WSO2 Identity Management

Similar documents
Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

SAP Security in a Hybrid World. Kiran Kola

Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,

Warm Up to Identity Protocol Soup

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Liferay Security Features Overview. How Liferay Approaches Security

CONNECTED IDENTITY: BENEFITS, RISKS, AND CHALLENGES DIRECTOR - SECURITY ARCHITECTURE, WSO2

API Security Management SENTINET

[GSoC Proposal] Securing Airavata API

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

Integration Patterns for Legacy Applications

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

Configuration Guide - Single-Sign On for OneDesk

API Security Management with Sentinet SENTINET

SSO Integration Overview

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Cloud Access Manager Overview

Access Management Handbook

The SciTokens Authorization Model: JSON Web Tokens & OAuth

Authentication in the Cloud. Stefan Seelmann

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

ForgeRock Access Management Core Concepts AM-400 Course Description. Revision B

Challenges in Authenticationand Identity Management

Introduction to SciTokens

ArcGIS Server and Portal for ArcGIS An Introduction to Security

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Oracle Mobile and Social Access Management

Quality - The Key to Successful SOA. Charitha Kankanamge WSO2 February 2011

Authentication. Katarina

Single Sign-On Best Practices

Enterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape

Using Flow in your On Premise Environment. SharePoint Saturday Baltimore #SPSBMORE May 20, 2017

Novell Access Manager 3.1

Intro to the Identity Experience Engine. Kim Cameron, Microsoft Architect of Identity ISSE Paris November 2016

Identity-Powered Security

SAP Single Sign-On 2.0 Overview Presentation

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

SINGLE SIGN ON SOLUTIONS FOR ICS PRODUCTS

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

Expertise that goes beyond experience.

Identität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist

Salesforce External Identity Implementation Guide

Salesforce External Identity Implementation Guide

OpenIAM Identity and Access Manager Technical Architecture Overview

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT

Author: Nils Meulemans, CTO. Date: June 7, Version: 2.1

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Introduction. The Safe-T Solution

Dell One Identity Cloud Access Manager 8.0. Overview

SAML-Based SSO Solution

OPENID CONNECT 101 WHITE PAPER

Salesforce External Identity Implementation Guide

BEST PRACTICES GUIDE MFA INTEGRATION WITH OKTA

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

Cybersecurity Roadmap: Global Healthcare Security Architecture

BIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1

API Manager Version May User Guide

April Understanding Federated Single Sign-On (SSO) Process

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Network Security Essentials

Access Manager Applications Configuration Guide. October 2016

INDIGO-Datacloud Identity and Access Management Service

1z0-479 oracle. Number: 1z0-479 Passing Score: 800 Time Limit: 120 min.

SAML-Based SSO Solution

Server Installation and Administration Guide

API MANAGEMENT WITH WEBMETHODS

Michael Geiser PhillyJUG June 24, 2015

Contents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29

THE NEW DIGITAL EXPERIENCE

ISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems

5 OAuth EssEntiAls for APi AccEss control layer7.com

Oracle Access Manager Configuration Guide

SOFTWARE DEMONSTRATION

SAP IoT Application Enablement Best Practices Authorization Guide

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

The Now Platform Reference Guide

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

1 Introduction Product Description Strengths and Challenges Copyright... 6

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

Box Connector. Version 2.0. User Guide

Sentinet for BizTalk Server SENTINET

Moving Digital Identity to the Cloud, a Fundamental Shift in rethinking the enterprise collaborative model.

Trusted identities for the cloud using open source technologies where Open ecard App meets SkIDentity

Giovanni Carnovale Technical Account Manager Southeast Europe VASCO Data Security

Introduction to application management

Dissecting NIST Digital Identity Guidelines

IBM Security Access Manager Version 9.0 October Product overview IBM

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Unified Secure Access Beyond VPN

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

Prof. Christos Xenakis

Prof. Christos Xenakis

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

INDIGO AAI An overview and status update!

