SlideShare a Scribd company logo

New Single Sign-on Options for IBM Lotus Notes & Domino

We4IT Group
We4IT Group

This document discusses new single sign-on options for IBM Lotus Notes and Domino using the Security Assertion Markup Language (SAML) standard. It provides an overview of how SAML-based SSO would work for the Domino web server, Lotus iNotes, and the Lotus Notes client. Administrators would deploy an on-premises SAML identity provider and configure the necessary Domino and server settings to implement SSO using SAML assertions for authentication rather than separate user passwords and prompts.

BusinessTechnology
1 of 44
Download to read offline
New Single Sign-on Options for IBM® Lotus® Notes® & Domino® © 2012 IBM Corporation
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. 2 | © 2012 IBM Corporation
Agenda ■ Standards based SSO using SAML ■ SAML for IBM Lotus Domino web server and IBM Lotus iNotes® ■ SAML for IBM Lotus Notes client 3 | © 2012 IBM Corporation
User accesses many different IBM services with browser or Lotus Notes IBM Connections® LotusLive® Engage® IBM Sametime® Browser Lotus Domino Lotus Quickr® User doesn't want multiple password prompts. 4 | © 2012 IBM Corporation
User might also access third party services. IBM Sametime IBM Connections LotusLive Engage Browser Facebook® Lotus Domino Lotus Quickr User doesn't want multiple password prompts. 5 | © 2012 IBM Corporation
SSO Mission: Fewer password prompts, fewer passwords in general ■ We need SSO because: ─ High administrative cost for managing passwords. ─ Users can't remember a lot of passwords. ─ Password prompts are annoying. ─ Many “different” passwords leads to lower security. ■ If we use cryptographic mechanisms instead of passwords, we can improve security and minimize cost. ■ For best interoperability across IBM and third party applications, we look to adopt standards based SSO. 6 | © 2012 IBM Corporation
Security Assertion Markup Language (SAML) ■ Standard to address Internet SSO. ■ OASIS publishes the standards documents. ■ Many implementations available, including open source. ■ SSO across cooperating domains and across cooperating corporations. ■ IBM LotusLive® Notes implements SAML. 7 | © 2012 IBM Corporation
SAML identity assertion ■ Security is based on PKI. ─ User's identity is represented in a signed XML assertion. ─ Private key, public key pair: – Server creating the assertion signs it using its private key. – Servers processing assertions validate signature using the trusted signer's public key. ─ Standards based, Internet certificates and keys are used. ■ Service identifies the user based on the user's assertion. ─ Assertion contains the authenticated user's name (e.g. email address). 8 | © 2012 IBM Corporation
SAML Identity provider (IdP) authenticates the user Directory ■ IdP implements “federated identity”. ─ Knows about user names, passwords. ─ Might be able to authenticate the user via SPNEGO/Kerberos, or alternate non- password method. ─ Prepares credentials (SAML identity assertion) for the user to target service. – IdP authenticated user x at time y ─ Can be used by services from different vendors. ■ Common IdPs ─ IBM Tivoli® Federated Identity Manager (TFIM®) ─ Microsoft® ADFS® 2.0 integrated with Active Directory® ─ many others 9 | © 2012 IBM Corporation
Federated Identity using SAML assertions ■ Why is it a good thing for security? ─ Minimized use of password (only handled by IdP, if required). ─ Authenticate once to IdP. The IdP may “remember” the user. ─ Customers can use/control their own on-premises IdP. ─ Less user data redundancy. ─ Goal: password info is unavailable to crackers wanting to launch an offline password guessing attack Directory 10 | © 2012 IBM Corporation
Services accepting SAML assertions ■ SAML service provider (SP) receives authentication decision from the IdP. ■ SP authenticates a user by successful verification of the user's SAML assertion. Directory Service 11 | © 2012 IBM Corporation
Remove risk using SSL ■ HTTP protocols in use ■ If SSL (HTTPS) is not used to encrypt the channels ─ Eavesdropper steals user login information, e.g. password. ─ Eavesdropper steals the identity assertion. – Good for short period of time. ─ Eavesdropper steals any cookies. – Good for configured period of time. Directory Service 12 | © 2012 IBM Corporation
Agenda ■ Standards based SSO using SAML ■ SAML for IBM Lotus Domino web server and IBM Lotus iNotes ■ SAML for IBM Lotus Notes client 13 | © 2012 IBM Corporation
(future release) Domino web server as a SAML service provider (SP) ■ Domino SP receives authentication decision from the IdP. ■ Domino authenticates a user by successful verification of the user's SAML assertion. Directory Browser Domino 14 | © 2012 IBM Corporation
Web client: user accessing Domino via browser (1) Directory Browser http://domino1.renovations.com/db.nsf Domino User browses to a protected Domino URL, but hasn't logged in yet. 15 | © 2012 IBM Corporation
Web client: user accessing Domino via browser (2) Directory Browser SAML request and Redirect Domino Domino redirects the browser to the IdP's URL with a SAML request. 16 | © 2012 IBM Corporation
Web client: user accessing Domino via browser (3) URL might look something like this https://idp.renovations.com/sps/saml11/login?TARGET=.... Directory Browser Domino Browser redirects to SAML IdP. 17 | © 2012 IBM Corporation
Web client: user accessing Domino via browser (4) Directory Browser Login info Domino User may be prompted to authenticate to IdP, or the IdP may be configured to authenticate user with non-password method (e.g. SPNEGO/Kerberos). 18 | © 2012 IBM Corporation
Web client: user accessing Domino via browser (5) SAML response, Directory redirect back to Domino Browser Domino IdP has authenticated the user and sends the SAML assertion. 19 | © 2012 IBM Corporation
Web client: user accessing Domino via browser (6) Directory Browser (Http post containing SAML assertion) Domino SAML assertion received at Domino is verified using the IdP's public key. Domino needs to map the name in the assertion to user's Domino name. 20 | © 2012 IBM Corporation
Web client: user accessing Domino via browser (7) Directory Browser Redirect to URL to display Session cookie Domino User is logged in at Domino. User's browser now has credentials to access protected Domino URLs. 21 | © 2012 IBM Corporation
Web client: user accessing Domino via browser (8) Directory http://domino1.renovations.com/db.nsf Browser Session cookie Domino Now the user will see the protected Domino URL. 22 | © 2012 IBM Corporation
User accesses other Domino SAML servers IdP remembers the user, and issues SAML assertions transparently to the user. Directory Browser Session cookie only for Domino 2 Domino2 Domino1 Each Domino server can use SAML assertion and issue the user a single server session cookie. SSO achieved by use of common IdP. 23 | © 2012 IBM Corporation
Administrator sets up Domino SAML in environment with non-SAML IBM servers Directory Browser LTPA Session cookie Domino3 Instead of a single server session cookie, Domino SAML is configured to use an LTPA session cookie that can be shared with other IBM servers. 24 | © 2012 IBM Corporation
Web client: Third party browser application IdP remembers the user. Assertions from IdP may be accepted by a variety of applications. Directory Browser Facebook Domino Administrator has registered the on-premises IdP with Facebook®, so that Facebook can verify SAML assertions from the IdP. 25 | © 2012 IBM Corporation
iNotes may authenticate the user via SAML assertion Directory Browser ● HTTP flows (as shown in previous ID Files slides) to authenticate iNotes ID vault 26 | © 2012 IBM Corporation
iNotes secure mail: Using SAML to avoid prompting for password to Notes id file Directory Browser ID Files User's iNotes ID File ID vault The ID vault server using new Notes RPC channel to receive user's assertion, and to return user's unlocked id file to iNotes. 27 | © 2012 IBM Corporation
Deployment steps for Domino web server SAML ■ Deploy a SAML IdP on-premises. ─ (Optimal) To avoid password prompting by the IdP, configure IdP for SPNEGO/Kerberos user authentication. ─ Tell the IdP about each participating Domino server. ■ Configure Domino. ─ Domino web server settings for SAML. ─ Declare trust in the IdP to login Domino users. ─ Set up name mapping (map user's email address to a Domino distinguished name). ─ (for iNotes secure mail users) Deploy security policy for id file in ID vault. ─ (for iNotes secure mail users) Declare trust in the IdP to authenticate to ID vault. 28 | © 2012 IBM Corporation
Agenda ■ Standards based SSO using SAML ■ SAML for IBM Lotus Domino web server and IBM Lotus iNotes ■ SAML for IBM Lotus Notes client 29 | © 2012 IBM Corporation
Notes Shared Login providing SSO at Notes startup ■ Notes Shared Login is a great feature. ─ User does not have a Notes password. ─ User's id file can be managed in the ID vault. ─ Administrator's policy determines which users have Notes Shared Login. ■ Notes Shared Login can't be used in virtual environments (e.g. Citrix). ─ SAML may provide a useful alternative. 30 | © 2012 IBM Corporation
Notes on Citrix: Virtual environment Active Windows Domain Directory Controller (Kerberos security, ADFS IdP) ID Files ID vault Domino 31 | © 2012 IBM Corporation
(future release)Notes on Citrix: User's home server checks policy to determine whether this is a SAML user. Windows Domain Active Controller Directory (Kerberos security, ADFS IdP) ➢ Administrator has picked one of these ID Files policy choices to enforce for user: ● User is a SAML user. ● User should be prompted for password. ID vault Domino 32 | © 2012 IBM Corporation
Notes on Citrix can leverage the Windows environment for a SAML user. Active Windows Domain Directory Controller (Kerberos security, ADFS IdP) ID Files ID vault Domino For Citrix Windows environment, it may be convenient to deploy Microsoft ADFS 2.0 for the SAML IdP. 33 | © 2012 IBM Corporation
Notes on Citrix: Use SAML to avoid password prompt to start Notes Active Windows Domain Directory Controller (Kerberos security, ADFS IdP) ● Notes embedded browser handles authentication to SAML IdP via ID Files SPNEGO/Kerberos over HTTP. ID vault Domino User has already logged into Windows. User doesn't need to prove who he is to the Microsoft ADFS IdP. 34 | © 2012 IBM Corporation
Notes on Citrix: Use SAML to avoid password prompt to start Notes (by retrieving unlocked id file) Windows Domain Active Controller Directory (Kerberos security, ADFS IdP) ● Send SAML assertion to ID vault server ID Files via Notes RPC channel. ● ID vault server returns user's unlocked id file via Notes RPC channel. ID vault Domino ID vault server evaluates whether the assertion comes from trusted IdP. 35 | © 2012 IBM Corporation
Deployment steps for Notes client use of SAML at startup ■ Deploy a SAML IdP on-premises. ─ (Optimal) To avoid password prompting by the IdP, configure IdP for SPNEGO/Kerberos user authentication. ─ Tell the IdP about the Domino SAML service provider for the ID vault. ■ Configure server settings. ─ Deploy security policy to assign SAML users, and managing id files in ID vault. ─ Declare trust in the IdP to login Notes users by SAML authentication to ID vault. ─ Set up name mapping (map user's email address to a Domino distinguished name). 36 | © 2012 IBM Corporation
User accesses many different IBM services with Notes IBM Connections IBM Sametime LotusLive Engage Lotus Domino Lotus Quickr User doesn't want multiple password prompts. 37 | © 2012 IBM Corporation
Notes plug-ins ● After login to Notes, Notes may attempt authentication to Internet servers. ─ Notes sidebars: – Sametime – Activities (Connections) – Feeds..... ─ Browser applications running in Notes 38 | © 2012 IBM Corporation
Notes plug-ins ● After login to Notes, Notes may attempt authentication to Internet servers. ─ Notes sidebars: – Sametime – Activities (Connections) – Feeds..... ─ Browser applications running in Notes ● Authentication mechanism is specified in Notes account ─ In user's personal Name and Address book 39 | © 2012 IBM Corporation
Notes plug-ins ● After login to Notes, Notes may attempt authentication to Internet servers. ─ Notes sidebars: – Sametime – Activities (Connections) – Feeds..... ─ Browser applications running in Notes ● Authentication mechanism is specified in Notes account ─ In user's personal Name and Address book ● Notes already has an option for SAML to LotusLive Notes 40 | © 2012 IBM Corporation
Optimally Notes plug-ins can use SAML in the future ■ Notes embedded browser can make requests to an IdP. ─ No login prompts if IdP using SPNEGO/Kerberos. ─ Issue: not all target servers will be able to accept a SAML assertion. ■ Notes could send a SAML assertion to Domino to authenticate and receive a session token (LTPA) for use by Notes plug-in 41 | © 2012 IBM Corporation
8.5.2 Notes managed accounts ■ Administrator manages Account documents in Domino Directory. ─ Domino policy mechanism pushes accounts to Notes client. ─ We may need some tweaks to Account documents for SAML. 42 | © 2012 IBM Corporation
Legal disclaimer © IBM Corporation 2012. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, Lotuslive, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Facebook is a registered trademark of Facebook, Inc in the United States, other countries, or both. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. All references to Renovations refer to a fictitious company and are used for illustration purposes only. 43 | © 2012 IBM Corporation
Questions? 44 | © 2012 IBM Corporation

