Single Sign-On Architectures. Jan De Clercq Senior Member of Technical Staff Technology Leadership Group Hewlett-Packard

Similar documents
Identity Management In Red Hat Enterprise Linux. Dave Sirrine Solutions Architect

SAP Single Sign-On 2.0 Overview Presentation

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Practical Steps Implementing Red Hat Identity Management Solution David Sirrine Senior Technical Account Manager, Red Hat Jerel Gilmer SEC June 29,

Introduction to Identity Management Systems

Ten most common Mistakes with AD FS and Hybrid Identity. Sander Berkouwer MVP, DirTeam.com

Course Outline 20742B

Secure Lightweight Activation and Lifecycle Management

OpenIAM Identity and Access Manager Technical Architecture Overview

PKI is Alive and Well: The Symantec Managed PKI Service

Network Security Essentials

Identity and capability management and federation

IBM Tivoli Directory Server

SAML-Based SSO Solution

Credential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003

M20742-Identity with Windows Server 2016

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Canadian Access Federation: Trust Assertion Document (TAD)

Endpoint Protection with DigitalPersona Pro

20742: Identity with Windows Server 2016

Identity with Windows Server 2016

SLCS and VASH Service Interoperability of Shibboleth and glite

The Old is New Again Engineering Security in the Age of Data Access from Anywhere

METHODOLOGY This program will be conducted with interactive lectures, PowerPoint presentations, discussions and practical exercises.

Canadian Access Federation: Trust Assertion Document (TAD)

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

IAM for Workday: How to Embrace an 800 Pound Gorilla. Michael Brogan & Jonathan Pass UW-IT, Identity & Access Management

Certification Authority

Canadian Access Federation: Trust Assertion Document (TAD)

The Device Has Left the Building

1. Federation Participant Information DRAFT

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

Identity with Windows Server 2016

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Considerations for using short-term certificates

Identität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist

Identity with Windows Server 2016 (742)


Multi Factor Authentication & Self Password Reset

Tivoli Federated Identity Manager. Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic

MOC 20417B: Upgrading Your Skills to MCSA Windows Server 2012

Implement SAML 2.0 SSO in WLS using IDM Federation Services

Canadian Access Federation: Trust Assertion Document (TAD)

Lotus Domino Security NSL, Web SSO, Notes ID vault. Collin Murray Program Director, Lotus Domino Product Management

ASIA PKI Forum Overcome PKI Deployment Obstacles. Terry Leahy, CISSP Vice President, Wells Fargo Sept 15th, 2003

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

Microsoft Certified Solutions Associate (MCSA)

Canadian Access Federation: Trust Assertion Document (TAD)

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Who s Protecting Your Keys? August 2018

Federated Web Services with Mobile Devices

Open mustard seed. Patrick Deegan, Ph.D. ID3

Office 365 and Azure Active Directory Identities In-depth

5 OAuth Essentials for API Access Control

Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory

ForgeRock Access Management Core Concepts AM-400 Course Description. Revision B

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT

70-742: Identity in Windows Server Course Overview

SEVENMENTOR TRAINING PVT.LTD

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

Architecting the Identity-Enabled Enterprise. The Directory Interoperability Forum

SAP Security in a Hybrid World. Kiran Kola

Delivering a Secure BYOD Solution with XenMobile MDM and Cisco ISE

Single Sign-On Showdown

Extranets in SharePoint and SSO for Claims Apps. January 18, 2017

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Securing ArcGIS Services

Privileged Identity Management

Canadian Access Federation: Trust Assertion Document (TAD)

Using the Horizon vrealize Orchestrator Plug-In

Enterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape

Cloud Access Manager Overview

User Directories. Overview, Pros and Cons

Public Key Enabling Oracle Weblogic Server

MCSA Windows Server 2012

Enhanced OpenID Protocol in Identity Management

Canadian Access Federation: Trust Assertion Document (TAD)

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

Security Training Seminars An integral part of The Open Group Security Programme

MOC 20417C: Upgrading Your Skills to MCSA Windows Server 2012

3-Part Guide to Developing a BYOD Strategy

NET EXPERT SOLUTIONS PVT LTD

Canadian Access Federation: Trust Assertion Document (TAD)

02/11/2015. This is a slide for graphics (It has a white background)

Canadian Access Federation: Trust Assertion Document (TAD)

Leveraging HSPD-12 to Meet E-authentication E

Secure your Infrastructure with Azure Multi-Factor Authentication Server

Canadian Access Federation: Trust Assertion Document (TAD)

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

Federal Voting Assistance Program (FVAP)

Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because

All about SAML End-to-end Tableau and OKTA integration

5 OAuth EssEntiAls for APi AccEss control layer7.com

SharePoint 2019 and Extranet User Manager

Use EMS to protect your mobile data and mobile app

Grids and Security. Ian Neilson Grid Deployment Group CERN. TF-CSIRT London 27 Jan

CA CloudMinder. Administration Guide 1.52

Transcription:

Single Sign-On Architectures Jan De Clercq Senior Member of Technical Staff Technology Leadership Group Hewlett-Packard

Agenda Trusted Security Infrastructures SSO: What and Why? SSO Architectures Extending SSO Conclusion HP World 2003 Solutions and Technology Conference & Expo page 2

