SlideShare uma empresa Scribd logo

Open Source Identity Integration with OpenSSO

Startup Cursos
Startup Cursos

This document discusses identity management and single sign-on (SSO) within and between organizations. It introduces web access management and federation standards like SAML and WS-Federation that enable SSO beyond a single enterprise. OpenSSO is presented as an open source SSO solution that implements these standards and supports access management, federation, and identity services. The document encourages participation in the OpenSSO community and provides additional resources.

Tecnologia
1 de 24
Baixar para ler offline
Open Source Identity Integration with OpenSSO April 19, 2008 Pat Patterson Federation Architect pat.patterson@sun.com blogs.sun.com/superpat
Agenda • Web Access Management > The Problem > The Solution > How Does It Work? • Federation > Single Sign-On Beyond a Single Enterprise > How Does It Work? • OpenSSO > Project Overview 2
Typical Problems • “Every application wants me to log in!” • “I have too many passwords – my monitor is covered in Post-its!” • “We're implementing Sarbanes-Oxley – we need to control access to applications!” • “We need to access outsourced functions!” • “Our partners need to access our applications!” 3
Web Access Management • Simplest scenario is within a single organization • Factor authentication and authorization out of web applications into web access management (WAM) solution • Can use browser cookies within a DNS domain • Proxy or Agent architecture implements role-based access control (RBAC) • Users get single sign-on, IT gets control 4
Single Sign-On Within an Organization Web Server Web Server SSO Server Application Server End User 5
How It Works SSO Server Browser Agent Application GET hrapp/index.html Redirect to SSO Server Authenticate Redirect to hrapp/index.html (with SSO cookie) GET hrapp/index.html (with SSO cookie)‫‏‬ Is this user allowed to access hrapp/index.html? Yes! Allow request to proceed Application response 6
Web Access Management Products • Sun Java System Access Manager > OpenSSO • CA (Netegrity) SiteMinder Access Manager • IBM Tivoli Access Manager • Oracle (Oblix) Access Manager • Novell Access Maneger • JA-SIG CAS • JOSSO 7
Typical Problems • “Every application wants me to log in!” • “I have too many passwords – my monitor is covered in Post-its!” • “We're implementing Sarbanes-Oxley – we need to control access to applications!” • “We need to access outsourced functions!” • “Our partners need to access our applications!” 8
Single Sign-on between Organizations • Cookies no longer work > Need a more sophisticated protocol • Can't mandate single vendor solution > Need standards for interoperability 9
Single Sign-On Standards Liberty Liberty Liberty “Phase 1” ID-FF 1.1,1.2 Federation = SAML1 SAML1.1 SAML2 Shibboleth Shibboleth 1.0,1.1 1.2 WS-Federation WS-Federation 1.0 1.1 2002 2003 2004 2005 2006 10
SAML 2.0 Concepts Profiles Combining protocols, bindings, and assertions to support a defined use case Authentication Context Detailed data on Bindings types and strengths of authentication Mapping SAML protocols onto standard messaging or communication protocols Protocols Request/response pairs for obtaining assertions and doing ID management Metadata Assertions IdP and SP Authentication, attribute and entitlement configuration data information 11
SSO Across Organizations Service Service Provider Provider Identity Provider Service Provider End User 12
SAML 2.0 SSO Basics Identity Provider Browser Service Provider GET hrapp/index.html Redirect with SAML Request SAML Authentication Request Authenticate HTML form with SAML Response SAML Response Service Provider examines SAML Response and makes access Response control decision 13
SAML 2.0 Assertion (Abbreviated!) <Assertion Version="2.0" ID="..." IssueInstant="2007-11-06T16:42:28Z"> <Issuer>https://pat-pattersons-computer.local:8181/</Issuer> <Signature>...</Signature> <saml:Subject> <saml:NameID Format="urn:oasis:...:persistent" ...> ZG0OZ3JWP9yduIQ1zFJbVVGHlQ9M </saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:...:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2007-11-06T16:42:28Z" NotOnOrAfter="2007-11-06T16:52:28Z"> <saml:AudienceRestriction> <saml:Audience> https://pat-pattersons-computer.local/example-pat/ </saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2007-11-06T16:42:28Z" ...> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:...:PasswordProtectedTransport </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion> 14
SAML 2.0 Adoption • Sun, IBM, CA – all the usual suspects, except Microsoft • OpenSAML (Internet2) > Java, C++ • OpenSSO (Sun) > Java, PHP, Ruby • SimpleSAMLphp (Feide) om • LASSO (Entr'ouvert) o.c > C/SWIG glob • ZXID (Symlabs) > C/SWIG 15
What is OpenSSO? • OpenSSO 1.0 == Federated Access Manager 8.0 • All FAM 8.0 builds available via OpenSSO Open Access. • Preview Features Open Federation. • Provide Feedback • Review code security 16
OpenSSO Momentum • In less than 2 years... > 650 project members at opensso.org > ~15 external committers > Consistently in Top 10* java.net projects by mail traffic – * of over 3000 projects • Production deployments > www.audi.co.uk – 250,000 customer profiles .br > openid.sun.com ov – OpenID for Sun employees .....g > telenet.be – Foundation for fine-grained authorization 17
OpenSSO Roadmap OpenSSO 1.0 / FAM 8.0 Summer 2008 OpenSSO OpenSSO 1.next / OpenSSO Federation FAM 8.1 Q3CY06 Q4CY06 End of 2008 OpenSSO Access Manager 7.1 Q4CY06 Access Manager Federation Manager 7.0 Q4CY05 Federation Manager 18
OpenSSO 1.0 Access Management • Centralized Agent Configuration & Deployment • Centralized Configuration • XACML Request/Response • Wide choice of Application Servers Federation • Fedlet • Virtual Federation • Multi-Federation Protocol Hub • WS-Federation 1.1 • 3rd Party WAM Interoperability 19
OpenSSO 1.0 Identity Services • Authentication as a service • Authorization as a service • Audit as a service • Attribute Query as a service • Secure Trust Authority • Web Services Security Plug-ins • SDK for Securing Web Services But that's not all... 20
OpenSSO Extensions https://opensso.dev.java.net/public/extensions/ • PHP SAML 2.0 SP implementation > Picked up by Feide (Norway) SAML 2.0 • Ruby SAML 2.0 SP implementation • SAML 2.0 ECP test rig • OpenID 1.1 Provider OpenID > Deployed at openid.sun.com Client SDK • PHP Client SDK implementation • ActivIdentity 4Tress Authentication Modules • Hitachi Finger Vein Biometric • Information Card (aka CardSpace) 21
Participe! Join Download Sign up at OpenSSO 1.0 opensso.org Build 4 Subscribe Chat OpenSSO Mailing Lists #opensso on dev, users, announce freenode.net 22
Resources https://opensso.dev.java.net/public/extensions/ OpenSSO • http://opensso.org/ SAML @ Globo.com • André Bechara video > http://tinyurl.com/6rugrm Pat's Blog • Superpatterns > http://blogs.sun.com/superpat/ Daniel Raskin's Blog • Virtual Daniel > http://blogs.sun.com/raskin/ 23
Open Source Identity Integration with OpenSSO April 19, 2008 Pat Patterson Federation Architect pat.patterson@sun.com blogs.sun.com/superpat

Recomendados

Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforcedeimos
 
Oracle 4월 20일
Oracle 4월 20일Oracle 4월 20일
Oracle 4월 20일Cana Ko
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
4. tmg 2010 e uag 2010
4. tmg 2010 e uag 20104. tmg 2010 e uag 2010
4. tmg 2010 e uag 2010Fabrizio Volpe
 
The Java EE 7 Platform: Developing for the Cloud (FISL 12)
The Java EE 7 Platform: Developing for the Cloud (FISL 12)The Java EE 7 Platform: Developing for the Cloud (FISL 12)
The Java EE 7 Platform: Developing for the Cloud (FISL 12)Arun Gupta
 
OSGi & Java EE in GlassFish @ Silicon Valley Code Camp 2010
OSGi & Java EE in GlassFish @ Silicon Valley Code Camp 2010OSGi & Java EE in GlassFish @ Silicon Valley Code Camp 2010
OSGi & Java EE in GlassFish @ Silicon Valley Code Camp 2010Arun Gupta
 
Running your Java EE 6 applications in the Cloud @ Silicon Valley Code Camp 2010
Running your Java EE 6 applications in the Cloud @ Silicon Valley Code Camp 2010Running your Java EE 6 applications in the Cloud @ Silicon Valley Code Camp 2010
Running your Java EE 6 applications in the Cloud @ Silicon Valley Code Camp 2010Arun Gupta
 
Web Performance 101 - Gil Givati
Web Performance 101 - Gil GivatiWeb Performance 101 - Gil Givati
Web Performance 101 - Gil GivatiMika Josting
 

Recomendados

Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforcedeimos
 
Oracle 4월 20일
Oracle 4월 20일Oracle 4월 20일
Oracle 4월 20일Cana Ko
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
4. tmg 2010 e uag 2010
4. tmg 2010 e uag 20104. tmg 2010 e uag 2010
4. tmg 2010 e uag 2010Fabrizio Volpe
 
The Java EE 7 Platform: Developing for the Cloud (FISL 12)
The Java EE 7 Platform: Developing for the Cloud (FISL 12)The Java EE 7 Platform: Developing for the Cloud (FISL 12)
The Java EE 7 Platform: Developing for the Cloud (FISL 12)Arun Gupta
 
OSGi & Java EE in GlassFish @ Silicon Valley Code Camp 2010
OSGi & Java EE in GlassFish @ Silicon Valley Code Camp 2010OSGi & Java EE in GlassFish @ Silicon Valley Code Camp 2010
OSGi & Java EE in GlassFish @ Silicon Valley Code Camp 2010Arun Gupta
 
Running your Java EE 6 applications in the Cloud @ Silicon Valley Code Camp 2010
Running your Java EE 6 applications in the Cloud @ Silicon Valley Code Camp 2010Running your Java EE 6 applications in the Cloud @ Silicon Valley Code Camp 2010
Running your Java EE 6 applications in the Cloud @ Silicon Valley Code Camp 2010Arun Gupta
 
Web Performance 101 - Gil Givati
Web Performance 101 - Gil GivatiWeb Performance 101 - Gil Givati
Web Performance 101 - Gil GivatiMika Josting
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Microsoft TechNet - Belgium and Luxembourg
 
The Java EE 7 Platform: Productivity &amp; HTML5 at San Francisco JUG
The Java EE 7 Platform: Productivity &amp; HTML5 at San Francisco JUGThe Java EE 7 Platform: Productivity &amp; HTML5 at San Francisco JUG
The Java EE 7 Platform: Productivity &amp; HTML5 at San Francisco JUGArun Gupta
 
OpenSSO Tech Overview Aquarium
OpenSSO Tech Overview AquariumOpenSSO Tech Overview Aquarium
OpenSSO Tech Overview AquariumEduardo Pelegri-Llopart
 
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web [Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web Shreeraj Shah
 
Everything You Need to Know about Diagnostics and Debugging on Microsoft Inte...
Everything You Need to Know about Diagnostics and Debugging on Microsoft Inte...Everything You Need to Know about Diagnostics and Debugging on Microsoft Inte...
Everything You Need to Know about Diagnostics and Debugging on Microsoft Inte...goodfriday
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicHarihara sarma
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with EverythingDave Hay
 
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...Microsoft TechNet - Belgium and Luxembourg
 
Xebia adobe flash mobile applications
Xebia adobe flash mobile applicationsXebia adobe flash mobile applications
Xebia adobe flash mobile applicationsMichael Chaize
 
Understanding the nuts & bolts of Java EE 6
Understanding the nuts & bolts of Java EE 6Understanding the nuts & bolts of Java EE 6
Understanding the nuts & bolts of Java EE 6Arun Gupta
 
Ajax World Fall08
Ajax World Fall08Ajax World Fall08
Ajax World Fall08rajivmordani
 
Java EE 7 at JAX London 2011 and JFall 2011
Java EE 7 at JAX London 2011 and JFall 2011Java EE 7 at JAX London 2011 and JFall 2011
Java EE 7 at JAX London 2011 and JFall 2011Arun Gupta
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01Paul Madsen
 
Websphere Portal V6.1 Security Overview
Websphere Portal V6.1 Security OverviewWebsphere Portal V6.1 Security Overview
Websphere Portal V6.1 Security OverviewMunish Gupta
 
Social Enterprise Java Apps on Heroku Webinar
Social Enterprise Java Apps on Heroku WebinarSocial Enterprise Java Apps on Heroku Webinar
Social Enterprise Java Apps on Heroku WebinarSalesforce Developers
 
Find me if you can – smart fuzzing and discovery! shreeraj shah
Find me if you can – smart fuzzing and discovery! shreeraj shahFind me if you can – smart fuzzing and discovery! shreeraj shah
Find me if you can – smart fuzzing and discovery! shreeraj shahowaspindia
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security AvalancheMichele Leroux Bustamante
 
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...Shreeraj Shah
 
Php apache vs iis By Hafedh Yahmadi
Php apache vs iis By Hafedh YahmadiPhp apache vs iis By Hafedh Yahmadi
Php apache vs iis By Hafedh YahmadiTechdaysTunisia
 
Java EE 6 and GlassFish portfolio
Java EE 6 and GlassFish portfolioJava EE 6 and GlassFish portfolio
Java EE 6 and GlassFish portfolioAlexis Moussine-Pouchkine
 
2015/11/16付 オリジナルiTunes週間トップソングトピックス
2015/11/16付 オリジナルiTunes週間トップソングトピックス2015/11/16付 オリジナルiTunes週間トップソングトピックス
2015/11/16付 オリジナルiTunes週間トップソングトピックスThe Natsu Style
 
BubbleMap Application
BubbleMap ApplicationBubbleMap Application
BubbleMap ApplicationMasaya Kogawa
 

Mais conteúdo relacionado

Mais procurados

The Java EE 7 Platform: Productivity &amp; HTML5 at San Francisco JUG
The Java EE 7 Platform: Productivity &amp; HTML5 at San Francisco JUGThe Java EE 7 Platform: Productivity &amp; HTML5 at San Francisco JUG
The Java EE 7 Platform: Productivity &amp; HTML5 at San Francisco JUGArun Gupta
 
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web [Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web Shreeraj Shah
 
Everything You Need to Know about Diagnostics and Debugging on Microsoft Inte...
Everything You Need to Know about Diagnostics and Debugging on Microsoft Inte...Everything You Need to Know about Diagnostics and Debugging on Microsoft Inte...
Everything You Need to Know about Diagnostics and Debugging on Microsoft Inte...goodfriday
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicHarihara sarma
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with EverythingDave Hay
 
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...Microsoft TechNet - Belgium and Luxembourg
 
Xebia adobe flash mobile applications
Xebia adobe flash mobile applicationsXebia adobe flash mobile applications
Xebia adobe flash mobile applicationsMichael Chaize
 
Understanding the nuts & bolts of Java EE 6
Understanding the nuts & bolts of Java EE 6Understanding the nuts & bolts of Java EE 6
Understanding the nuts & bolts of Java EE 6Arun Gupta
 
Java EE 7 at JAX London 2011 and JFall 2011
Java EE 7 at JAX London 2011 and JFall 2011Java EE 7 at JAX London 2011 and JFall 2011
Java EE 7 at JAX London 2011 and JFall 2011Arun Gupta
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01Paul Madsen
 
Websphere Portal V6.1 Security Overview
Websphere Portal V6.1 Security OverviewWebsphere Portal V6.1 Security Overview
Websphere Portal V6.1 Security OverviewMunish Gupta
 
Social Enterprise Java Apps on Heroku Webinar
Social Enterprise Java Apps on Heroku WebinarSocial Enterprise Java Apps on Heroku Webinar
Social Enterprise Java Apps on Heroku WebinarSalesforce Developers
 
Find me if you can – smart fuzzing and discovery! shreeraj shah
Find me if you can – smart fuzzing and discovery! shreeraj shahFind me if you can – smart fuzzing and discovery! shreeraj shah
Find me if you can – smart fuzzing and discovery! shreeraj shahowaspindia
 
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...Shreeraj Shah
 
Php apache vs iis By Hafedh Yahmadi
Php apache vs iis By Hafedh YahmadiPhp apache vs iis By Hafedh Yahmadi
Php apache vs iis By Hafedh YahmadiTechdaysTunisia
 

Mais procurados (20)

Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More
 
The Java EE 7 Platform: Productivity &amp; HTML5 at San Francisco JUG
The Java EE 7 Platform: Productivity &amp; HTML5 at San Francisco JUGThe Java EE 7 Platform: Productivity &amp; HTML5 at San Francisco JUG
The Java EE 7 Platform: Productivity &amp; HTML5 at San Francisco JUG
 
OpenSSO Tech Overview Aquarium
OpenSSO Tech Overview AquariumOpenSSO Tech Overview Aquarium
OpenSSO Tech Overview Aquarium
 
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web [Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
 
Everything You Need to Know about Diagnostics and Debugging on Microsoft Inte...
Everything You Need to Know about Diagnostics and Debugging on Microsoft Inte...Everything You Need to Know about Diagnostics and Debugging on Microsoft Inte...
Everything You Need to Know about Diagnostics and Debugging on Microsoft Inte...
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything
 
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
 
Xebia adobe flash mobile applications
Xebia adobe flash mobile applicationsXebia adobe flash mobile applications
Xebia adobe flash mobile applications
 
Understanding the nuts & bolts of Java EE 6
Understanding the nuts & bolts of Java EE 6Understanding the nuts & bolts of Java EE 6
Understanding the nuts & bolts of Java EE 6
 