Recommended

Domino/Notes 9.0 upgrade to take advantage of NFL, WFL and CORS technologies
Domino/Notes 9.0 upgrade to take advantage of NFL, WFL and CORS technologiesDomino/Notes 9.0 upgrade to take advantage of NFL, WFL and CORS technologies
Domino/Notes 9.0 upgrade to take advantage of NFL, WFL and CORS technologiesAndrew Luder
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 
A Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnA Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnGabriella Davis
 
ISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onGabriella Davis
 
IBM Single Sign-On
IBM Single Sign-OnIBM Single Sign-On
IBM Single Sign-OnVan Staub, MBA
 
Open Mic "Notes Federated Login"
Open Mic "Notes Federated Login"Open Mic "Notes Federated Login"
Open Mic "Notes Federated Login"Ranjit Rai
 
Connect2016 - 1172 Shipping domino
Connect2016 - 1172 Shipping dominoConnect2016 - 1172 Shipping domino
Connect2016 - 1172 Shipping dominoMatteo Bisi
 
BeamAuth - Two-Factor Web Authentication with a Bookmark
BeamAuth - Two-Factor Web Authentication with a BookmarkBeamAuth - Two-Factor Web Authentication with a Bookmark
BeamAuth - Two-Factor Web Authentication with a BookmarkBen Adida
 

Recommended

Domino/Notes 9.0 upgrade to take advantage of NFL, WFL and CORS technologies
Domino/Notes 9.0 upgrade to take advantage of NFL, WFL and CORS technologiesDomino/Notes 9.0 upgrade to take advantage of NFL, WFL and CORS technologies
Domino/Notes 9.0 upgrade to take advantage of NFL, WFL and CORS technologiesAndrew Luder
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 
A Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnA Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnGabriella Davis
 
ISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onGabriella Davis
 
IBM Single Sign-On
IBM Single Sign-OnIBM Single Sign-On
IBM Single Sign-OnVan Staub, MBA
 
Open Mic "Notes Federated Login"
Open Mic "Notes Federated Login"Open Mic "Notes Federated Login"
Open Mic "Notes Federated Login"Ranjit Rai
 
Connect2016 - 1172 Shipping domino
Connect2016 - 1172 Shipping dominoConnect2016 - 1172 Shipping domino
Connect2016 - 1172 Shipping dominoMatteo Bisi
 
BeamAuth - Two-Factor Web Authentication with a Bookmark
BeamAuth - Two-Factor Web Authentication with a BookmarkBeamAuth - Two-Factor Web Authentication with a Bookmark
BeamAuth - Two-Factor Web Authentication with a BookmarkBen Adida
 
Open mic activity logging
Open mic activity loggingOpen mic activity logging
Open mic activity loggingRanjit Rai
 
Connections Directory Integration: A Tour Through Best Practices for Directo...
Connections Directory Integration: A Tour Through Best Practices for Directo...Connections Directory Integration: A Tour Through Best Practices for Directo...
Connections Directory Integration: A Tour Through Best Practices for Directo...Gabriella Davis
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authoritywebhostingguy
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101Mike Schwartz
 
Introducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceIntroducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceAmin Saqi
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
External Users Accessing Connections
External Users Accessing Connections External Users Accessing Connections
External Users Accessing Connections Gabriella Davis
 
Know, Share, Do - Custom Apps
Know, Share, Do - Custom AppsKnow, Share, Do - Custom Apps
Know, Share, Do - Custom AppsTIMETOACT GROUP
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentationwebhostingguy
 
There’s an API for that! Why and how to build on the IBM Connections PLATFORM
There’s an API for that! Why and how to build on the IBM Connections PLATFORMThere’s an API for that! Why and how to build on the IBM Connections PLATFORM
There’s an API for that! Why and how to build on the IBM Connections PLATFORMMikkel Flindt Heisterberg
 
Building a mobile application for dot netnuke v3
Building a mobile application for dot netnuke v3Building a mobile application for dot netnuke v3
Building a mobile application for dot netnuke v3brchapman
 
Ibm connections docs 2 install guide
Ibm connections docs 2 install guideIbm connections docs 2 install guide
Ibm connections docs 2 install guideRoberto Boccadoro
 
Adobe® Flex™
Adobe® Flex™Adobe® Flex™
Adobe® Flex™Uday Shankar
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
What's new in Portal and WCM 8.5
What's new in Portal and WCM 8.5What's new in Portal and WCM 8.5
What's new in Portal and WCM 8.5Vinayak Tavargeri
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...Putting *Sparkle* in Your Social Applications! Customization and Branding wit...
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...Mitch Cohen
 
Open Mic IBM connections and IBM Verse on premise integration
Open Mic IBM connections and IBM Verse on premise integrationOpen Mic IBM connections and IBM Verse on premise integration
Open Mic IBM connections and IBM Verse on premise integrationjayeshpar2006
 
Fixing Domino Server Sickness
Fixing Domino Server SicknessFixing Domino Server Sickness
Fixing Domino Server SicknessGabriella Davis
 
Domino in the Back, Party In The Front
Domino in the Back, Party In The FrontDomino in the Back, Party In The Front
Domino in the Back, Party In The FrontGabriella Davis
 

More Related Content

What's hot

Open mic activity logging
Open mic activity loggingOpen mic activity logging
Open mic activity loggingRanjit Rai
 
Connections Directory Integration: A Tour Through Best Practices for Directo...
Connections Directory Integration: A Tour Through Best Practices for Directo...Connections Directory Integration: A Tour Through Best Practices for Directo...
Connections Directory Integration: A Tour Through Best Practices for Directo...Gabriella Davis
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authoritywebhostingguy
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
Introducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceIntroducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceAmin Saqi
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
External Users Accessing Connections
External Users Accessing Connections External Users Accessing Connections
External Users Accessing Connections Gabriella Davis
 
Know, Share, Do - Custom Apps
Know, Share, Do - Custom AppsKnow, Share, Do - Custom Apps
Know, Share, Do - Custom AppsTIMETOACT GROUP
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentationwebhostingguy
 
There’s an API for that! Why and how to build on the IBM Connections PLATFORM
There’s an API for that! Why and how to build on the IBM Connections PLATFORMThere’s an API for that! Why and how to build on the IBM Connections PLATFORM
There’s an API for that! Why and how to build on the IBM Connections PLATFORMMikkel Flindt Heisterberg
 
Building a mobile application for dot netnuke v3
Building a mobile application for dot netnuke v3Building a mobile application for dot netnuke v3
Building a mobile application for dot netnuke v3brchapman
 
Ibm connections docs 2 install guide
Ibm connections docs 2 install guideIbm connections docs 2 install guide
Ibm connections docs 2 install guideRoberto Boccadoro
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
What's new in Portal and WCM 8.5
What's new in Portal and WCM 8.5What's new in Portal and WCM 8.5
What's new in Portal and WCM 8.5Vinayak Tavargeri
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...Putting *Sparkle* in Your Social Applications! Customization and Branding wit...
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...Mitch Cohen
 
Open Mic IBM connections and IBM Verse on premise integration
Open Mic IBM connections and IBM Verse on premise integrationOpen Mic IBM connections and IBM Verse on premise integration
Open Mic IBM connections and IBM Verse on premise integrationjayeshpar2006
 

What's hot (20)

Open mic activity logging
Open mic activity loggingOpen mic activity logging
Open mic activity logging
 
Connections Directory Integration: A Tour Through Best Practices for Directo...
Connections Directory Integration: A Tour Through Best Practices for Directo...Connections Directory Integration: A Tour Through Best Practices for Directo...
Connections Directory Integration: A Tour Through Best Practices for Directo...
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authority
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
Introducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceIntroducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and Performance
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
 
External Users Accessing Connections
External Users Accessing Connections External Users Accessing Connections
External Users Accessing Connections
 
Know, Share, Do - Custom Apps
Know, Share, Do - Custom AppsKnow, Share, Do - Custom Apps
Know, Share, Do - Custom Apps
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
 
There’s an API for that! Why and how to build on the IBM Connections PLATFORM
There’s an API for that! Why and how to build on the IBM Connections PLATFORMThere’s an API for that! Why and how to build on the IBM Connections PLATFORM
There’s an API for that! Why and how to build on the IBM Connections PLATFORM
 
Building a mobile application for dot netnuke v3
Building a mobile application for dot netnuke v3Building a mobile application for dot netnuke v3
Building a mobile application for dot netnuke v3
 
Ibm connections docs 2 install guide
Ibm connections docs 2 install guideIbm connections docs 2 install guide
Ibm connections docs 2 install guide
 
Adobe® Flex™
Adobe® Flex™Adobe® Flex™
Adobe® Flex™
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
What's new in Portal and WCM 8.5
What's new in Portal and WCM 8.5What's new in Portal and WCM 8.5
What's new in Portal and WCM 8.5
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...Putting *Sparkle* in Your Social Applications! Customization and Branding wit...
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...
 