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Transcription:

WSO2 Identity Management Panagiotis Kranidiotis panagiotiskranidiotis@gmailcom 4 Νοεμβρίου 2017

Few things about me First engagement with open source technologies in 1995 Open source consultant and systems engineer since 2004 VC of Hellug 2008, 2009 Member scientific advisory team of GFOSS (Open Technologies Alliance) 2009 - present Member of the board of GFOSS (Open Technologies Alliance) 2015-present

About this presentation WSO2 and WSO2 products Identity Management and definitions WSO2 Identity Server Installation Examples - Hands-on How to contribute

WSO2 Open source platform for APIs, applications, and web services Founded by Sanjiva Weerawarana and Paul Fremantle in August, 2005, and has been backed by investment from Intel Capital WSO2 products are released under the Apache License Version 2 Sanjiva Weerawaranaformer IBM researcher creator of IBM SOAP4J, which later became Apache SOAP, architect of Apache Axis, Apache WSIF, the IBM Web Services Gateway and IBM BPWS4J Full open source products

WSO2 Products WSO2 API Manager WSO2 Enterprise Intergrator (Former WSO2 Enterprise Service Bus, WSO2 Message Broker, WSO2 Data Services Server and WSO2 Business Process Server) WSO2 Identity Server WSO2 Analytics Server WSO2 IoT Server (Former Enterprise Mobility Manager)

Why to use SSO platform Security Reuse Easy role management APIs Combine multiple user stores

Identity Management Definition Identity management, also known as identity and access management (IAM) is, in computer security, the security and business discipline that enables the right individuals to access the right resources at the right times and for the right reasons It addresses the need to ensure appropriate access to resources across increasingly heterogeneous technology environments and to meet increasingly rigorous compliance requirements

Definitions Authentication : Verification that an entity is who/what it claims to be using a password, biometrics such as a fingerprint, or distinctive behavior such as a gesture pattern on a touchscreen Federated Authentication : The ability to use 3rd party Identity providers to authendicate localy Authorization : Managing authorization information that defines what operations an entity can perform in the context of a specific application Roles : Roles are groups of operations and/or other roles Users are granted roles often related to a particular job or job function Attributes ή Claims : A claim is a statement that one subject, such as a person or organization, makes about itself or another subject

Identity Management Architecture

Some more definitions Userstore : the system where information about the users and user roles is stored, including log-in name, password, first name, last name, and e-mail address Usualy a DB or an LDAP Identity Provider : An Identity Provider (IdP) is responsible for issuing identification information and authenticating users by using security tokens like SAML 20, OpenID Connect, OAuth 20 and WS-Trust Federated IdP : A 3rd party IdP that it can be consumed localy Service Provider : A Service Provider (SP) is an entity that provides Web services Inbound Provisioning : Inbound provisioning focuses on how to provision users to the Identity Server and it s userstores Outbound Provisiong : Outbound provisioning talks about provisioning users to external systems

WSO2 Identity Server Architecture

WSO2 IdS Features - SSO Security Assertion Markup Language 2 (SAML2) and OpenID connect support Single logout SSO between on-premise applications and cloud applications Simple service provider and identity provider ecosystem management

WSO2 IdS Features - Identity Federation Federated SSO with external identity providers Support for Facebook, Google, Microsoft Windows Live and more User claims and roles transformation

WSO2 IdS Features - Strong Authentication Multi-option and multi-factor authentication support Kerberos and X509 support 2-factor authentication including FIDO, SMS/Email OTP, MePin and more

WSO2 IdS Features - Identity Governance and Administration User and group management User self service features (account recovery, self registration, account locking, etc) Provisioning based on standards such as SCIM (System for Cross-domain Identity Management) and SPML (Service Provisioning Markup Language) On the fly and rule-based provisioning Workflows to user and role management and approval driven by templates HTML and multi-language email template support

WSO2 IdS Features - Entitlement and Access Control Fine-grained authorization with extensible Access Control Markup Language (XACML) policies API security with delegated access control using OAuth2 and support for SAML2 bearer, JSON Web Token (JWT) assertion and Integrated Windows Authentication with NT LAN Manager (NTLM-IWA) grant types

Installation Download the latest built zip file Install the Oracle JDK Download the myslq or postgresql JDBC driver Prepare the database or the external ldap Create a valid SSL certificate and add it to Java Keystore Use ie LetsEncrypt Change the hostname to the FQND Open the right ports on firewall (by default 9443 )

Applications that can use IdS Any custom web app through protocols like SAML2, OAUTH2, OpenId Mobile apps usually with OAUTH2 Web Services Standard web cms (drupal, wordpress etc)have plugins for SSO Windows shares, email accounts and legacy apps if you are using LDAP as user store

How to contribute Read the documentation https://docswso2com/display/is530/ Check Stackoverflow for answers in your questions Learn the correct wso2 repositories for each product Need to know to build maven projects Better to use an IDE (ie Eclipse) https://wso2githubio/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback