement SAML 2.0 SSO in WLS using IDM Federation Services
Implement SAML 2.0 SSO in WLS using IDM Federation Services Who we are Experts At Your Service > Over 60 specialists in IT infrastructure > Certified, experienced, passionate Based In Switzerland > 100%
More informationSingle Sign-On (SSO) Using SAML
Single Sign-On (SSO) Using SAML V.2.4 AS OF 2018-07-26 Visit the SAML SSO Integration section in SCU for additional information OVERVIEW ServiceChannel offers a full-featured single sign-on (SSO) system
More informationSession 2.1: Federations: Foundation. Scott Koranda Support provided by the National Institute of Allergy and Infectious Diseases
Session 2.1: Federations: Foundation Scott Koranda Support provided by the National Institute of Allergy and Infectious Diseases Scott Koranda's participation has been funded in whole or in part with federal
More informationGeneric Structure of the Treatment Relationship Assertion
epsos ECCF Artifact Matrix Excerpt: Context and elated Information epsos Conceptual Logical Implementable Enterprise Dimension "Why" - Policy Information Dimension "What" - Content Computational Dimension
More informationSecurity Assertion Markup Language (SAML) applied to AppGate XDP
1 Security Assertion Markup Language (SAML) applied to AppGate XDP Jamie Bodley-Scott AppGate Product Manager May 2016 version2 This document provides background on SAML for those of you who have not used
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationSingle Sign-On Implementation Guide
Single Sign-On Implementation Guide Salesforce, Winter 18 @salesforcedocs Last updated: November 13, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark
More informationSAML 2.0 Single Sign On with Citrix NetScaler
SAML 2.0 Single Sign On with Citrix NetScaler This guide focuses on defining the process for deploying NetScaler as a SAML IdP for most enterprise applications that support SAML 2.0. Citrix.com 1 Citrix
More informationeidas SAML Message Format
eidas SAML Message Format Version 1.1 1 Introduction The eidas interoperability framework including its national entities (eidas-connector and eidas- Service) need to exchange messages including personal
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationIntegration Guide. SafeNet Authentication Service. Protecting Syncplicity with SAS
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationFAS SAML Integration Guide
FAS SAML Integration Guide Digitale Transformatie Date 04/01/2018 Version 0.5 DOCUMENT INFORMATION Document Title FAS SAML Integration Guide File Name FAS SAML_Integration_Guide_v0.5.docx Subject Document
More informationi-ready Support for Single Sign-On (SSO)
i-ready Support for Single Sign-On (SSO) Contents Benefits... 2 Supported Security Protocols... 2 How It Works... 2 SAML Workflow... 3 Clever Workflow... 4 Implementation Details... 5 Basic Assumption...
More informationSingle Sign-On Implementation Guide
Single Sign-On Implementation Guide Salesforce, Spring 16 @salesforcedocs Last updated: April 6, 2016 Copyright 2000 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark
More informationGFIPM Web Browser User-to-System Profile Version 1.2
About the Document Justice organizations are looking for ways to provide secured access to multiple agency information systems with a single logon. The Global Federated Identity and Privilege Management
More informationAdvanced Configuration for SAML Authentication
The advanced configuration for SAML authentication includes: Configuring Multiple Identity Providers Multiple Identity Providers can be configured to a SAML authentication service on the Barracuda Web
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationSAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites
SAML 2.0 SSO Agiloft integrates with a variety of SAML authentication providers, or Identity Providers (IdPs). SAML-based SSO is a leading method for providing federated access to multiple applications
More informationIntroducing Shibboleth. Sebastian Rieger
Introducing Shibboleth Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford eresearch Center
More informationDocuSign Single Sign On Implementation Guide Published: June 8, 2016
DocuSign Single Sign On Implementation Guide Published: June 8, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents
More informationConfiguring Alfresco Cloud with ADFS 3.0