Ajax World Fall08
Ajax World Fall08Ajax World Fall08
Ajax World Fall08
 
Java EE 7 at JAX London 2011 and JFall 2011
Java EE 7 at JAX London 2011 and JFall 2011Java EE 7 at JAX London 2011 and JFall 2011
Java EE 7 at JAX London 2011 and JFall 2011
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01
 
Websphere Portal V6.1 Security Overview
Websphere Portal V6.1 Security OverviewWebsphere Portal V6.1 Security Overview
Websphere Portal V6.1 Security Overview
 
Social Enterprise Java Apps on Heroku Webinar
Social Enterprise Java Apps on Heroku WebinarSocial Enterprise Java Apps on Heroku Webinar
Social Enterprise Java Apps on Heroku Webinar
 
Find me if you can – smart fuzzing and discovery! shreeraj shah
Find me if you can – smart fuzzing and discovery! shreeraj shahFind me if you can – smart fuzzing and discovery! shreeraj shah
Find me if you can – smart fuzzing and discovery! shreeraj shah
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security Avalanche
 
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
 
Php apache vs iis By Hafedh Yahmadi
Php apache vs iis By Hafedh YahmadiPhp apache vs iis By Hafedh Yahmadi
Php apache vs iis By Hafedh Yahmadi
 
Java EE 6 and GlassFish portfolio
Java EE 6 and GlassFish portfolioJava EE 6 and GlassFish portfolio
Java EE 6 and GlassFish portfolio
 

Destaque

2015/11/16付 オリジナルiTunes週間トップソングトピックス
2015/11/16付 オリジナルiTunes週間トップソングトピックス2015/11/16付 オリジナルiTunes週間トップソングトピックス
2015/11/16付 オリジナルiTunes週間トップソングトピックスThe Natsu Style
 
BubbleMap Application
BubbleMap ApplicationBubbleMap Application
BubbleMap ApplicationMasaya Kogawa
 
031+heap2+dltv54+540722+a+ใบความรู้ เพื่อนสนิทมิตรสหาย (1หน้า)
031+heap2+dltv54+540722+a+ใบความรู้ เพื่อนสนิทมิตรสหาย (1หน้า)031+heap2+dltv54+540722+a+ใบความรู้ เพื่อนสนิทมิตรสหาย (1หน้า)
031+heap2+dltv54+540722+a+ใบความรู้ เพื่อนสนิทมิตรสหาย (1หน้า)Prachoom Rangkasikorn
 
1администраторы соц. сетей 01.2013
1администраторы соц. сетей 01.20131администраторы соц. сетей 01.2013
1администраторы соц. сетей 01.2013Natalia Odegova
 
Busque, Compare Y Si Encuentra Algo Mejor3
Busque, Compare Y Si Encuentra Algo Mejor3Busque, Compare Y Si Encuentra Algo Mejor3
Busque, Compare Y Si Encuentra Algo Mejor3guest9e6bc3
 
Presentación ciencia. tecnologia y sociedad p1
Presentación ciencia. tecnologia y sociedad p1Presentación ciencia. tecnologia y sociedad p1
Presentación ciencia. tecnologia y sociedad p1Carolina
 
Resume - Mr. Patil Sujay Prabhakar 2016
Resume - Mr. Patil Sujay Prabhakar 2016Resume - Mr. Patil Sujay Prabhakar 2016
Resume - Mr. Patil Sujay Prabhakar 2016sujay patil
 
Blogging for your Construction Industry Business
Blogging for your Construction Industry Business Blogging for your Construction Industry Business
Blogging for your Construction Industry Business Klaxon
 
Bygg din egen merkevare på nett
Bygg din egen merkevare på nettBygg din egen merkevare på nett
Bygg din egen merkevare på nettAudun Farbrot
 
Тара и упаковка
Тара и упаковкаТара и упаковка
Тара и упаковкаLogist.FM
 
PUEMBO DE COTOPAXI. Pablo Guaña
PUEMBO DE COTOPAXI. Pablo GuañaPUEMBO DE COTOPAXI. Pablo Guaña
PUEMBO DE COTOPAXI. Pablo GuañaPablo Guaña
 
Top 9 desktop interview questions answers
Top 9 desktop interview questions answersTop 9 desktop interview questions answers
Top 9 desktop interview questions answershudsons168
 
Estructura atómica 1º
Estructura atómica 1ºEstructura atómica 1º
Estructura atómica 1ºjpache80
 
