User Management. Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017

Similar documents
User Management. Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, April 2018

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,

ForgeRock Access Management Core Concepts AM-400 Course Description. Revision B

Authentication & Authorization systems developed for CTA

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility

SAP Security in a Hybrid World. Kiran Kola

Keys to Your Web Presence Checklist

Salesforce External Identity Implementation Guide

Connect-2-Everything SAML SSO (client documentation)

HANDS-ON ACTIVITIES IDENTITY & ACCESS MANAGEMENT FEBRUARY, Hands-on Activities: Identity & Access Management 1

The EGI AAI CheckIn Service

penelope case management software AUTHENTICATION GUIDE v4.4 and higher

Configuration Guide - Single-Sign On for OneDesk

Salesforce External Identity Implementation Guide

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

NIELSEN API PORTAL USER REGISTRATION GUIDE

Authentication in the Cloud. Stefan Seelmann

globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory

Salesforce External Identity Implementation Guide

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

SAML-Based SSO Solution

API Security Management with Sentinet SENTINET

Unified Secure Access Beyond VPN

ForgeRock Access Management Customization and APIs

Single Sign-On (SSO)Technical Specification

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

Integration of the platform. Technical specifications

Standards-based Secure Signon for Cloud and Native Mobile Agents

Warm Up to Identity Protocol Soup

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Challenges in Authenticationand Identity Management

Administering Jive Mobile Apps for ios and Android

Architecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World

How to use or not use the AWS API Gateway for Microservices

Building the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017

VAM. CAS Installer (for 2FA) Value- Added Module (VAM) Deployment Guide

Attributes for Apps How mobile Apps can use SAML Authentication and Attributes

Extranets in SharePoint 2010 and 2013

SOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

SELF SERVICE INTERFACE CODE OF CONNECTION

All about SAML End-to-end Tableau and OKTA integration

Certification Exam Guide SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER. Summer Salesforce.com, inc. All rights reserved.

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

EGI Check-in service. Secure and user-friendly federated authentication and authorisation

13241 Woodland Park Road, Suite 400 Herndon, VA USA A U T H O R : E X O S T A R D ATE: M A R C H V E R S I O N : 3.

OPENID CONNECT 101 WHITE PAPER

5 OAuth EssEntiAls for APi AccEss control layer7.com

TECHNICAL GUIDE SSO SAML Azure AD

SOCIAL LOGIN FOR MAGENTO 2 USER GUIDE

Deploying OAuth with Cisco Collaboration Solution Release 12.0

ArcGIS for Server: Security

INDIGO AAI An overview and status update!

Qualys SAML & Microsoft Active Directory Federation Services Integration

Cloud Access Manager Configuration Guide

TECHNICAL GUIDE SSO SAML. At 360Learning, we don t make promises about technical solutions, we make commitments.

Accessing Test Web Portal of the CTBTO

API Security Management SENTINET

Authentication. Katarina

Contents. Multi-Factor Authentication Overview. Available MFA Factors

Canadian Access Federation: Trust Assertion Document (TAD)

openid connect all the things

SugarCRM for Hootsuite

Deliverable D3.5 Harmonised e-authentication architecture in collaboration with STORK platform (M40) ATTPS. Achieving The Trust Paradigm Shift

CUSTOMER PORTAL. Connectors Guide

CLI users are not listed on the Cisco Prime Collaboration User Management page.

BEST PRACTICES GUIDE MFA INTEGRATION WITH OKTA

Administrator's and Developer's Guide

Certification Exam Guide SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER. Winter Salesforce.com, inc. All rights reserved.

Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief

2. HDF AAI Meeting -- Demo Slides

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Guidelines on non-browser access

Grandstream Networks, Inc. Captive Portal Authentication via Twitter

BIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1

Monitor System Status

Configuring Single Sign-on from the VMware Identity Manager Service to Bonusly

Udemy for Business SSO. Single Sign-On (SSO) capability for the UFB portal

Access Manager Applications Configuration Guide. October 2016

SOCIAL LOGIN FOR MAGENTO 2

SAML-Based SSO Solution

Google Identity Services for work

Aruba Central Guest Access Application

5 OAuth Essentials for API Access Control

Trusted Profile Identification and Validation Model

Container-Native Applications

Getting Started with Cloudamize Manage

ClearPass. Onboard and Cloud Identity Providers. Configuration Guide. Onboard and Cloud Identity Providers. Configuration Guide

Developing Microsoft Azure Solutions (70-532) Syllabus

How to social login with Aruba controller. Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00

Using Keycloak to Provide Authentication, Authorization, and Identity Management Services for Your Gateway

SSO Plugin. Release notes. J System Solutions. Version 4.0

SINGLE SIGN ON SOLUTIONS FOR ICS PRODUCTS

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

Advanced Authentication 6.0 includes new features, improves usability, and resolves several previous issues.

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

Federated access to e-infrastructures worldwide

Transcription:

User Management Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017

Agenda Introduction User Management Federation Objectives

1 Introduction NextGEOSS High-Level Architecture

DataHub harvest and 1 register data, providing links to original sources 1 2 Discovery Enablers empower search on DataHub from users 7 2 3 Access Enablers allow community hubs to create data buckets for access 4 Enhanced distributed gateway from research and operational infrastructures 4 3 5 6 Processing Enablers allow 5 community hubs to deploy distributed ICT technologies 6 Publishing Appliances deliver to the community hubs processed results 7 Community Portals register selected products and services to GEOSS

User Management Context - User Stories Objectives Main Functionality State-of-the-art protocols Logical Architecture Implementation Status KPI Analytics

Context User Stories As a GEOSS user, I want to be able to register myself in the GEOSS community so that the user information is provided to a centralized authentication server to support single sign-on (SSO) with GEOSS providers. As a GEOSS user, I want to be able to authenticate and authorize me in the GEOSS community with single sign-on (SSO) so that I can access to resources (data and some services) A GEOSS user can be a data provider or a final user.

Objectives Current state-of-the-art technologies Support SSO: for minimizing the impact on data users to access and usage: register and login once in the GEOSS community Support federation Rights Harmonization with user attributes

Main functionality Allows registration of users into the GEOSS community providing user information (user name, family name, email, telephone number, gender,...) Allows authentication and authorization mechanisms based on GEOSS user credentials Provides SSO capability that enables a registered GEOSS user to log in once, and access multiple GEOSS applications without being required to authenticate for each application separately. Allows dynamic client registration of GEOSS services (i.e. harvesting, discovery, access and processing data) to be able to use the authentication and authorization mechanisms Allows integration of social network login (Google, Twitter, Facebook, LinkedIn). Allows integration of other SSO systems to provide a federation (e.g. ESA-https://eosso-idp.eo.esa.int, NASA-https://urs.earthdata.nasa.gov/). Is compatible with different protocols: OIDC, SAML2, Oauth2,...

State-of-the-art protocols (I) Authentication viewpoint Authentication/Authorization viewpoint

State-of-the-art protocols (II)

Logical Architecture Based on claims/scopes

Implementation Status

KPI Analytics NextGEOSS SSO allows tracking User Management usage. Number of authentications Authentication delay Registered users and clients Filters by IDP, client User Accesses to Resources!

Federation Objectives Use Cases Proposed Approach

Use Cases As a user, I want to be able to authenticate myself in GEOSS using my credentials from NASA/ESA SSO service for supporting single sign-on (SSO). As a user with an active session started in NASA/ESA SSO service, I want to be able to automatically access GEOSS when selecting NASA/ESA login method. As a user, I want to be able to authenticate myself in NASA/ESA using my credentials from GEOSS SSO service for supporting single sign-on (SSO).

Proposed Approach (I)

Proposed Approach (II) NASA/ESA user profile information will be used for dynamic registration in our UM system (LDAP) and for internal usage in NextGEOSS. Required user attributes: Username First Name Last Name E-mail

Proposed Approach (III) Required information from ESA/NASA IDP: Client ID Client secret Authorization endpoint Token endpoint Required matching parameter: Callback URL: https://nextgeoss-sso.elecnor-deimos.com/auth/nasa/callback

Thanks! Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback