ACA IT-Solutions Security Specialist Jan Van den Bergh details OpenAM best practices at VAL-I-PAC as part of a joint Case Study session with Everett and IS4U, moderated by ForgeRock VP of Services Steve Ferris and Director of Support Tim Rault-Smith.
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
OpenAM Best Practices: Use of OpenAM at VAL-I-PAC
1. 2013 Open Stack Identity Summit - France
Use of OpenAM at VAL-I-PAC
2. About myself
• Jan Van den Bergh
j.vandenbergh@aca-it.be
@janvdbergh
• IAM Architect and Security Specialist at ACA ITSolutions.
3. About VAL-I-PAC
• Non-profit organization consisting of about 50 companies
from a broad cross section of industries.
• Controls how industrial packaging waste is managed in
Belgium.
• Provides services to over 8.000 Belgian companies.
5. Key features
• Different authentication mechanisms:
Username / password – Belgian eID card – MyDigipass
• Different integration mechanisms:
SAML – Agent-based – Custom connector (OSGI).
• Automatic deployment using scripts:
• Quickly deploy and redeploy different environments.
• Reduces errors and down-time.
6. Key features
• Leverages the EC2 cloud.
• Quickly set up / replace hosts.
• Add environments when they are needed.
7. Later enhancements
• Automatic deployments using Chef.
• HTML 5 adaptive screen layout.
• Reusable components:
• OpenAM connector for custom applications (replaces agents).
• Custom authentication modules (eID – OpenID – RememberMe).
• Deployment scripts.
• Invite mechanism (= delegated administration)
• SaaS model using REST services.
8. Some best practices
• Use OpenAM only for access management.
• Do not add new features to the UI.
(Instead, set up a different application using the SDK.)
• Invest in automated install and configuration.
• Do not underestimate the required effort.