Секреты привлекательности: интернет-магазин глазами покупателей
Секреты привлекательности: интернет-магазин глазами покупателей Секреты привлекательности: интернет-магазин глазами покупателей
Секреты привлекательности: интернет-магазин глазами покупателей Prom
 
Qualificação (Curta) Julho 2009
Qualificação (Curta) Julho 2009Qualificação (Curta) Julho 2009
Qualificação (Curta) Julho 2009Rodrigo Senra
 

Destaque (20)

2015/11/16付 オリジナルiTunes週間トップソングトピックス
2015/11/16付 オリジナルiTunes週間トップソングトピックス2015/11/16付 オリジナルiTunes週間トップソングトピックス
2015/11/16付 オリジナルiTunes週間トップソングトピックス
 
BubbleMap Application
BubbleMap ApplicationBubbleMap Application
BubbleMap Application
 
031+heap2+dltv54+540722+a+ใบความรู้ เพื่อนสนิทมิตรสหาย (1หน้า)
031+heap2+dltv54+540722+a+ใบความรู้ เพื่อนสนิทมิตรสหาย (1หน้า)031+heap2+dltv54+540722+a+ใบความรู้ เพื่อนสนิทมิตรสหาย (1หน้า)
031+heap2+dltv54+540722+a+ใบความรู้ เพื่อนสนิทมิตรสหาย (1หน้า)
 
1администраторы соц. сетей 01.2013
1администраторы соц. сетей 01.20131администраторы соц. сетей 01.2013
1администраторы соц. сетей 01.2013
 
Busque, Compare Y Si Encuentra Algo Mejor3
Busque, Compare Y Si Encuentra Algo Mejor3Busque, Compare Y Si Encuentra Algo Mejor3
Busque, Compare Y Si Encuentra Algo Mejor3
 
sam
samsam
sam
 
Presentación ciencia. tecnologia y sociedad p1
Presentación ciencia. tecnologia y sociedad p1Presentación ciencia. tecnologia y sociedad p1
Presentación ciencia. tecnologia y sociedad p1
 
Dx bumil
Dx bumilDx bumil
Dx bumil
 
Mensajes
MensajesMensajes
Mensajes
 
Resume - Mr. Patil Sujay Prabhakar 2016
Resume - Mr. Patil Sujay Prabhakar 2016Resume - Mr. Patil Sujay Prabhakar 2016
Resume - Mr. Patil Sujay Prabhakar 2016
 
Blogging for your Construction Industry Business
Blogging for your Construction Industry Business Blogging for your Construction Industry Business
Blogging for your Construction Industry Business
 
Power
PowerPower
Power
 
Marketing & outreach
Marketing & outreachMarketing & outreach
Marketing & outreach
 
Bygg din egen merkevare på nett
Bygg din egen merkevare på nettBygg din egen merkevare på nett
Bygg din egen merkevare på nett
 
Тара и упаковка
Тара и упаковкаТара и упаковка
Тара и упаковка
 
PUEMBO DE COTOPAXI. Pablo Guaña
PUEMBO DE COTOPAXI. Pablo GuañaPUEMBO DE COTOPAXI. Pablo Guaña
PUEMBO DE COTOPAXI. Pablo Guaña
 
Top 9 desktop interview questions answers
Top 9 desktop interview questions answersTop 9 desktop interview questions answers
Top 9 desktop interview questions answers
 
Estructura atómica 1º
Estructura atómica 1ºEstructura atómica 1º
Estructura atómica 1º
 
Секреты привлекательности: интернет-магазин глазами покупателей
Секреты привлекательности: интернет-магазин глазами покупателей Секреты привлекательности: интернет-магазин глазами покупателей
Секреты привлекательности: интернет-магазин глазами покупателей
 
Qualificação (Curta) Julho 2009
Qualificação (Curta) Julho 2009Qualificação (Curta) Julho 2009
Qualificação (Curta) Julho 2009
 

Semelhante a Open Source Identity Integration with OpenSSO

Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSOOpen Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSOelliando dias
 
Otm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soaOtm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soajucaab
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bBruce O'Dell
 
Open sso enterprise customer pitch
Open sso enterprise customer pitchOpen sso enterprise customer pitch
Open sso enterprise customer pitchxKinAnx
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMWSO2
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectMichael J Geiser
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
Implementing Authorization
Implementing AuthorizationImplementing Authorization
Implementing AuthorizationTorin Sandall
 
Application Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomApplication Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomQConLondon2008
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialPrabath Siriwardena
 
Overzicht van de GlassFish technologie, Eugene Bogaart
Overzicht van de GlassFish technologie, Eugene BogaartOverzicht van de GlassFish technologie, Eugene Bogaart
Overzicht van de GlassFish technologie, Eugene BogaartJaco Haans
 
21st Century Service Oriented Architecture
21st Century Service Oriented Architecture21st Century Service Oriented Architecture
21st Century Service Oriented ArchitectureBob Rhubart
 
The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise Kasun Indrasiri
 
Cloud Best Practices
Cloud Best PracticesCloud Best Practices
Cloud Best PracticesEric Bottard
 
A recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMA recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMPaul Madsen
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
 

Semelhante a Open Source Identity Integration with OpenSSO (20)

Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSOOpen Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
 
Otm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soaOtm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soa
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
 
CSG 2012
CSG 2012CSG 2012
CSG 2012
 
Open sso enterprise customer pitch
Open sso enterprise customer pitchOpen sso enterprise customer pitch
Open sso enterprise customer pitch
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS Project
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
 
Implementing Authorization
Implementing AuthorizationImplementing Authorization
Implementing Authorization
 
Application Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomApplication Services On The Web Sales Forcecom
Application Services On The Web Sales Forcecom
 
Enterprise service bus part 2
Enterprise service bus part 2Enterprise service bus part 2
Enterprise service bus part 2
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server Tutorial
 
Overzicht van de GlassFish technologie, Eugene Bogaart
Overzicht van de GlassFish technologie, Eugene BogaartOverzicht van de GlassFish technologie, Eugene Bogaart
Overzicht van de GlassFish technologie, Eugene Bogaart
 
21st Century Service Oriented Architecture
21st Century Service Oriented Architecture21st Century Service Oriented Architecture
21st Century Service Oriented Architecture
 
The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise
 
Cloud Best Practices
Cloud Best PracticesCloud Best Practices
Cloud Best Practices
 
A recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMA recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdM
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
 

Último

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 

Open Source Identity Integration with OpenSSO

  • 1. Open Source Identity Integration with OpenSSO April 19, 2008 Pat Patterson Federation Architect pat.patterson@sun.com blogs.sun.com/superpat
  • 2. Agenda • Web Access Management > The Problem > The Solution > How Does It Work? • Federation > Single Sign-On Beyond a Single Enterprise > How Does It Work? • OpenSSO > Project Overview 2
  • 3. Typical Problems • “Every application wants me to log in!” • “I have too many passwords – my monitor is covered in Post-its!” • “We're implementing Sarbanes-Oxley – we need to control access to applications!” • “We need to access outsourced functions!” • “Our partners need to access our applications!” 3
  • 4. Web Access Management • Simplest scenario is within a single organization • Factor authentication and authorization out of web applications into web access management (WAM) solution • Can use browser cookies within a DNS domain • Proxy or Agent architecture implements role-based access control (RBAC) • Users get single sign-on, IT gets control 4
  • 5. Single Sign-On Within an Organization Web Server Web Server SSO Server Application Server End User 5
  • 6. How It Works SSO Server Browser Agent Application GET hrapp/index.html Redirect to SSO Server Authenticate Redirect to hrapp/index.html (with SSO cookie) GET hrapp/index.html (with SSO cookie)‫‏‬ Is this user allowed to access hrapp/index.html? Yes! Allow request to proceed Application response 6
  • 7. Web Access Management Products • Sun Java System Access Manager > OpenSSO • CA (Netegrity) SiteMinder Access Manager • IBM Tivoli Access Manager • Oracle (Oblix) Access Manager • Novell Access Maneger • JA-SIG CAS • JOSSO 7
  • 8. Typical Problems • “Every application wants me to log in!” • “I have too many passwords – my monitor is covered in Post-its!” • “We're implementing Sarbanes-Oxley – we need to control access to applications!” • “We need to access outsourced functions!” • “Our partners need to access our applications!” 8
  • 9. Single Sign-on between Organizations • Cookies no longer work > Need a more sophisticated protocol • Can't mandate single vendor solution > Need standards for interoperability 9
  • 10. Single Sign-On Standards Liberty Liberty Liberty “Phase 1” ID-FF 1.1,1.2 Federation = SAML1 SAML1.1 SAML2 Shibboleth Shibboleth 1.0,1.1 1.2 WS-Federation WS-Federation 1.0 1.1 2002 2003 2004 2005 2006 10
  • 11. SAML 2.0 Concepts Profiles Combining protocols, bindings, and assertions to support a defined use case Authentication Context Detailed data on Bindings types and strengths of authentication Mapping SAML protocols onto standard messaging or communication protocols Protocols Request/response pairs for obtaining assertions and doing ID management Metadata Assertions IdP and SP Authentication, attribute and entitlement configuration data information 11
  • 12. SSO Across Organizations Service Service Provider Provider Identity Provider Service Provider End User 12
  • 13. SAML 2.0 SSO Basics Identity Provider Browser Service Provider GET hrapp/index.html Redirect with SAML Request SAML Authentication Request Authenticate HTML form with SAML Response SAML Response Service Provider examines SAML Response and makes access Response control decision 13
  • 14. SAML 2.0 Assertion (Abbreviated!) <Assertion Version="2.0" ID="..." IssueInstant="2007-11-06T16:42:28Z"> <Issuer>https://pat-pattersons-computer.local:8181/</Issuer> <Signature>...</Signature> <saml:Subject> <saml:NameID Format="urn:oasis:...:persistent" ...> ZG0OZ3JWP9yduIQ1zFJbVVGHlQ9M </saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:...:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2007-11-06T16:42:28Z" NotOnOrAfter="2007-11-06T16:52:28Z"> <saml:AudienceRestriction> <saml:Audience> https://pat-pattersons-computer.local/example-pat/ </saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2007-11-06T16:42:28Z" ...> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:...:PasswordProtectedTransport </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion> 14
  • 15. SAML 2.0 Adoption • Sun, IBM, CA – all the usual suspects, except Microsoft • OpenSAML (Internet2) > Java, C++ • OpenSSO (Sun) > Java, PHP, Ruby • SimpleSAMLphp (Feide) om • LASSO (Entr'ouvert) o.c > C/SWIG glob • ZXID (Symlabs) > C/SWIG 15
  • 16. What is OpenSSO? • OpenSSO 1.0 == Federated Access Manager 8.0 • All FAM 8.0 builds available via OpenSSO Open Access. • Preview Features Open Federation. • Provide Feedback • Review code security 16
  • 17. OpenSSO Momentum • In less than 2 years... > 650 project members at opensso.org > ~15 external committers > Consistently in Top 10* java.net projects by mail traffic – * of over 3000 projects • Production deployments > www.audi.co.uk – 250,000 customer profiles .br > openid.sun.com ov – OpenID for Sun employees .....g > telenet.be – Foundation for fine-grained authorization 17
  • 18. OpenSSO Roadmap OpenSSO 1.0 / FAM 8.0 Summer 2008 OpenSSO OpenSSO 1.next / OpenSSO Federation FAM 8.1 Q3CY06 Q4CY06 End of 2008 OpenSSO Access Manager 7.1 Q4CY06 Access Manager Federation Manager 7.0 Q4CY05 Federation Manager 18
  • 19. OpenSSO 1.0 Access Management • Centralized Agent Configuration & Deployment • Centralized Configuration • XACML Request/Response • Wide choice of Application Servers Federation • Fedlet • Virtual Federation • Multi-Federation Protocol Hub • WS-Federation 1.1 • 3rd Party WAM Interoperability 19
  • 20. OpenSSO 1.0 Identity Services • Authentication as a service • Authorization as a service • Audit as a service • Attribute Query as a service • Secure Trust Authority • Web Services Security Plug-ins • SDK for Securing Web Services But that's not all... 20
  • 21. OpenSSO Extensions https://opensso.dev.java.net/public/extensions/ • PHP SAML 2.0 SP implementation > Picked up by Feide (Norway) SAML 2.0 • Ruby SAML 2.0 SP implementation • SAML 2.0 ECP test rig • OpenID 1.1 Provider OpenID > Deployed at openid.sun.com Client SDK • PHP Client SDK implementation • ActivIdentity 4Tress Authentication Modules • Hitachi Finger Vein Biometric • Information Card (aka CardSpace) 21
  • 22. Participe! Join Download Sign up at OpenSSO 1.0 opensso.org Build 4 Subscribe Chat OpenSSO Mailing Lists #opensso on dev, users, announce freenode.net 22
  • 23. Resources https://opensso.dev.java.net/public/extensions/ OpenSSO • http://opensso.org/ SAML @ Globo.com • André Bechara video > http://tinyurl.com/6rugrm Pat's Blog • Superpatterns > http://blogs.sun.com/superpat/ Daniel Raskin's Blog • Virtual Daniel > http://blogs.sun.com/raskin/ 23
  • 24. Open Source Identity Integration with OpenSSO April 19, 2008 Pat Patterson Federation Architect pat.patterson@sun.com blogs.sun.com/superpat