federationinpractice-131031125400-phpapp01
DESCRIPTION
openiamTRANSCRIPT
Applications and data within the firewall perimeter Users within the enterprise Difficult to roll out new services
OLD ACCESS CONTROL
Hanseatic League (Hansa) Trade Confederation Centuries 13th – 17th
Trading outside the walls • Secure • Membership agreement • Follow protocol
Federalism is a political concept in which a group of members are bound together by covenant (Latin: foedus, covenant*) with a governing representative head.
*Agreement
The dictionary
SChengen Area
It is a group of 26 European countries that have abolished passport and immigration controls at their common borders.
§ Present your security token at the entrance § Travel seamlessly within the area
Partners
Outsourcing
Suppliers
Customers
Commercial Applications
In-house dev applications
Legacy applications
Directory
Databases
Active Directory
Enterprise
FEDERATED IDENTITY
Is the means of linking a person´s electronic identity and attributes, stored across multiple distinct identity management systems
Benefits of Federated identity
• Provides Single Sign On for an enhanced user experience
• Share information across partners securely and privately
• Promote adoption of new services
• Reduces costs
• Cloud friendly
• Mobile friendly
10
Federation support REST/JSON
SOAP/XML
OpenAM"SAML 1.0" SAML 1.x" SAML 2.0!
ID-FF"
Shibboleth 1.0/1.1"
Shibboleth 2 (SAML2)"
WS-Federation 1.1"
ADFS"
ADFS2 (SAML 2)"
OAUTH 2.0!
OpenIDConnect!
WS-Federation 1.0"
Identity Provider, Asserting PARTY, IdP
Service Provider, Relaying party, Consumer, SP
Circle of Trust
Service Provider, Relaying party, Consumer, SP
Agreements principal
Authenticate Obtain Token
Present token Access resource
Identity Federation Actors
§ Enterprise connected to Cloud SaaS, partners, suppliers, etc § Customers using social authentication
SaaS
Private Cloud
Social
Partners Outsourcing
Suppliers
Commercial Applications
In-house dev applications
Legacy applications
Directory
Databases
Active Directory
Use Cases
§ SaaS/IDaas Providing services to Enterprises § Social authentication to SaaS and IDaaS
Multi-tenant IdP
Multi-tenant SP
Commercial Applications
In-house dev applications
Legacy applications
Directory
Databases
Active Directory
Use Cases
SaaS
Private Cloud
Social
14
Web App
Native App
Native App
Web App
Login App
RE
ST
O
Aut
h2
Ope
nID
Con
nect
Authentication
Authorization
Attribute Delivery
Federation
SSO
Token Persistence
Session Mgmt
OAuth2 Provider
OpenAM
Cloud
Enterprise
Mobile IAM for the Modern Web
Federation is more than SSO SAML 2.0
IdP, SP, IdP Proxy, Attribute Query Provider, Attribute Authority, Authentication Authority, XACML PEP, XACML PDP
WS-Federation IdP, SP
ID-FF IdP, SP
OAuth 2.0 RESTful Authorization protocol
OpenID Connect Uses OAUTH2 tokens, adds services
OpenAM + family OpenAM Full blown Federation OpenAM Fedlet
Lightweight SAML 2.0 SP OpenIG and Fedlet
Powerful combination of integration and SAML 2.0
Bridge SPE/SalesForce Bridge SAAS oriented federation/sync bridge, includes SAML 2.0 and OAUTH2.
19
Custom federation Policy Agent
Policy Agent
Fedlet
Rev
erse
P
roxy
App
licat
ion
App
licat
ion
App
licat
ion
App
licat
ion
OpenAM “Custom IDP”
SP IDP
Custom AuthN Module
State 1
Custom AuthN Module
State 2
Custom Post
Authentication Module
1
2 3
4
5
6