Configuring Alfresco Cloud with ADFS 3.0 Prerequisites: You have a working domain on your Windows Server 2012 and successfully installed ADFS. For these instructions, I created: alfresco.me as a domain
More informationUsing VMware Horizon Workspace to Enable SSO in VMware vcloud Director 5.1
Using VMware Horizon Workspace to Enable SSO in VMware vcloud Director 5.1 March 2013 Using VMware Horizon Workspace to Enable SSO This product is protected by U.S. and international copyright and intellectual
More informationSuomi.fi e-identification Technical interface description
Suomi.fi e-identification Technical interface description 1 Suomi.fi e-identification operating environment Suomi.fi e-identification offers a user authentication service for e-services across a SAML 2.0
More informationeidas-node and SAML Version 2.0
eidas-node and SAML Version 2.0 Document history Version Date Modification reason Modified by 1.0 06/10/2017 Origination DIGIT 2.0 11/04/2018 Editorial improvements DIGIT Disclaimer This document is for
More informationIntegrating VMware Workspace ONE with Okta. VMware Workspace ONE
Integrating VMware Workspace ONE with Okta VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Task Flow, page 5 Reconfigure OpenAM SSO to SAML SSO Following an Upgrade, page 9 SAML SSO Deployment Interactions and Restrictions, page 9 Prerequisites NTP
More informationUdemy for Business SSO. Single Sign-On (SSO) capability for the UFB portal
Single Sign-On (SSO) capability for the UFB portal Table of contents Overview SSO and SAML PingOne and Ping Federate Data Flow FAQ What is the End User Experience With SSO? Can users access the Udemy app
More informationIntegrating PingFederate with Citrix NetScaler Unified Gateway as SAML IDP
Integrating PingFederate with Citrix NetScaler Unified Gateway as SAML IDP This guide focuses on defining the process for deploying PingFederate as an SP, with NetScaler Unified Gateway acting as the SAML
More informationSAML V2.0 Deployment Profiles for X.509 Subjects
1 2 3 4 5 SAML V2.0 Deployment Profiles for X.509 Subjects Committee Specification 01 27 March 2008 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 Specification URIs:
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Workflow, page 5 Reconfigure OpenAM SSO to SAML SSO After an Upgrade, page 9 Prerequisites NTP Setup In SAML SSO, Network Time Protocol (NTP) enables clock
More informationUsing Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee
Using Your Own Authentication System with ArcGIS Online Cameron Kroeker and Gary Lee Agenda ArcGIS Platform Structure What is SAML? Meet the Players Relationships Are All About Trust What Happens During
More informationOracle Utilities Opower Energy Efficiency Web Portal - Classic Single Sign-On
Oracle Utilities Opower Energy Efficiency Web Portal - Classic Single Sign-On Configuration Guide E84772-01 Last Update: Monday, October 09, 2017 Oracle Utilities Opower Energy Efficiency Web Portal -
More informationResearch Collaboration IAM Needs
Outline Research Collaboration IAM Needs Federated Identity for Authentication SAML Federations Hands-on with SAML Hands-on with OpenID Connect (OIDC) 2 Research Collaboration IAM Needs 3 What Is A Collaboration?
More informationAuthentication. Katarina
Authentication Katarina Valalikova @KValalikova k.valalikova@evolveum.com 1 Agenda History Multi-factor, adaptive authentication SSO, SAML, OAuth, OpenID Connect Federation 2 Who am I? Ing. Katarina Valaliková
More informationWeb Services Security: SAML Interop 1 Scenarios
1 2 3 4 Web Services Security: SAML Interop 1 Scenarios Working Draft 04, Jan 29, 2004 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Document identifier: Location: http://www.oasis-open.org/committees/wss/
More informationUser Management Interfaces for Earth Observation Services
Open Geospatial Consortium Inc. Date: 2009-06-30 Reference number of this OGC project document: 07-118r1 Version: 0.0.4 Category: OGC Interoperability Program Report Editors: R.Smillie, A.Cucumel SPACEBEL
More informationSAML Authentication with Pulse Connect Secure and Pulse Secure Virtual Traffic Manager
SAML Authentication with Pulse Connect Secure and Pulse Secure Virtual Traffic Manager Deployment Guide Published 14 December, 2017 Document Version 1.0 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San
More informationHiggins SAML2 IdP Tutorial
Higgins SAML2 IdP Tutorial Version 1.1, Oct 18 th 2007, msabadello@parityinc.net The Higgins SAML2 IdP supports the SP initiated SSO profile defined by SAML2 specifications. Two parties are involved in
More informationeidas Technical Specifications
eidas Technical Specifications v0.90 [Written by eidas Technical Subgroup] [July 2015] EUROPEAN COMMISSION European Commission B-1049 Brussels Europe Direct is a service to help you find answers to your
More informationAAI Login Demo. SWITCHaai Introduction Course Bern, 1. March Daniel Lutz
SWITCHaai Introduction Course Bern, 1. March 2013 Daniel Lutz aai@switch.ch Agenda Illustration of protocol flow SAML2, Web Browser SSO Live demonstration 2 Protocol Flow IdP SP http://www.switch.ch/aai/demo/
More informationSAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1)
SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1) First Published: 2017-08-31 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706
More informationDeploying OAuth with Cisco Collaboration Solution Release 12.0
White Paper Deploying OAuth with Cisco Collaboration Solution Release 12.0 Authors: Bryan Morris, Kevin Roarty (Collaboration Technical Marketing) Last Updated: December 2017 This document describes the
More informationIdentity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationWeb Based Single Sign-On and Access Control
0-- Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationSAML SSO Okta Identity Provider 2
SAML SSO Okta Identity Provider SAML SSO Okta Identity Provider 2 Introduction 2 Configure Okta as Identity Provider 2 Enable SAML SSO on Unified Communications Applications 4 Test SSO on Okta 4 Revised:
More informationNetwork Security. Chapter 10. XML and Web Services. Part II: II: Securing Web Services Part III: Identity Federation
Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Network Security Chapter 10 Application Layer Security: Web Services (Part 2) Part I: Introduction
More informationOkta Embedded-OCC Implementation Guide
Okta Embedded-OCC Implementation Guide Okta Inc. 301 Brannan Street, 3 rd Floor San Francisco, CA, 94107 info@okta.com 1-888-722-7871 Contents Overview... 3 Implementation Steps... 4 Obtain API access
More informationMcAfee Cloud Identity Manager
Jive Cloud Connector Guide McAfee Cloud Identity Manager version 3.1 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,
More informationIntegration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)
Integration Guide PingFederate SAML Integration Guide (SP-Initiated Workflow) Copyright Information 2018. SecureAuth is a registered trademark of SecureAuth Corporation. SecureAuth s IdP software, appliances,
More informationUnity Connection Version 10.5 SAML SSO Configuration Example
Unity Connection Version 10.5 SAML SSO Configuration Example Document ID: 118772 Contributed by A.M.Mahesh Babu, Cisco TAC Engineer. Jan 21, 2015 Contents Introduction Prerequisites Requirements Network
More informationQuick Start Guide for SAML SSO Access
Quick Start Guide Quick Start Guide for SAML SSO Access Cisco Unity Connection SAML SSO 2 Introduction 2 Understanding Service Provider and Identity Provider 2 Understanding SAML Protocol 3 SSO Mode 4
More informationINTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE
GUIDE AUGUST 2018 PRINTED 4 MARCH 2019 INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE Table of Contents Overview Introduction Purpose Audience Integrating Okta with VMware
More informationManage SAML Single Sign-On
SAML Single Sign-On Overview, page 1 Opt-In Control for Certificate-Based SSO Authentication for Cisco Jabber on ios, page 1 SAML Single Sign-On Prerequisites, page 2, page 3 SAML Single Sign-On Overview
More informationOctober 14, SAML 2 Quick Start Guide
October 14, 2017 Copyright 2013, 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and
More informationAll about SAML End-to-end Tableau and OKTA integration
Welcome # T C 1 8 All about SAML End-to-end Tableau and OKTA integration Abhishek Singh Senior Manager, Regional Delivery Tableau Abhishek Singh Senior Manager Regional Delivery asingh@tableau.com Agenda
More informationConfiguration Guide - Single-Sign On for OneDesk
Configuration Guide - Single-Sign On for OneDesk Introduction Single Sign On (SSO) is a user authentication process that allows a user to access different services and applications across IT systems and
More informationAccess Management Handbook
Access Management Handbook Contents An Introduction 3 Glossary of Access Management Terms 4 Identity and Access Management (IAM) 4 Access Management 5 IDaaS 6 Identity Governance and Administration (IGA)
More informationOIO Bootstrap Token Profile
> OIO Bootstrap Token Profile Version 1.0.1 IT- & Telestyrelsen March 2010 2 Content [ Document History 4 Introduction 5 Characteristics of bootstrap tokens 5 Related profiles 6 Assumptions 6 Token Requirements
More informationQuick Start Guide for SAML SSO Access
Standalone Doc - Quick Start Guide Quick Start Guide for SAML SSO Access Cisco Unity Connection SAML SSO 2 Introduction 2 Understanding Service Provider and Identity Provider 3 Understanding SAML Protocol
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationSAML 2.0 SSO Extension for Dynamically Choosing Attribute Values
SAML 2.0 SSO Extension for Dynamically Choosing Attribute Values Authors: George Inman University of Kent g.inman@kent.ac.uk David Chadwick University of Kent d.w.chadwick@kent.ac.uk Status of This Document
More informationSingle Sign-On Administrator Guide
Single Sign-On Administrator Guide Last Revised October 2018 Version 1.8 Disclaimer LinkedIn Corporation 1000 W. Maude Ave. Sunnyvale, CA 94085 This document may contain forward looking statements. Any
More informationIdentity management. Tuomas Aura T Information security technology. Aalto University, autumn 2011
Identity management Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Outline 1. Single sign-on 2. OpenId 3. SAML and Shibboleth 4. Corporate IAM 5. Strong identity 2
More informationSingle Sign-On Administrator Guide
Single Sign-On Administrator Guide Last Revised February 15, 2018 Version 1.7 Disclaimer LinkedIn Corporation 1000 W. Maude Ave. Sunnyvale, CA 94085 This document may contain forward looking statements.
More informationIntegration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate
SafeNet Authentication Manager Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationSAML2 Metadata Exchange & Tagging
SAML2 Metadata Exchange & Tagging TNC 2009 Malaga, 10. June 2009 Thomas Lenggenhager thomas.lenggenhager@switch.ch Overview 1 What s the Problem? 2 Scalable Metadata Exchange 3 Metadata Tagging 4 Summary
More informationesignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5
esignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5 Phone: 1-855-MYESIGN Fax: (514) 337-5258 Web: www.esignlive.com
More informationThis section includes troubleshooting topics about single sign-on (SSO) issues.
This section includes troubleshooting topics about single sign-on (SSO) issues. SSO Fails After Completing Disaster Recovery Operation, page 1 SSO Protocol Error, page 1 SSO Redirection Has Failed, page
More informationedugain Policy Framework SAML Profile
1 2 3 12 July 2017 edugain Policy Framework SAML Profile 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Document Revision History Version Date Description of Change Person 0.1 06-07-2017 Draft version N Harris
More informationDDS Identity Federation Service
DDS Identity Federation Service Sharing Identity across Organisational Boundaries Executive Overview for UK Government Company Profile Daemon Directory Services Ltd. (DDS) is an application service provider
More informationSingle Sign-On User Guide. Cvent, Inc 1765 Greensboro Station Place McLean, VA
Single Sign-On User Guide 2018 Cvent, Inc 1765 Greensboro Station Place McLean, VA 22102 www.cvent.com Contents Single Sign-On User Guide... 3 Key Terms... 3 Features Using SSO to Login... 4 Meeting Planners
More informationDRAFT For Discussion Purposes Only
DRAFT For Discussion Purposes Only Statements or comments made by the ministry or information provided in the draft technical specifications are not binding on the ministry. In particular, the ministry
More informationIdentity Provider for SAP Single Sign-On and SAP Identity Management
Implementation Guide Document Version: 1.0 2017-05-15 PUBLIC Identity Provider for SAP Single Sign-On and SAP Identity Management Content 1....4 1.1 What is SAML 2.0.... 5 SSO with SAML 2.0.... 6 SLO with
More informationExostar Identity Access Platform (SAM) User Guide September 2018
Exostar Identity Access Platform (SAM) User Guide September 2018 Copyright 2018 Exostar, LLC All rights reserved. 1 INTRODUCTION... 4 SUMMARY... 4 Exostar IAM Platform (SAM) Organization and User Types...
More informationOkta Integration Guide for Web Access Management with F5 BIG-IP
Okta Integration Guide for Web Access Management with F5 BIG-IP Contents Introduction... 3 Publishing SAMPLE Web Application VIA F5 BIG-IP... 5 Configuring Okta as SAML 2.0 Identity Provider for F5 BIG-IP...
More informationRSA SecurID Access SAML Configuration for Brainshark
RSA SecurID Access SAML Configuration for Brainshark Last Modified: August 27, 2015 Brainshark is a business presentation solution provider, enabling companies to increase sales productivity, train more
More informationApril Understanding Federated Single Sign-On (SSO) Process
April 2013 Understanding Federated Single Sign-On (SSO) Process Understanding Federated Single Sign-On Process (SSO) Disclaimer The following is intended to outline our general product direction. It is
More informationElectronic ID at work: issues and perspective
Electronic ID at work: issues and perspective Antonio Lioy < lioy @ polito.it > Politecnico di Torino Dip. Automatica e Informatica Why should I have/use an (e-) ID? to prove my identity to an "authority":
More informationAdminCamp Christian Henseler, Christian Henseler,
AdminCamp 2013 Christian Henseler, 24.09.2013 Christian Henseler, 24.09.2013 1 Introduction What are we coming from Yet another SSO mechanism!? SAML basics Domino 9 requirements and limitations SAML use
More informationQualys SAML 2.0 Single Sign-On (SSO) Technical Brief
Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief Qualys provides its customers the option to use SAML 2.0 Single SignOn (SSO) authentication with their Qualys subscription. When implemented, Qualys
More informationSpecifications for interoperable access to edelivery and esafe systems
www.eu-spocs.eu COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) Preparing the implementation of the Services Directive ICT PSP call identifier: ICT PSP-2008-2
More informationBest Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
More informationExostar Identity Access Platform (SAM) User Guide July 2018
Exostar Identity Access Platform (SAM) User Guide July 2018 Copyright 2018 Exostar, LLC All rights reserved. 1 Version Impacts Date Owner Identity and Access Management Email Verification (Email OTP) July
More informationFormatted: Font: Century Gothic, 12 pt
Formatted: Font: Century Gothic, 12 pt Contents 1 Document Description... 1 1.1 Overview... 1 1.2 Glossary... 1 1.3 Prerequisites... 2 2 Architecture... 3 3 IdP Configuration... 44 3.1 Creation of the
More informationISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University
Identity Management and Federated ID (Liberty Alliance) ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Identity Identity is the fundamental concept of uniquely
More informationBuilding a Well Managed Cloud Application. Okta Inc. 301 Brannan Street San Francisco, CA
Building a Well Managed Cloud Application Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 Introduction 1 Working with Okta 2 A Well Managed Cloud Application
More informationCONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE
GUIDE MARCH 2019 PRINTED 28 MARCH 2019 CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE VMware Workspace ONE Table of Contents Overview Introduction Audience AD FS
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationQualys SAML & Microsoft Active Directory Federation Services Integration
Qualys SAML & Microsoft Active Directory Federation Services Integration Microsoft Active Directory Federation Services (ADFS) is currently supported for authentication. The Qualys ADFS integration must
More informationUnified Communications Manager Version 10.5 SAML SSO Configuration Example
Unified Communications Manager Version 10.5 SAML SSO Configuration Example Contents Introduction Prerequisites Requirements Network Time Protocol (NTP) Setup Domain Name Server (DNS) Setup Components Used
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS 03 EXECUTIVE OVERVIEW 05 INTRODUCTION 07 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS 09 IDENTITY FEDERATION IN
More informationNETOP PORTAL ADFS & AZURE AD INTEGRATION
22.08.2018 NETOP PORTAL ADFS & AZURE AD INTEGRATION Contents 1 Description... 2 Benefits... 2 Implementation... 2 2 Configure the authentication provider... 3 Azure AD... 3 2.1.1 Create the enterprise
More informationSELF SERVICE INTERFACE CODE OF CONNECTION
SELF SERVICE INTERFACE CODE OF CONNECTION Definitions SSI Administration User Identity Management System Identity Provider Service Policy Enforcement Point (or PEP) SAML Security Patch Smart Card Token
More informationDelegated authentication Electronic identity: delegated and federated authentication, policy-based access control
Delegated authentication Electronic identity: delegated and federated authentication, policy-based access control Antonio Lioy < lioy @ polito.it > several RPs (Replying Party) may decide to delegate authentication
More informationOracle Utilities Opower Solution Extension Partner SSO
Oracle Utilities Opower Solution Extension Partner SSO Integration Guide E84763-01 Last Updated: Friday, January 05, 2018 Oracle Utilities Opower Solution Extension Partner SSO Integration Guide Copyright
More information