Agenda Trusted Security Infrastructures SSO: What and Why? SSO Architectures Extending SSO Conclusion HP World 2003 Solutions and Technology Conference & Expo page 3

Trusted Security Infrastructures (TSIs) Applications App 1 App 2 App... Web Services Trusted Security Infrastructures Security Admin Identity Mgmt Sec Pol Mgmt Authent Infra Auditing Author Infra Core I.T Infrastructure Services Meta-Directory Dir A Dir B Dir C DBs Msg Mgmt HP World 2003 Solutions and Technology Conference & Expo page 4

SSO Foundations: Trust Trust Identification SSO Authorization HP World 2003 Solutions and Technology Conference & Expo page 5

Agenda Trusted Security Infrastructures SSO: What and Why? SSO Architectures Extending SSO Conclusion HP World 2003 Solutions and Technology Conference & Expo page 6

SSO: What and Why? Ease of Administration Ease of Use Enables Enforcement of Coherent Security Policy Key to the Kingdom? HP World 2003 Solutions and Technology Conference & Expo page 7

SSO Terminology Infrastructure Server - Physical providers of authentication/sso Authority - Logical providers of authentication/sso/trust = Domain (Windows speak) = Cell (DCE speak) = Realm (Kerberos speak) s Digital Identity Factors Token HP World 2003 Solutions and Technology Conference & Expo page 8

SSO Terminology Tok Sign-On Server Account and Management User Trust Token Validation Exchange Resource Domain Domain Server HP World 2003 Solutions and Technology Conference & Expo page 9

Agenda Trusted Security Infrastructures SSO: What and Why? SSO Architectures Extending SSO Conclusion HP World 2003 Solutions and Technology Conference & Expo page 10

SSO Solutions and Architectures Simple SSO Single Authority and Server Single Authority and Multiple Servers Complex SSO With Single Set of s Token-based SSO PKI-based SSO With Multiple Sets of s Synchronization Client-side Caching Server-side Caching HP World 2003 Solutions and Technology Conference & Expo page 11

Simple SSO Solutions Tok Sign-On Server Account and Management User Trust Token Validation Exchange Resource Domain Domain Server HP World 2003 Solutions and Technology Conference & Expo page 12

Simple SSO Solutions Server Replicated Tok Replication Sign-On Server Master Account and Management User Trust Token Validation Exchange Resource Domain Domain Server HP World 2003 Solutions and Technology Conference & Expo page 13

Traditional Sign-On (No SSO) Tok Tok Sign-On Authority Account and Management User Sign-On(s) Authority Account and Management HP World 2003 Solutions and Technology Conference & Expo page 14

Complex SSO Solutions: Single Set: Tokenbased SSO Tok Sign-On Temporary Token Authority Account and Management User Trust Transparent Sign-On(s) using Temporary Token Authority Account and Management HP World 2003 Solutions and Technology Conference & Expo page 15

Complex SSO Solutions: Single Set: PKI-based SSO User Private Key User Cert User User Registration Certificate Issuance Authority Trust CA Cert Account and Management CA Cert Transparent Sign-On(s) using Public Key s (Certificate and Private Key) Authority CA Cert HP World 2003 Solutions and Technology Conference & Expo page 16

Complex SSO Solutions: Multiple Set: Password Sync Tok Tok Sign-On Authority Account and Management User Sign-On(s) Trust Authority Sync Software Sync Software Synchronization Account and Management HP World 2003 Solutions and Technology Conference & Expo page 17

Complex SSO Solutions: Multiple Set: Clientside Caching Tok Tok Sign-On Authority Account and Management User Secure Client-Side Cache Transparent Sign-On(s) Using Cached s Trust Authority Account and Management HP World 2003 Solutions and Technology Conference & Expo page 18

Complex SSO Solutions: Multiple Set: Serverside Cache Tok Sign-On Tok User Request for s s for Authority Authority Account and Management Trust Transparent Sign-On(s) Using s Returned from Authority s Authority Account and Management HP World 2003 Solutions and Technology Conference & Expo page 19

Agenda Trusted Security Infrastructures SSO: What and Why? SSO Architectures Extending SSO Conclusion HP World 2003 Solutions and Technology Conference & Expo page 20

Extending SSO To cover Different Organizations Scope: Extranet and Internet Federation HP World 2003 Solutions and Technology Conference & Expo page 21

Defining Federation The Use of agreements, standards, and technologies to make identity and entitlements portable across autonomous identity domains. HP World 2003 Solutions and Technology Conference & Expo page 22

Extending SSO: Federation HP World 2003 Solutions and Technology Conference & Expo page 23

Agenda Trusted Security Infrastructures SSO: What and Why? SSO Architectures Extending SSO Conclusion HP World 2003 Solutions and Technology Conference & Expo page 24

Conclusion Creating an SSO Infrastructure for a heterogeneous environment is not an easy job The creation of SSO Infrastructures is a great opportunity to leverage directory and metadirectory investment Prefer open standards above proprietary solutions Keep it simple HP World 2003 Solutions and Technology Conference & Expo page 25

Overview Trusted Security Infrastructures SSO: What and Why? SSO Architectures Extending SSO Conclusion HP World 2003 Solutions and Technology Conference & Expo page 26

Questions? Jan.DeClercq@HP.com HP World 2003 Solutions and Technology Conference & Expo page 27

Interex, Encompass and HP bring you a powerful new HP World.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback