SlideShare uma empresa Scribd logo

OpenSSO Tech Overview Aquarium

Eduardo Pelegri-Llopart
Eduardo Pelegri-Llopart

An Overview of OpenSSO, OpenSource Single-Sign On. At TheAquarium Online

Tecnologia
1 de 18
Baixar para ler offline
OpenSSO Overview Sidharth Mishra Sun Microsystems, Inc. 1
Todays SSO Problems 1. How do I centralize SSO and security policy for my web applications? 2. How can I quickly connect with partners, SaaS providers, subsidiaries, acquisitions and affiliates? 3. How do I centralize SSO and security policy for my web services? 2
OpenSSO Enterprise Single solution that solves ALL of SSO problems Web Single Sign On, Federation, and Secure Web services 3
Web SSO
OpenSSO Enterprise How does it work? 5
SSO And Access Control Authentication • Standards-based, extensible authentication framework (JAAS based) • Supports multiple pluggable Authentication mechanisms > LDAP, RADIUS, Certificate, SafeWord, RSA SecureID, Unix, Windows NT, WindowsDesktopSSO (Kerberos), Anonymous, Membership (self-enrollment) `` > Custom authentication mechanisms using the SPI • Multi-factor Authentication (Chained Authenticaton Mechanisms) • Multi-Level and Multi-Scheme Authentication • Resource-based Authentication 6
SSO And Access Control Authorization • Policy = Rules + Subjects + Conditions + Response Provider > Rules – The resource to be protected (e.g. URL) > Subjects – Who is allowed to access (User/Role/Group etc.) > Condition – Extra Constraints (IP Address mask, authN level/scheme, time/day etc.) > Response Provider – Additional Response data to be sent back to resource. 7
Solution: OpenSSO Web Access Management Three Tough Challenges. One Powerful Solution. Centralized server configuration • Centralized agent configuration • Agent and proxy modes • AAA Identity Services • Embedded directory server for user store and policy store • XACML support for standards-based policy management • Consumes and translates 3rd party tokens from all major • WAM solutions 8
Federation
Federated Single Sign On • Federation is built-in to OpenSSO Enterprise. No additional software needed. • Federation for cross-domain application integration. > software-infrastructure independent. Sites only agree on protocol version and binding type. • Facilitates trusted relationships. > Creates tighter, more satisfying customer, partner and employee relationships. > Extended existing and new revenue opportunities. > Implement business models that generate efficiencies and productivity gains. 10
Solution: OpenSSO Federation Three Tough Challenges. One Powerful Solution. • The Fedlet, 8.5MB package that allows service providers to create fully configured trust networks based SAML 2 in minutes • Multi-protocol Federation Hub, easily federate with any company regardless of what “federation language” they speak • Virtual Federation Proxy, incorporate any number of legacy authentications with a single instance of OpenSSO • Supports all major standards including SAML, WS-Federation, Liberty ID-FF, WS-Trust, WS-Security, and WS-Policy • Coexists with other major WAM solutions and participates in federation. 11
Web Services Security
OpenSSO and Web Services Security • Problem: WSS/J2EE Agent 4 > How do I support web services for my web clientsdk applications in various containers when it is Web Service handled differently container to container? Provider • What It Does? SOAP 5 3 (WSS) > Provides agents that can be deployed in containers 2 OpenSSO for consuming, processing and transforming Server WSS Agent security tokens including SAML clientsdk > Abstracts security from the application. > Agent allows standardization on security across Web Service multiple containers (e.g. Sun, IBM, BEA etc.) Client – Implements container's authentication SPI (JSR 196) 1 Request – Secures SOAP request and validates SOAP response at WSC. – Validates SOAP request and secures SOAP response at WSP. 13
Secure Token Service • Problem: > How does the Web service verify the credentials presented by the client? • How It Works Web Service Provider Issue Token > An authenticated client requests token needed to SOAP (WS-Trust) access web service provider. 3 (WSS) 2 > The STS verifies the credentials presented by the client, and then in response, it issues a security token that provides proof that the client has authenticated with the STS. > The client presents the WS-I BSP based security Security Token Web Service token(User Name, X.509, SAML etc.) to the Web Service Client service. 1 Request > The Web service verifies that the token was issued by a trusted STS, which proves that the client has successfully authenticated with the STS. 14
Solution: OpenSSO Secure Web Services Three Tough Challenges. One Powerful Solution. • Only standards-based solution that provides a pluggable, end-to-end secure web-services solution • Standards based integration with Glassfish. • SecurityToken Service that can be deployed as an Integrated, or standalone, solution • Security Token Service that can handle token issuance, validation and translation via WS-Trust • Policy enforcement point plugins for Weblogic, WebSphere, Tomcat and JBOSS 15
Identity Services Problem Benefits • How do I invoke and leverage OpenSSO • Allows developers to easily invoke services (authN, authZ etc.) in a platform / OpenSSO services. language independent manner? • Identity Access Layer provides abstraction OpenSSO Identity Services so components can change without affecting applications. • Makes OpenSSO services and functionalities available in an easy-to- • Agentless solution that does not require use set of Web Services accessible via deployment of agent or proxy to protect a SOAP and REST. resource. • Supports usage of the IDE of developer's choice > NetBeans, Eclipse, Visual Studio Identity Services – Easily accessible, design approach independent. 16
Identity Services Identity Services 17
Thank You. sid@sun.com 18