Open Mic IBM connections and IBM Verse on premise integration
Open Mic IBM connections and IBM Verse on premise integrationOpen Mic IBM connections and IBM Verse on premise integration
Open Mic IBM connections and IBM Verse on premise integration
 

Viewers also liked

Fixing Domino Server Sickness
Fixing Domino Server SicknessFixing Domino Server Sickness
Fixing Domino Server SicknessGabriella Davis
 
Domino in the Back, Party In The Front
Domino in the Back, Party In The FrontDomino in the Back, Party In The Front
Domino in the Back, Party In The FrontGabriella Davis
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application SecuritySecureAuth
 
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...SecureAuth
 
What's New in IdP 9.0 Behavioral Biometrics and more…
What's New in IdP 9.0 Behavioral Biometrics and more…What's New in IdP 9.0 Behavioral Biometrics and more…
What's New in IdP 9.0 Behavioral Biometrics and more…SecureAuth
 
What to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access ControlWhat to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access ControlSecureAuth
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleRMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleClément OUDOT
 
LDAP, SAML and Hue
LDAP, SAML and HueLDAP, SAML and Hue
LDAP, SAML and Huegethue
 
White Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementWhite Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementGigya
 
SAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your EnterpriseSAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your EnterpriseDenis Gundarev
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol OverviewMike Schwartz
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
IBM WebSphere Enterprise Service Bus
IBM WebSphere Enterprise Service BusIBM WebSphere Enterprise Service Bus
IBM WebSphere Enterprise Service BusQuauhtli Zazueta
 

Viewers also liked (18)

Fixing Domino Server Sickness
Fixing Domino Server SicknessFixing Domino Server Sickness
Fixing Domino Server Sickness
 
Domino in the Back, Party In The Front
Domino in the Back, Party In The FrontDomino in the Back, Party In The Front
Domino in the Back, Party In The Front
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application Security
 
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
 
What's New in IdP 9.0 Behavioral Biometrics and more…
What's New in IdP 9.0 Behavioral Biometrics and more…What's New in IdP 9.0 Behavioral Biometrics and more…
What's New in IdP 9.0 Behavioral Biometrics and more…
 
What to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access ControlWhat to Expect in 2016: Top 5 Predictions for Security and Access Control
What to Expect in 2016: Top 5 Predictions for Security and Access Control
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleRMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
 
Keynote apertura Dominopoint Days 2013, #dd13
Keynote apertura Dominopoint Days 2013, #dd13Keynote apertura Dominopoint Days 2013, #dd13
Keynote apertura Dominopoint Days 2013, #dd13
 
LDAP, SAML and Hue
LDAP, SAML and HueLDAP, SAML and Hue
LDAP, SAML and Hue
 
Saml in cloud
Saml in cloudSaml in cloud
Saml in cloud
 
White Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementWhite Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity Management
 
SAML Smackdown
SAML SmackdownSAML Smackdown
SAML Smackdown
 
SAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your EnterpriseSAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your Enterprise
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol Overview
 
Introduction to SAML
Introduction to SAMLIntroduction to SAML
Introduction to SAML
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
 
IBM WebSphere Enterprise Service Bus
IBM WebSphere Enterprise Service BusIBM WebSphere Enterprise Service Bus
IBM WebSphere Enterprise Service Bus
 

Similar to New Single Sign-on Options for IBM Lotus Notes & Domino

Energizing IBM Notes Domino Enterprises: Social, Mobile, Cloud and Mail Next
Energizing IBM Notes Domino Enterprises: Social, Mobile, Cloud and Mail NextEnergizing IBM Notes Domino Enterprises: Social, Mobile, Cloud and Mail Next
Energizing IBM Notes Domino Enterprises: Social, Mobile, Cloud and Mail NextLuis Guirigay
 
JMP201 - IBM Sametime 8.5 Deployment Workshop
JMP201 - IBM Sametime 8.5 Deployment WorkshopJMP201 - IBM Sametime 8.5 Deployment Workshop
JMP201 - IBM Sametime 8.5 Deployment WorkshopWes Morgan
 
IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your bos...
IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your bos...IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your bos...
IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your bos...Frank Altenburg
 
AD109 - Using the IBM Sametime Proxy SDK: WebSphere Portal, IBM Connections -...
AD109 - Using the IBM Sametime Proxy SDK: WebSphere Portal, IBM Connections -...AD109 - Using the IBM Sametime Proxy SDK: WebSphere Portal, IBM Connections -...
AD109 - Using the IBM Sametime Proxy SDK: WebSphere Portal, IBM Connections -...Carl Tyler
 
BP209 doctors have scalpels, carpenters have hammers, ibm sametime develope...
BP209 doctors have scalpels, carpenters have hammers, ibm sametime develope...BP209 doctors have scalpels, carpenters have hammers, ibm sametime develope...
BP209 doctors have scalpels, carpenters have hammers, ibm sametime develope...Carl Tyler
 
Open mic on what's new in domino 9 social edition
Open mic on what's new in domino 9 social editionOpen mic on what's new in domino 9 social edition
Open mic on what's new in domino 9 social editionsreeJk
 
Soccnx III - IBM Connections 3.0.1 Integration with Sametime
Soccnx III - IBM Connections 3.0.1 Integration with SametimeSoccnx III - IBM Connections 3.0.1 Integration with Sametime
Soccnx III - IBM Connections 3.0.1 Integration with SametimeLetsConnect
 
ICON UK 2014 - Look mum, no passwords!
ICON UK 2014 - Look mum, no passwords!ICON UK 2014 - Look mum, no passwords!
ICON UK 2014 - Look mum, no passwords!Martin Leyrer
 
Show104 buried treasure
Show104 buried treasureShow104 buried treasure
Show104 buried treasureMark Myers
 
SHOW104 - Buried treasure: Finding the Hidden Gold in Lotus Notes Data
SHOW104 - Buried treasure: Finding the Hidden Gold in Lotus Notes DataSHOW104 - Buried treasure: Finding the Hidden Gold in Lotus Notes Data
SHOW104 - Buried treasure: Finding the Hidden Gold in Lotus Notes Datapanagenda
 
Features of SmartCloud Notes in Hosted and Hybrid Environments
Features of SmartCloud Notes in Hosted and Hybrid EnvironmentsFeatures of SmartCloud Notes in Hosted and Hybrid Environments
Features of SmartCloud Notes in Hosted and Hybrid EnvironmentsRanjit Rai
 
150330 verse - uffe sorensen posted
150330 verse - uffe sorensen posted150330 verse - uffe sorensen posted
150330 verse - uffe sorensen postedUffe Sorensen
 
IBM Lotusphere 2013 AD109: Using the IBM® Sametime® Proxy SDK: WebSphere Port...
IBM Lotusphere 2013 AD109: Using the IBM® Sametime® Proxy SDK: WebSphere Port...IBM Lotusphere 2013 AD109: Using the IBM® Sametime® Proxy SDK: WebSphere Port...
IBM Lotusphere 2013 AD109: Using the IBM® Sametime® Proxy SDK: WebSphere Port...William Holmes
 
Granite Lotus User Group November 2012 ICS Updates
Granite Lotus User Group November 2012 ICS UpdatesGranite Lotus User Group November 2012 ICS Updates
Granite Lotus User Group November 2012 ICS UpdatesLuis Guirigay
 
We4IT LCTY 2013 - captain mobility - whats new ibm notes traveler and mobile ...
We4IT LCTY 2013 - captain mobility - whats new ibm notes traveler and mobile ...We4IT LCTY 2013 - captain mobility - whats new ibm notes traveler and mobile ...
We4IT LCTY 2013 - captain mobility - whats new ibm notes traveler and mobile ...We4IT Group
 
Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...
Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...
Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...SocialBiz UserGroup
 
Show110 - Make your business Open and Social using IBM Notes Social Edition 9.0
Show110 - Make your business Open and Social using IBM Notes Social Edition 9.0Show110 - Make your business Open and Social using IBM Notes Social Edition 9.0
Show110 - Make your business Open and Social using IBM Notes Social Edition 9.0sieverssj
 

Similar to New Single Sign-on Options for IBM Lotus Notes & Domino (20)

Energizing IBM Notes Domino Enterprises: Social, Mobile, Cloud and Mail Next
Energizing IBM Notes Domino Enterprises: Social, Mobile, Cloud and Mail NextEnergizing IBM Notes Domino Enterprises: Social, Mobile, Cloud and Mail Next
Energizing IBM Notes Domino Enterprises: Social, Mobile, Cloud and Mail Next
 
JMP201 - IBM Sametime 8.5 Deployment Workshop
JMP201 - IBM Sametime 8.5 Deployment WorkshopJMP201 - IBM Sametime 8.5 Deployment Workshop
JMP201 - IBM Sametime 8.5 Deployment Workshop
 
IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your bos...
IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your bos...IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your bos...
IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your bos...
 
