CA SSO Cloud-Enabled with SSO/Rest
SSO/Rest Solves Many Challenges Applications in the Cloud AJAX / Mobile / Thick Client Application Integration "Agent-less" Infrastructure Server-side Application Integration 5 SSO/Rest Use Cases WAM-as-a-Service 2
A Common Quandary! Key Question How do we leverage our existing WAM infrastructure to handle platforms & applications in the public cloud? The Situation Constraints 50+ applications protected by CA SSO NO new firewall ports Multiple user directories NO cloud-to-data center VPNs Multiple Password policies Multiple authentication mechanisms including 2FA NO syncing/pushing employee credentials to the cloud 3
But is this just Federation? NO! Unlike Federation, SSO/Rest supports every security feature you have come to trust and depend on, EVEN IN THE CLOUD 4
future business www.your website.com future business www.your website.com Remember: Federation is NOT the Same as Web Access Management Federation Web Access Management (WAM) Policy Enforcement Point (PEP) Authentication One-time handoff from partner IDP Limited logout capability Perimeter Defense Audit Policy Decision Point (PDP) Access control Session lifecycle management 5
A Complete Web Access Management Solution 06 01 Centralized Audit Authentication Management 05 Control Session Duration Web Access Management Access Control Enforcement 02 04 Idle Session Timeout Single Sign On 03 6
WAM Gaps in the Cloud 06 01 Centralized Audit Authentication Management 05 Session Control Maximum Session Time-to-Live Duration Web Access Management (Gaps in the Cloud) Access Control Enforcement 02 04 Idle Session Timeout Single Sign On 03 7
WAM Gaps in the Cloud All Solved by SSO/Rest 06 01 Centralized Audit Authentication Management 05 Session Control Maximum Session Time-to-Live Duration Web Access Management (Gaps in the Cloud) Access Control Enforcement 02 04 Idle Session Timeout Single Sign On 03 8
Customer Success Stories Seamless and Secure Integration Fortune 50 retail company makes an acquisition, and has seamlessly and securely integrated the new web apps with its ecommerce portal, without having to bring the apps in-house or creating a VPN to the new company HTML5 CSS3 js XML PHP Cloud Acquired Company Existing Web Apps ecommerce Portal Successfully Moving.Net applications to Microsoft Azure Fortune 50 finance company successfully moves its.net applications to Microsoft Azure while preserving all of its SSO integrations, authentication and access policies, and audit capabilities ASP.NET C# IIS.Net Applications.NET Microsoft Azure 9
The SSO/Rest Solution SSO/Rest combines existing and emerging technologies to extend the perimeter of your IAM solution safely and securely into your public Cloud platforms A B C D Rest based- lightweight Engineered to solve this problem Easy to use, handles latency, transparent. No firewall holes - secure SSO/Rest! 10
SSO/Rest Solution Architecture Cloud Corporate Network Browser call to cloud application SSO/Rest session validation request CA SSO Agent traffic Browser SSO/Rest Plugin SSO/Rest Gateway CA SSO (aka SiteMinder) Policy Server Cloud Apps Response (with updated SMSESSION cookie) JSON reply from SSO/Rest Policy Server Response Legend Browser HTTP traffic SSO/Rest HTTP traffic CA SSO Agent tunnel 11
Your App Runs in the Cloud But CA SSO Thinks its in your Own Data Center 12
SSO/Rest Web Services Endpoints Look Mom! No VPN! Login Gateway Update Session Enable / Disable SSO/Rest Engine Validate Session Change Password isprotected isauthorized 13
Highlights from our latest release, SSO/Rest 3.0: Pluggable logic for custom request handling: Create your own ACO parameters with our annotationdriven API Plugin self-registration Give app teams the self-service capability to register plugins, or orchestrate provisioning of new app instances Extended Realm ACO Apply agent parameters at the realm level 14
More highlights from our latest release: Management console Metrics measurements with Elastisearch Swagger User Interface Fine-grain logging and tracing Automated testing and Self Diagnostic tool 15
SSO/Rest now supports NGINX with an NGINX+ Certified Module Our native, single library plugin integrates NGINX and NGINX+ into your CA SSO solution, allowing you to use the full capabilities of CA SSO with NGINX 16
Also check out our other products: /products Turn CA SSO into your Enterprise 2-Factor Auth Solution with SSO/MobileKey. For more details visit /products/ssomobilekey/ THANK YOU! For More Information, Please Visit IDF Connect, Inc. 2207 Concord Pike #359 Wilmington, DE 19803 Phone: (888) 765-1611 Fax: (888) 765-7284 www.linkedin.com/in/rsand @IDFConnect @rsand2 www.facebook.com/idfconnect