Recomendados

“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with EverythingDave Hay
 
Aerohive-GuestManager
Aerohive-GuestManagerAerohive-GuestManager
Aerohive-GuestManagerppuichaud
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Vladimir Dzhuvinov
 
OAuth 2.0 101
OAuth 2.0 101OAuth 2.0 101
OAuth 2.0 101Anand Sharma
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest AccessAltaware, Inc.
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectMichael J Geiser
 
Websphere Portal V6.1 Security Overview
Websphere Portal V6.1 Security OverviewWebsphere Portal V6.1 Security Overview
Websphere Portal V6.1 Security OverviewMunish Gupta
 
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuk
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel SemeniukFy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuk
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuksim100
 

Recomendados

“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with EverythingDave Hay
 
Aerohive-GuestManager
Aerohive-GuestManagerAerohive-GuestManager
Aerohive-GuestManagerppuichaud
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Vladimir Dzhuvinov
 
OAuth 2.0 101
OAuth 2.0 101OAuth 2.0 101
OAuth 2.0 101Anand Sharma
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest AccessAltaware, Inc.
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectMichael J Geiser
 
Websphere Portal V6.1 Security Overview
Websphere Portal V6.1 Security OverviewWebsphere Portal V6.1 Security Overview
Websphere Portal V6.1 Security OverviewMunish Gupta
 
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuk
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel SemeniukFy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuk
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuksim100
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicHarihara sarma
 
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSOStronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSORamesh Nagappan
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethAndrew Petro
 
4. tmg 2010 e uag 2010
4. tmg 2010 e uag 20104. tmg 2010 e uag 2010
4. tmg 2010 e uag 2010Fabrizio Volpe
 
Open sso fisl9.0
Open sso fisl9.0Open sso fisl9.0
Open sso fisl9.0Startup Cursos
 
Citrix agee ica_proxy_xenapp
Citrix agee ica_proxy_xenappCitrix agee ica_proxy_xenapp
Citrix agee ica_proxy_xenappn97michael
 
OpenSSO Deployments
OpenSSO DeploymentsOpenSSO Deployments
OpenSSO DeploymentsEduardo Pelegri-Llopart
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security AvalancheMichele Leroux Bustamante
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application DevelopersWSO2
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-Onelliando dias
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing onguest648519
 
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Hermann Burgmeier
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthMike Schwartz
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
Web 2 And Application Delivery Public
Web 2 And Application Delivery PublicWeb 2 And Application Delivery Public
Web 2 And Application Delivery PublicLori MacVittie
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)Artur Barseghyan
 
Rc016 csharp online
Rc016 csharp onlineRc016 csharp online
Rc016 csharp onlinearkslideshareacc
 
OpenSSO Roadmap Aquarium
OpenSSO Roadmap AquariumOpenSSO Roadmap Aquarium
OpenSSO Roadmap AquariumEduardo Pelegri-Llopart
 

Mais conteúdo relacionado

Mais procurados

Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicHarihara sarma
 
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSOStronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSORamesh Nagappan
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethAndrew Petro
 
4. tmg 2010 e uag 2010
4. tmg 2010 e uag 20104. tmg 2010 e uag 2010
4. tmg 2010 e uag 2010Fabrizio Volpe
 
Citrix agee ica_proxy_xenapp
Citrix agee ica_proxy_xenappCitrix agee ica_proxy_xenapp
Citrix agee ica_proxy_xenappn97michael
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application DevelopersWSO2
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-Onelliando dias
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing onguest648519
 
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Hermann Burgmeier
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthMike Schwartz
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
Web 2 And Application Delivery Public
Web 2 And Application Delivery PublicWeb 2 And Application Delivery Public
Web 2 And Application Delivery PublicLori MacVittie
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)Artur Barseghyan
 

Mais procurados (20)

Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
 
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSOStronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSO
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and Shibboleth
 
4. tmg 2010 e uag 2010
4. tmg 2010 e uag 20104. tmg 2010 e uag 2010
4. tmg 2010 e uag 2010
 
Open sso fisl9.0
Open sso fisl9.0Open sso fisl9.0
Open sso fisl9.0
 
Citrix agee ica_proxy_xenapp
Citrix agee ica_proxy_xenappCitrix agee ica_proxy_xenapp
Citrix agee ica_proxy_xenapp
 
OpenSSO Deployments
OpenSSO DeploymentsOpenSSO Deployments
OpenSSO Deployments
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security Avalanche
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing on
 
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
 
Web 2 And Application Delivery Public
Web 2 And Application Delivery PublicWeb 2 And Application Delivery Public
Web 2 And Application Delivery Public
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
 

Destaque

B2B Demand Generation: Email Lead Generation
B2B Demand Generation: Email Lead GenerationB2B Demand Generation: Email Lead Generation
B2B Demand Generation: Email Lead GenerationAndreas Schneble
 
Sun welcome middleware_overview 0324101_bosnia(2)
Sun welcome middleware_overview 0324101_bosnia(2)Sun welcome middleware_overview 0324101_bosnia(2)
Sun welcome middleware_overview 0324101_bosnia(2)Oracle BH
 

Destaque (9)

Rc016 csharp online
Rc016 csharp onlineRc016 csharp online
Rc016 csharp online
 
OpenSSO Roadmap Aquarium
OpenSSO Roadmap AquariumOpenSSO Roadmap Aquarium
OpenSSO Roadmap Aquarium
 
Rc012 glassfish online
Rc012 glassfish onlineRc012 glassfish online
Rc012 glassfish online
 
Rc019 corecss1 online
Rc019 corecss1 onlineRc019 corecss1 online
Rc019 corecss1 online
 
Rc018 corenet online
Rc018 corenet onlineRc018 corenet online
Rc018 corenet online
 
B2B Demand Generation: Email Lead Generation
B2B Demand Generation: Email Lead GenerationB2B Demand Generation: Email Lead Generation
B2B Demand Generation: Email Lead Generation
 
Sun welcome middleware_overview 0324101_bosnia(2)
Sun welcome middleware_overview 0324101_bosnia(2)Sun welcome middleware_overview 0324101_bosnia(2)
Sun welcome middleware_overview 0324101_bosnia(2)
 
Csumb capstone-fall2016
Csumb capstone-fall2016Csumb capstone-fall2016
Csumb capstone-fall2016
 
Digital activitymanagement
Digital activitymanagementDigital activitymanagement
Digital activitymanagement
 

Semelhante a OpenSSO Tech Overview Aquarium

What is Advanced Web Servicels.pdf
What is Advanced Web Servicels.pdfWhat is Advanced Web Servicels.pdf
What is Advanced Web Servicels.pdfAngelicaPantaleon3
 
Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforcedeimos
 
Developing Web Services With Oracle Web Logic Server
Developing Web Services With Oracle Web Logic ServerDeveloping Web Services With Oracle Web Logic Server
Developing Web Services With Oracle Web Logic ServerGaurav Sharma
 
Application Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomApplication Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomQConLondon2008
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bBruce O'Dell
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
Open sso enterprise customer pitch
Open sso enterprise customer pitchOpen sso enterprise customer pitch
Open sso enterprise customer pitchxKinAnx
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricSpiffy
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on systemSwati Sinha
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfNordic APIs
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise Kasun Indrasiri
 
Azure Services Platform
Azure Services PlatformAzure Services Platform
Azure Services PlatformDavid Chou
 
Soa Testing An Approach For Testing Security Aspects Of Soa Based Application
Soa Testing An Approach For Testing Security Aspects Of Soa Based ApplicationSoa Testing An Approach For Testing Security Aspects Of Soa Based Application
Soa Testing An Approach For Testing Security Aspects Of Soa Based ApplicationJaipal Naidu
 
Service operator aware trust scheme for resource
Service operator aware trust scheme for resourceService operator aware trust scheme for resource
Service operator aware trust scheme for resourcejayaramb
 

Semelhante a OpenSSO Tech Overview Aquarium (20)

What is Advanced Web Servicels.pdf
What is Advanced Web Servicels.pdfWhat is Advanced Web Servicels.pdf
What is Advanced Web Servicels.pdf
 
Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
 
Net Services
Net ServicesNet Services
Net Services
 
Developing Web Services With Oracle Web Logic Server
Developing Web Services With Oracle Web Logic ServerDeveloping Web Services With Oracle Web Logic Server
Developing Web Services With Oracle Web Logic Server
 
Application Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomApplication Services On The Web Sales Forcecom
Application Services On The Web Sales Forcecom
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
 
Open sso enterprise customer pitch
Open sso enterprise customer pitchOpen sso enterprise customer pitch
Open sso enterprise customer pitch
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App Fabric
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
 
The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise The Middleware technology that connects the enterprise
The Middleware technology that connects the enterprise
 
Azure Services Platform
Azure Services PlatformAzure Services Platform
Azure Services Platform
 
Soa Testing An Approach For Testing Security Aspects Of Soa Based Application
Soa Testing An Approach For Testing Security Aspects Of Soa Based ApplicationSoa Testing An Approach For Testing Security Aspects Of Soa Based Application
Soa Testing An Approach For Testing Security Aspects Of Soa Based Application
 
Service operator aware trust scheme for resource
Service operator aware trust scheme for resourceService operator aware trust scheme for resource
Service operator aware trust scheme for resource
 

Mais de Eduardo Pelegri-Llopart

Pelegri Desarrollando en una nueva era de software
Pelegri Desarrollando en una nueva era de software Pelegri Desarrollando en una nueva era de software
Pelegri Desarrollando en una nueva era de software Eduardo Pelegri-Llopart
 
Market trends in IT - exchange cala - October 2015
Market trends in IT - exchange cala - October 2015Market trends in IT - exchange cala - October 2015
Market trends in IT - exchange cala - October 2015Eduardo Pelegri-Llopart
 
The impact of IOT - exchange cala - 2015
The impact of IOT - exchange cala - 2015The impact of IOT - exchange cala - 2015
The impact of IOT - exchange cala - 2015Eduardo Pelegri-Llopart
 
What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...
What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...
What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...Eduardo Pelegri-Llopart
 
What is the Internet of Things and How it Impacts You
What is the Internet of Things and How it Impacts YouWhat is the Internet of Things and How it Impacts You
What is the Internet of Things and How it Impacts YouEduardo Pelegri-Llopart
 
Ehcache Architecture, Features And Usage Patterns
Ehcache Architecture, Features And Usage PatternsEhcache Architecture, Features And Usage Patterns
Ehcache Architecture, Features And Usage PatternsEduardo Pelegri-Llopart
 

Mais de Eduardo Pelegri-Llopart (20)

Juggling at freenome
Juggling at freenomeJuggling at freenome
Juggling at freenome
 
Progress next iot_pelegri
Progress next iot_pelegriProgress next iot_pelegri
Progress next iot_pelegri
 
Pelegri Desarrollando en una nueva era de software
Pelegri Desarrollando en una nueva era de software Pelegri Desarrollando en una nueva era de software
Pelegri Desarrollando en una nueva era de software
 
Market trends in IT - exchange cala - October 2015
Market trends in IT - exchange cala - October 2015Market trends in IT - exchange cala - October 2015
Market trends in IT - exchange cala - October 2015
 
The impact of IOT - exchange cala - 2015
The impact of IOT - exchange cala - 2015The impact of IOT - exchange cala - 2015
The impact of IOT - exchange cala - 2015
 
IOT - Presentation to PEP @ Progress
IOT - Presentation to PEP @ ProgressIOT - Presentation to PEP @ Progress
IOT - Presentation to PEP @ Progress
 
Node.js as an IOT Bridge
Node.js as an IOT BridgeNode.js as an IOT Bridge
Node.js as an IOT Bridge
 
What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...
What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...
What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...
 
What is the Internet of Things and How it Impacts You
What is the Internet of Things and How it Impacts YouWhat is the Internet of Things and How it Impacts You
What is the Internet of Things and How it Impacts You
 
Community Update 25 Mar2010 - English
Community Update 25 Mar2010 - EnglishCommunity Update 25 Mar2010 - English
Community Update 25 Mar2010 - English
 
GlassFish Community Update 25 Mar2010
GlassFish Community Update 25 Mar2010GlassFish Community Update 25 Mar2010
GlassFish Community Update 25 Mar2010
 
Glass Fish Portfolio C1 West V3.Mini
Glass Fish Portfolio C1 West V3.MiniGlass Fish Portfolio C1 West V3.Mini
Glass Fish Portfolio C1 West V3.Mini
 
Virtual Box Aquarium May09
Virtual Box Aquarium May09Virtual Box Aquarium May09
Virtual Box Aquarium May09
 
Introduction To Web Beans
Introduction To Web BeansIntroduction To Web Beans
Introduction To Web Beans
 
Ehcache Architecture, Features And Usage Patterns
Ehcache Architecture, Features And Usage PatternsEhcache Architecture, Features And Usage Patterns
Ehcache Architecture, Features And Usage Patterns
 
OpenDS Primer Aquarium
OpenDS Primer AquariumOpenDS Primer Aquarium
OpenDS Primer Aquarium
 
Fuji Overview
Fuji OverviewFuji Overview
Fuji Overview
 
Nuxeo 5.2 Glassfish
Nuxeo 5.2 GlassfishNuxeo 5.2 Glassfish
Nuxeo 5.2 Glassfish
 
ICEfaces and JSF 2.0 on GlassFish
ICEfaces and JSF 2.0 on GlassFishICEfaces and JSF 2.0 on GlassFish
ICEfaces and JSF 2.0 on GlassFish
 
20090315 Comet
20090315 Comet20090315 Comet
20090315 Comet
 

Último

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Último (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

OpenSSO Tech Overview Aquarium

  • 2. Todays SSO Problems 1. How do I centralize SSO and security policy for my web applications? 2. How can I quickly connect with partners, SaaS providers, subsidiaries, acquisitions and affiliates? 3. How do I centralize SSO and security policy for my web services? 2
  • 3. OpenSSO Enterprise Single solution that solves ALL of SSO problems Web Single Sign On, Federation, and Secure Web services 3
  • 6. SSO And Access Control Authentication • Standards-based, extensible authentication framework (JAAS based) • Supports multiple pluggable Authentication mechanisms > LDAP, RADIUS, Certificate, SafeWord, RSA SecureID, Unix, Windows NT, WindowsDesktopSSO (Kerberos), Anonymous, Membership (self-enrollment) `` > Custom authentication mechanisms using the SPI • Multi-factor Authentication (Chained Authenticaton Mechanisms) • Multi-Level and Multi-Scheme Authentication • Resource-based Authentication 6
  • 7. SSO And Access Control Authorization • Policy = Rules + Subjects + Conditions + Response Provider > Rules – The resource to be protected (e.g. URL) > Subjects – Who is allowed to access (User/Role/Group etc.) > Condition – Extra Constraints (IP Address mask, authN level/scheme, time/day etc.) > Response Provider – Additional Response data to be sent back to resource. 7
  • 8. Solution: OpenSSO Web Access Management Three Tough Challenges. One Powerful Solution. Centralized server configuration • Centralized agent configuration • Agent and proxy modes • AAA Identity Services • Embedded directory server for user store and policy store • XACML support for standards-based policy management • Consumes and translates 3rd party tokens from all major • WAM solutions 8
  • 10. Federated Single Sign On • Federation is built-in to OpenSSO Enterprise. No additional software needed. • Federation for cross-domain application integration. > software-infrastructure independent. Sites only agree on protocol version and binding type. • Facilitates trusted relationships. > Creates tighter, more satisfying customer, partner and employee relationships. > Extended existing and new revenue opportunities. > Implement business models that generate efficiencies and productivity gains. 10
  • 11. Solution: OpenSSO Federation Three Tough Challenges. One Powerful Solution. • The Fedlet, 8.5MB package that allows service providers to create fully configured trust networks based SAML 2 in minutes • Multi-protocol Federation Hub, easily federate with any company regardless of what “federation language” they speak • Virtual Federation Proxy, incorporate any number of legacy authentications with a single instance of OpenSSO • Supports all major standards including SAML, WS-Federation, Liberty ID-FF, WS-Trust, WS-Security, and WS-Policy • Coexists with other major WAM solutions and participates in federation. 11
  • 13. OpenSSO and Web Services Security • Problem: WSS/J2EE Agent 4 > How do I support web services for my web clientsdk applications in various containers when it is Web Service handled differently container to container? Provider • What It Does? SOAP 5 3 (WSS) > Provides agents that can be deployed in containers 2 OpenSSO for consuming, processing and transforming Server WSS Agent security tokens including SAML clientsdk > Abstracts security from the application. > Agent allows standardization on security across Web Service multiple containers (e.g. Sun, IBM, BEA etc.) Client – Implements container's authentication SPI (JSR 196) 1 Request – Secures SOAP request and validates SOAP response at WSC. – Validates SOAP request and secures SOAP response at WSP. 13
  • 14. Secure Token Service • Problem: > How does the Web service verify the credentials presented by the client? • How It Works Web Service Provider Issue Token > An authenticated client requests token needed to SOAP (WS-Trust) access web service provider. 3 (WSS) 2 > The STS verifies the credentials presented by the client, and then in response, it issues a security token that provides proof that the client has authenticated with the STS. > The client presents the WS-I BSP based security Security Token Web Service token(User Name, X.509, SAML etc.) to the Web Service Client service. 1 Request > The Web service verifies that the token was issued by a trusted STS, which proves that the client has successfully authenticated with the STS. 14
  • 15. Solution: OpenSSO Secure Web Services Three Tough Challenges. One Powerful Solution. • Only standards-based solution that provides a pluggable, end-to-end secure web-services solution • Standards based integration with Glassfish. • SecurityToken Service that can be deployed as an Integrated, or standalone, solution • Security Token Service that can handle token issuance, validation and translation via WS-Trust • Policy enforcement point plugins for Weblogic, WebSphere, Tomcat and JBOSS 15
  • 16. Identity Services Problem Benefits • How do I invoke and leverage OpenSSO • Allows developers to easily invoke services (authN, authZ etc.) in a platform / OpenSSO services. language independent manner? • Identity Access Layer provides abstraction OpenSSO Identity Services so components can change without affecting applications. • Makes OpenSSO services and functionalities available in an easy-to- • Agentless solution that does not require use set of Web Services accessible via deployment of agent or proxy to protect a SOAP and REST. resource. • Supports usage of the IDE of developer's choice > NetBeans, Eclipse, Visual Studio Identity Services – Easily accessible, design approach independent. 16
  • 17. Identity Services Identity Services 17