AD109 - Using the IBM Sametime Proxy SDK: WebSphere Portal, IBM Connections -...
AD109 - Using the IBM Sametime Proxy SDK: WebSphere Portal, IBM Connections -...AD109 - Using the IBM Sametime Proxy SDK: WebSphere Portal, IBM Connections -...
AD109 - Using the IBM Sametime Proxy SDK: WebSphere Portal, IBM Connections -...
 
BP209 doctors have scalpels, carpenters have hammers, ibm sametime develope...
BP209 doctors have scalpels, carpenters have hammers, ibm sametime develope...BP209 doctors have scalpels, carpenters have hammers, ibm sametime develope...
BP209 doctors have scalpels, carpenters have hammers, ibm sametime develope...
 
Open mic on what's new in domino 9 social edition
Open mic on what's new in domino 9 social editionOpen mic on what's new in domino 9 social edition
Open mic on what's new in domino 9 social edition
 
Soccnx III - IBM Connections 3.0.1 Integration with Sametime
Soccnx III - IBM Connections 3.0.1 Integration with SametimeSoccnx III - IBM Connections 3.0.1 Integration with Sametime
Soccnx III - IBM Connections 3.0.1 Integration with Sametime
 
ICON UK 2014 - Look mum, no passwords!
ICON UK 2014 - Look mum, no passwords!ICON UK 2014 - Look mum, no passwords!
ICON UK 2014 - Look mum, no passwords!
 
Show104 buried treasure
Show104 buried treasureShow104 buried treasure
Show104 buried treasure
 
SHOW104 - Buried treasure: Finding the Hidden Gold in Lotus Notes Data
SHOW104 - Buried treasure: Finding the Hidden Gold in Lotus Notes DataSHOW104 - Buried treasure: Finding the Hidden Gold in Lotus Notes Data
SHOW104 - Buried treasure: Finding the Hidden Gold in Lotus Notes Data
 
Wfl
WflWfl
Wfl
 
Features of SmartCloud Notes in Hosted and Hybrid Environments
Features of SmartCloud Notes in Hosted and Hybrid EnvironmentsFeatures of SmartCloud Notes in Hosted and Hybrid Environments
Features of SmartCloud Notes in Hosted and Hybrid Environments
 
Identity soup
Identity soupIdentity soup
Identity soup
 
150330 verse - uffe sorensen posted
150330 verse - uffe sorensen posted150330 verse - uffe sorensen posted
150330 verse - uffe sorensen posted
 
IBM Lotusphere 2013 AD109: Using the IBM® Sametime® Proxy SDK: WebSphere Port...
IBM Lotusphere 2013 AD109: Using the IBM® Sametime® Proxy SDK: WebSphere Port...IBM Lotusphere 2013 AD109: Using the IBM® Sametime® Proxy SDK: WebSphere Port...
IBM Lotusphere 2013 AD109: Using the IBM® Sametime® Proxy SDK: WebSphere Port...
 
Granite Lotus User Group November 2012 ICS Updates
Granite Lotus User Group November 2012 ICS UpdatesGranite Lotus User Group November 2012 ICS Updates
Granite Lotus User Group November 2012 ICS Updates
 
We4IT LCTY 2013 - captain mobility - whats new ibm notes traveler and mobile ...
We4IT LCTY 2013 - captain mobility - whats new ibm notes traveler and mobile ...We4IT LCTY 2013 - captain mobility - whats new ibm notes traveler and mobile ...
We4IT LCTY 2013 - captain mobility - whats new ibm notes traveler and mobile ...
 
Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...
Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...
Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...
 
Show110 - Make your business Open and Social using IBM Notes Social Edition 9.0
Show110 - Make your business Open and Social using IBM Notes Social Edition 9.0Show110 - Make your business Open and Social using IBM Notes Social Edition 9.0
Show110 - Make your business Open and Social using IBM Notes Social Edition 9.0
 
Lotusphere 2012 - What's new in Lotus Notes & Domino
Lotusphere 2012 - What's new in Lotus Notes & DominoLotusphere 2012 - What's new in Lotus Notes & Domino
Lotusphere 2012 - What's new in Lotus Notes & Domino
 

More from We4IT Group

Aveedo - Der schnellste Weg zur Modernisierung von Notes Anwendungen (SNoUG 2...
Aveedo - Der schnellste Weg zur Modernisierung von Notes Anwendungen (SNoUG 2...Aveedo - Der schnellste Weg zur Modernisierung von Notes Anwendungen (SNoUG 2...
Aveedo - Der schnellste Weg zur Modernisierung von Notes Anwendungen (SNoUG 2...We4IT Group
 
cloud oder nicht-cloud - strategien für sonnenschein am it-himmel
cloud oder nicht-cloud - strategien für sonnenschein am it-himmelcloud oder nicht-cloud - strategien für sonnenschein am it-himmel
cloud oder nicht-cloud - strategien für sonnenschein am it-himmelWe4IT Group
 
Arbeitsplatz der Zukunft - We4IT Collaboration Cloud
Arbeitsplatz der Zukunft - We4IT Collaboration CloudArbeitsplatz der Zukunft - We4IT Collaboration Cloud
Arbeitsplatz der Zukunft - We4IT Collaboration CloudWe4IT Group
 
We4IT Mobile Solutions doclinkr and Aveedo - BLUG/Engage Mobile Conference 2013
We4IT Mobile Solutions doclinkr and Aveedo - BLUG/Engage Mobile Conference 2013We4IT Mobile Solutions doclinkr and Aveedo - BLUG/Engage Mobile Conference 2013
We4IT Mobile Solutions doclinkr and Aveedo - BLUG/Engage Mobile Conference 2013We4IT Group
 
We4IT - IBM Notes & Domino 9 Social Edition
We4IT - IBM Notes & Domino 9 Social EditionWe4IT - IBM Notes & Domino 9 Social Edition
We4IT - IBM Notes & Domino 9 Social EditionWe4IT Group
 
We4IT LCTY 2013 - Social Girl - Social Communications Strategy and the IBM Sa...
We4IT LCTY 2013 - Social Girl - Social Communications Strategy and the IBM Sa...We4IT LCTY 2013 - Social Girl - Social Communications Strategy and the IBM Sa...
We4IT LCTY 2013 - Social Girl - Social Communications Strategy and the IBM Sa...We4IT Group
 
We4IT LCTY 2013 - Infra-Man - Deep Dive into IBM Sametime - Advanced Video Te...
We4IT LCTY 2013 - Infra-Man - Deep Dive into IBM Sametime - Advanced Video Te...We4IT LCTY 2013 - Infra-Man - Deep Dive into IBM Sametime - Advanced Video Te...
We4IT LCTY 2013 - Infra-Man - Deep Dive into IBM Sametime - Advanced Video Te...We4IT Group
 
We4IT LCTY 2013 - Captain Mobility - INV102 Mobile Strategy
We4IT LCTY 2013 - Captain Mobility - INV102 Mobile StrategyWe4IT LCTY 2013 - Captain Mobility - INV102 Mobile Strategy
We4IT LCTY 2013 - Captain Mobility - INV102 Mobile StrategyWe4IT Group
 
We4IT LCTY 2013 - captain mobility - delivering your existing ibm domino appl...
We4IT LCTY 2013 - captain mobility - delivering your existing ibm domino appl...We4IT LCTY 2013 - captain mobility - delivering your existing ibm domino appl...
We4IT LCTY 2013 - captain mobility - delivering your existing ibm domino appl...We4IT Group
 
We4IT LCTY 2013 - social girl - enterprise 2.0
We4IT LCTY 2013 - social girl - enterprise 2.0We4IT LCTY 2013 - social girl - enterprise 2.0
We4IT LCTY 2013 - social girl - enterprise 2.0We4IT Group
 
We4IT LCTY 2013 - x-pages-men - whats next - application modernization roadmap
We4IT LCTY 2013 - x-pages-men - whats next - application modernization roadmapWe4IT LCTY 2013 - x-pages-men - whats next - application modernization roadmap
We4IT LCTY 2013 - x-pages-men - whats next - application modernization roadmapWe4IT Group
 
We4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshell
We4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshellWe4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshell
We4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshellWe4IT Group
 
We4IT lcty 2013 - social girl - social networks und -activitystreams
We4IT lcty 2013 - social girl - social networks und -activitystreamsWe4IT lcty 2013 - social girl - social networks und -activitystreams
We4IT lcty 2013 - social girl - social networks und -activitystreamsWe4IT Group
 
We4IT lcty 2013 - keynote - worst practices - the best of the worst
We4IT lcty 2013 - keynote - worst practices - the best of the worstWe4IT lcty 2013 - keynote - worst practices - the best of the worst
We4IT lcty 2013 - keynote - worst practices - the best of the worstWe4IT Group
 
We4IT lcty 2013 - keynote - ibm messaging & collaboration roadmap 2013
We4IT lcty 2013 - keynote - ibm messaging & collaboration roadmap 2013We4IT lcty 2013 - keynote - ibm messaging & collaboration roadmap 2013
We4IT lcty 2013 - keynote - ibm messaging & collaboration roadmap 2013We4IT Group
 
We4IT lcty 2013 - infra-man - whats new in ibm domino application development
We4IT lcty 2013 - infra-man - whats new in ibm domino application developmentWe4IT lcty 2013 - infra-man - whats new in ibm domino application development
We4IT lcty 2013 - infra-man - whats new in ibm domino application developmentWe4IT Group
 
We4IT lcty 2013 - infra-man - domino run faster
We4IT lcty 2013 - infra-man - domino run faster We4IT lcty 2013 - infra-man - domino run faster
We4IT lcty 2013 - infra-man - domino run faster We4IT Group
 
We4IT lcty 2013 - captain mobility - mobile domino applications offline capab...
We4IT lcty 2013 - captain mobility - mobile domino applications offline capab...We4IT lcty 2013 - captain mobility - mobile domino applications offline capab...
We4IT lcty 2013 - captain mobility - mobile domino applications offline capab...We4IT Group
 
We4IT lcty 2013 - captain mobility - das dropbox prinzip
We4IT lcty 2013 - captain mobility - das dropbox prinzipWe4IT lcty 2013 - captain mobility - das dropbox prinzip
We4IT lcty 2013 - captain mobility - das dropbox prinzipWe4IT Group
 
We4IT Präsentation - doclinkr
We4IT Präsentation - doclinkrWe4IT Präsentation - doclinkr
We4IT Präsentation - doclinkrWe4IT Group
 

More from We4IT Group (20)

Aveedo - Der schnellste Weg zur Modernisierung von Notes Anwendungen (SNoUG 2...
Aveedo - Der schnellste Weg zur Modernisierung von Notes Anwendungen (SNoUG 2...Aveedo - Der schnellste Weg zur Modernisierung von Notes Anwendungen (SNoUG 2...
Aveedo - Der schnellste Weg zur Modernisierung von Notes Anwendungen (SNoUG 2...
 
cloud oder nicht-cloud - strategien für sonnenschein am it-himmel
cloud oder nicht-cloud - strategien für sonnenschein am it-himmelcloud oder nicht-cloud - strategien für sonnenschein am it-himmel
cloud oder nicht-cloud - strategien für sonnenschein am it-himmel
 
Arbeitsplatz der Zukunft - We4IT Collaboration Cloud
Arbeitsplatz der Zukunft - We4IT Collaboration CloudArbeitsplatz der Zukunft - We4IT Collaboration Cloud
Arbeitsplatz der Zukunft - We4IT Collaboration Cloud
 
We4IT Mobile Solutions doclinkr and Aveedo - BLUG/Engage Mobile Conference 2013
We4IT Mobile Solutions doclinkr and Aveedo - BLUG/Engage Mobile Conference 2013We4IT Mobile Solutions doclinkr and Aveedo - BLUG/Engage Mobile Conference 2013
We4IT Mobile Solutions doclinkr and Aveedo - BLUG/Engage Mobile Conference 2013
 
We4IT - IBM Notes & Domino 9 Social Edition
We4IT - IBM Notes & Domino 9 Social EditionWe4IT - IBM Notes & Domino 9 Social Edition
We4IT - IBM Notes & Domino 9 Social Edition
 
We4IT LCTY 2013 - Social Girl - Social Communications Strategy and the IBM Sa...
We4IT LCTY 2013 - Social Girl - Social Communications Strategy and the IBM Sa...We4IT LCTY 2013 - Social Girl - Social Communications Strategy and the IBM Sa...
We4IT LCTY 2013 - Social Girl - Social Communications Strategy and the IBM Sa...
 
We4IT LCTY 2013 - Infra-Man - Deep Dive into IBM Sametime - Advanced Video Te...
We4IT LCTY 2013 - Infra-Man - Deep Dive into IBM Sametime - Advanced Video Te...We4IT LCTY 2013 - Infra-Man - Deep Dive into IBM Sametime - Advanced Video Te...
We4IT LCTY 2013 - Infra-Man - Deep Dive into IBM Sametime - Advanced Video Te...
 
We4IT LCTY 2013 - Captain Mobility - INV102 Mobile Strategy
We4IT LCTY 2013 - Captain Mobility - INV102 Mobile StrategyWe4IT LCTY 2013 - Captain Mobility - INV102 Mobile Strategy
We4IT LCTY 2013 - Captain Mobility - INV102 Mobile Strategy
 
We4IT LCTY 2013 - captain mobility - delivering your existing ibm domino appl...
We4IT LCTY 2013 - captain mobility - delivering your existing ibm domino appl...We4IT LCTY 2013 - captain mobility - delivering your existing ibm domino appl...
We4IT LCTY 2013 - captain mobility - delivering your existing ibm domino appl...
 
We4IT LCTY 2013 - social girl - enterprise 2.0
We4IT LCTY 2013 - social girl - enterprise 2.0We4IT LCTY 2013 - social girl - enterprise 2.0
We4IT LCTY 2013 - social girl - enterprise 2.0
 
We4IT LCTY 2013 - x-pages-men - whats next - application modernization roadmap
We4IT LCTY 2013 - x-pages-men - whats next - application modernization roadmapWe4IT LCTY 2013 - x-pages-men - whats next - application modernization roadmap
We4IT LCTY 2013 - x-pages-men - whats next - application modernization roadmap
 
We4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshell
We4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshellWe4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshell
We4IT LCTY 2013 - x-pages-men - ibm domino xpages - performance in a nutshell
 
We4IT lcty 2013 - social girl - social networks und -activitystreams
We4IT lcty 2013 - social girl - social networks und -activitystreamsWe4IT lcty 2013 - social girl - social networks und -activitystreams
We4IT lcty 2013 - social girl - social networks und -activitystreams
 
We4IT lcty 2013 - keynote - worst practices - the best of the worst
We4IT lcty 2013 - keynote - worst practices - the best of the worstWe4IT lcty 2013 - keynote - worst practices - the best of the worst
We4IT lcty 2013 - keynote - worst practices - the best of the worst
 
We4IT lcty 2013 - keynote - ibm messaging & collaboration roadmap 2013
We4IT lcty 2013 - keynote - ibm messaging & collaboration roadmap 2013We4IT lcty 2013 - keynote - ibm messaging & collaboration roadmap 2013
We4IT lcty 2013 - keynote - ibm messaging & collaboration roadmap 2013
 
We4IT lcty 2013 - infra-man - whats new in ibm domino application development
We4IT lcty 2013 - infra-man - whats new in ibm domino application developmentWe4IT lcty 2013 - infra-man - whats new in ibm domino application development
We4IT lcty 2013 - infra-man - whats new in ibm domino application development
 
We4IT lcty 2013 - infra-man - domino run faster
We4IT lcty 2013 - infra-man - domino run faster We4IT lcty 2013 - infra-man - domino run faster
We4IT lcty 2013 - infra-man - domino run faster
 
We4IT lcty 2013 - captain mobility - mobile domino applications offline capab...
We4IT lcty 2013 - captain mobility - mobile domino applications offline capab...We4IT lcty 2013 - captain mobility - mobile domino applications offline capab...
We4IT lcty 2013 - captain mobility - mobile domino applications offline capab...
 
We4IT lcty 2013 - captain mobility - das dropbox prinzip
We4IT lcty 2013 - captain mobility - das dropbox prinzipWe4IT lcty 2013 - captain mobility - das dropbox prinzip
We4IT lcty 2013 - captain mobility - das dropbox prinzip
 
We4IT Präsentation - doclinkr
We4IT Präsentation - doclinkrWe4IT Präsentation - doclinkr
We4IT Präsentation - doclinkr
 

Recently uploaded

Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 

Recently uploaded (20)

Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 

New Single Sign-on Options for IBM Lotus Notes & Domino

  • 1. New Single Sign-on Options for IBM® Lotus® Notes® & Domino® © 2012 IBM Corporation
  • 2. IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. 2 | © 2012 IBM Corporation
  • 3. Agenda ■ Standards based SSO using SAML ■ SAML for IBM Lotus Domino web server and IBM Lotus iNotes® ■ SAML for IBM Lotus Notes client 3 | © 2012 IBM Corporation
  • 4. User accesses many different IBM services with browser or Lotus Notes IBM Connections® LotusLive® Engage® IBM Sametime® Browser Lotus Domino Lotus Quickr® User doesn't want multiple password prompts. 4 | © 2012 IBM Corporation
  • 5. User might also access third party services. IBM Sametime IBM Connections LotusLive Engage Browser Facebook® Lotus Domino Lotus Quickr User doesn't want multiple password prompts. 5 | © 2012 IBM Corporation
  • 6. SSO Mission: Fewer password prompts, fewer passwords in general ■ We need SSO because: ─ High administrative cost for managing passwords. ─ Users can't remember a lot of passwords. ─ Password prompts are annoying. ─ Many “different” passwords leads to lower security. ■ If we use cryptographic mechanisms instead of passwords, we can improve security and minimize cost. ■ For best interoperability across IBM and third party applications, we look to adopt standards based SSO. 6 | © 2012 IBM Corporation
  • 7. Security Assertion Markup Language (SAML) ■ Standard to address Internet SSO. ■ OASIS publishes the standards documents. ■ Many implementations available, including open source. ■ SSO across cooperating domains and across cooperating corporations. ■ IBM LotusLive® Notes implements SAML. 7 | © 2012 IBM Corporation
  • 8. SAML identity assertion ■ Security is based on PKI. ─ User's identity is represented in a signed XML assertion. ─ Private key, public key pair: – Server creating the assertion signs it using its private key. – Servers processing assertions validate signature using the trusted signer's public key. ─ Standards based, Internet certificates and keys are used. ■ Service identifies the user based on the user's assertion. ─ Assertion contains the authenticated user's name (e.g. email address). 8 | © 2012 IBM Corporation
  • 9. SAML Identity provider (IdP) authenticates the user Directory ■ IdP implements “federated identity”. ─ Knows about user names, passwords. ─ Might be able to authenticate the user via SPNEGO/Kerberos, or alternate non- password method. ─ Prepares credentials (SAML identity assertion) for the user to target service. – IdP authenticated user x at time y ─ Can be used by services from different vendors. ■ Common IdPs ─ IBM Tivoli® Federated Identity Manager (TFIM®) ─ Microsoft® ADFS® 2.0 integrated with Active Directory® ─ many others 9 | © 2012 IBM Corporation
  • 10. Federated Identity using SAML assertions ■ Why is it a good thing for security? ─ Minimized use of password (only handled by IdP, if required). ─ Authenticate once to IdP. The IdP may “remember” the user. ─ Customers can use/control their own on-premises IdP. ─ Less user data redundancy. ─ Goal: password info is unavailable to crackers wanting to launch an offline password guessing attack Directory 10 | © 2012 IBM Corporation
  • 11. Services accepting SAML assertions ■ SAML service provider (SP) receives authentication decision from the IdP. ■ SP authenticates a user by successful verification of the user's SAML assertion. Directory Service 11 | © 2012 IBM Corporation
  • 12. Remove risk using SSL ■ HTTP protocols in use ■ If SSL (HTTPS) is not used to encrypt the channels ─ Eavesdropper steals user login information, e.g. password. ─ Eavesdropper steals the identity assertion. – Good for short period of time. ─ Eavesdropper steals any cookies. – Good for configured period of time. Directory Service 12 | © 2012 IBM Corporation
  • 13. Agenda ■ Standards based SSO using SAML ■ SAML for IBM Lotus Domino web server and IBM Lotus iNotes ■ SAML for IBM Lotus Notes client 13 | © 2012 IBM Corporation
  • 14. (future release) Domino web server as a SAML service provider (SP) ■ Domino SP receives authentication decision from the IdP. ■ Domino authenticates a user by successful verification of the user's SAML assertion. Directory Browser Domino 14 | © 2012 IBM Corporation
  • 15. Web client: user accessing Domino via browser (1) Directory Browser http://domino1.renovations.com/db.nsf Domino User browses to a protected Domino URL, but hasn't logged in yet. 15 | © 2012 IBM Corporation
  • 16. Web client: user accessing Domino via browser (2) Directory Browser SAML request and Redirect Domino Domino redirects the browser to the IdP's URL with a SAML request. 16 | © 2012 IBM Corporation
  • 17. Web client: user accessing Domino via browser (3) URL might look something like this https://idp.renovations.com/sps/saml11/login?TARGET=.... Directory Browser Domino Browser redirects to SAML IdP. 17 | © 2012 IBM Corporation
  • 18. Web client: user accessing Domino via browser (4) Directory Browser Login info Domino User may be prompted to authenticate to IdP, or the IdP may be configured to authenticate user with non-password method (e.g. SPNEGO/Kerberos). 18 | © 2012 IBM Corporation
  • 19. Web client: user accessing Domino via browser (5) SAML response, Directory redirect back to Domino Browser Domino IdP has authenticated the user and sends the SAML assertion. 19 | © 2012 IBM Corporation
  • 20. Web client: user accessing Domino via browser (6) Directory Browser (Http post containing SAML assertion) Domino SAML assertion received at Domino is verified using the IdP's public key. Domino needs to map the name in the assertion to user's Domino name. 20 | © 2012 IBM Corporation
  • 21. Web client: user accessing Domino via browser (7) Directory Browser Redirect to URL to display Session cookie Domino User is logged in at Domino. User's browser now has credentials to access protected Domino URLs. 21 | © 2012 IBM Corporation
  • 22. Web client: user accessing Domino via browser (8) Directory http://domino1.renovations.com/db.nsf Browser Session cookie Domino Now the user will see the protected Domino URL. 22 | © 2012 IBM Corporation
  • 23. User accesses other Domino SAML servers IdP remembers the user, and issues SAML assertions transparently to the user. Directory Browser Session cookie only for Domino 2 Domino2 Domino1 Each Domino server can use SAML assertion and issue the user a single server session cookie. SSO achieved by use of common IdP. 23 | © 2012 IBM Corporation
  • 24. Administrator sets up Domino SAML in environment with non-SAML IBM servers Directory Browser LTPA Session cookie Domino3 Instead of a single server session cookie, Domino SAML is configured to use an LTPA session cookie that can be shared with other IBM servers. 24 | © 2012 IBM Corporation
  • 25. Web client: Third party browser application IdP remembers the user. Assertions from IdP may be accepted by a variety of applications. Directory Browser Facebook Domino Administrator has registered the on-premises IdP with Facebook®, so that Facebook can verify SAML assertions from the IdP. 25 | © 2012 IBM Corporation
  • 26. iNotes may authenticate the user via SAML assertion Directory Browser ● HTTP flows (as shown in previous ID Files slides) to authenticate iNotes ID vault 26 | © 2012 IBM Corporation
  • 27. iNotes secure mail: Using SAML to avoid prompting for password to Notes id file Directory Browser ID Files User's iNotes ID File ID vault The ID vault server using new Notes RPC channel to receive user's assertion, and to return user's unlocked id file to iNotes. 27 | © 2012 IBM Corporation
  • 28. Deployment steps for Domino web server SAML ■ Deploy a SAML IdP on-premises. ─ (Optimal) To avoid password prompting by the IdP, configure IdP for SPNEGO/Kerberos user authentication. ─ Tell the IdP about each participating Domino server. ■ Configure Domino. ─ Domino web server settings for SAML. ─ Declare trust in the IdP to login Domino users. ─ Set up name mapping (map user's email address to a Domino distinguished name). ─ (for iNotes secure mail users) Deploy security policy for id file in ID vault. ─ (for iNotes secure mail users) Declare trust in the IdP to authenticate to ID vault. 28 | © 2012 IBM Corporation
  • 29. Agenda ■ Standards based SSO using SAML ■ SAML for IBM Lotus Domino web server and IBM Lotus iNotes ■ SAML for IBM Lotus Notes client 29 | © 2012 IBM Corporation
  • 30. Notes Shared Login providing SSO at Notes startup ■ Notes Shared Login is a great feature. ─ User does not have a Notes password. ─ User's id file can be managed in the ID vault. ─ Administrator's policy determines which users have Notes Shared Login. ■ Notes Shared Login can't be used in virtual environments (e.g. Citrix). ─ SAML may provide a useful alternative. 30 | © 2012 IBM Corporation
  • 31. Notes on Citrix: Virtual environment Active Windows Domain Directory Controller (Kerberos security, ADFS IdP) ID Files ID vault Domino 31 | © 2012 IBM Corporation
  • 32. (future release)Notes on Citrix: User's home server checks policy to determine whether this is a SAML user. Windows Domain Active Controller Directory (Kerberos security, ADFS IdP) ➢ Administrator has picked one of these ID Files policy choices to enforce for user: ● User is a SAML user. ● User should be prompted for password. ID vault Domino 32 | © 2012 IBM Corporation
  • 33. Notes on Citrix can leverage the Windows environment for a SAML user. Active Windows Domain Directory Controller (Kerberos security, ADFS IdP) ID Files ID vault Domino For Citrix Windows environment, it may be convenient to deploy Microsoft ADFS 2.0 for the SAML IdP. 33 | © 2012 IBM Corporation
  • 34. Notes on Citrix: Use SAML to avoid password prompt to start Notes Active Windows Domain Directory Controller (Kerberos security, ADFS IdP) ● Notes embedded browser handles authentication to SAML IdP via ID Files SPNEGO/Kerberos over HTTP. ID vault Domino User has already logged into Windows. User doesn't need to prove who he is to the Microsoft ADFS IdP. 34 | © 2012 IBM Corporation
  • 35. Notes on Citrix: Use SAML to avoid password prompt to start Notes (by retrieving unlocked id file) Windows Domain Active Controller Directory (Kerberos security, ADFS IdP) ● Send SAML assertion to ID vault server ID Files via Notes RPC channel. ● ID vault server returns user's unlocked id file via Notes RPC channel. ID vault Domino ID vault server evaluates whether the assertion comes from trusted IdP. 35 | © 2012 IBM Corporation
  • 36. Deployment steps for Notes client use of SAML at startup ■ Deploy a SAML IdP on-premises. ─ (Optimal) To avoid password prompting by the IdP, configure IdP for SPNEGO/Kerberos user authentication. ─ Tell the IdP about the Domino SAML service provider for the ID vault. ■ Configure server settings. ─ Deploy security policy to assign SAML users, and managing id files in ID vault. ─ Declare trust in the IdP to login Notes users by SAML authentication to ID vault. ─ Set up name mapping (map user's email address to a Domino distinguished name). 36 | © 2012 IBM Corporation
  • 37. User accesses many different IBM services with Notes IBM Connections IBM Sametime LotusLive Engage Lotus Domino Lotus Quickr User doesn't want multiple password prompts. 37 | © 2012 IBM Corporation
  • 38. Notes plug-ins ● After login to Notes, Notes may attempt authentication to Internet servers. ─ Notes sidebars: – Sametime – Activities (Connections) – Feeds..... ─ Browser applications running in Notes 38 | © 2012 IBM Corporation
  • 39. Notes plug-ins ● After login to Notes, Notes may attempt authentication to Internet servers. ─ Notes sidebars: – Sametime – Activities (Connections) – Feeds..... ─ Browser applications running in Notes ● Authentication mechanism is specified in Notes account ─ In user's personal Name and Address book 39 | © 2012 IBM Corporation
  • 40. Notes plug-ins ● After login to Notes, Notes may attempt authentication to Internet servers. ─ Notes sidebars: – Sametime – Activities (Connections) – Feeds..... ─ Browser applications running in Notes ● Authentication mechanism is specified in Notes account ─ In user's personal Name and Address book ● Notes already has an option for SAML to LotusLive Notes 40 | © 2012 IBM Corporation
  • 41. Optimally Notes plug-ins can use SAML in the future ■ Notes embedded browser can make requests to an IdP. ─ No login prompts if IdP using SPNEGO/Kerberos. ─ Issue: not all target servers will be able to accept a SAML assertion. ■ Notes could send a SAML assertion to Domino to authenticate and receive a session token (LTPA) for use by Notes plug-in 41 | © 2012 IBM Corporation
  • 42. 8.5.2 Notes managed accounts ■ Administrator manages Account documents in Domino Directory. ─ Domino policy mechanism pushes accounts to Notes client. ─ We may need some tweaks to Account documents for SAML. 42 | © 2012 IBM Corporation
  • 43. Legal disclaimer © IBM Corporation 2012. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, Lotuslive, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Facebook is a registered trademark of Facebook, Inc in the United States, other countries, or both. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. All references to Renovations refer to a fictitious company and are used for illustration purposes only. 43 | © 2012 IBM Corporation
  • 44. Questions? 44 | © 2012 IBM Corporation