Federation in Practice

Uploaded on

Presented by Victor Ake, OpenAM Product Manager and ForgeRock Co-Founder at ForgeRock Open Identity Stack Summit, June 2013.

Presented by Victor Ake, OpenAM Product Manager and ForgeRock Co-Founder at ForgeRock Open Identity Stack Summit, June 2013.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Open Identity SummitFederation in practiceVíctor AkéOpenAM Product ManagerForgeRock
  • 2. Open Identity SummitApplications and data within the firewall perimeterUsers within the enterpriseDifficult to roll out new servicesOLD ACCESS CONTROL
  • 3. Open Identity SummitHanseatic League (Hansa)Trade ConfederationCenturies 13th – 17thTrading outside the wallsSecureMembership agreementFollow protocol
  • 4. Open Identity SummitPartnersOutsourcingSuppliersCustomersInformation, services and users outside the fireWALL
  • 5. Open Identity SummitFEDERATIONFederalism is a political concept in whicha group of members are bound togetherby covenant (Latin: foedus, covenant*)with a governing representative head.*Agreement
  • 6. Open Identity SummitSChengen AreaIt is a group of 26 Europeancountries that have abolishedpassport and immigrationcontrols at their commonborders.!  Present your security tokenat the entrance!  Travel seamlessly within thearea
  • 7. Open Identity SummitPartnersOutsourcingSuppliersCustomersCommercialApplicationsIn-house devapplicationsLegacyapplicationsDirectoryDatabasesActiveDirectoryEnterpriseFEDERATEDIDENTITYIs the means of linking a person´s electronic identity and attributes,stored across multiple distinct identity management systems
  • 8. Open Identity SummitBenefits of Federated identityProvides Single Sign On for an enhanced user experienceShare information across partners securely and privatelyPromote adoption of new servicesReduces costsCloud friendlyMobile friendly
  • 9. Open Identity SummitIdentity Federation StandardsSAML 2.0Ws-federationID-FF
  • 10. Open Identity SummitIdentity Provider,Asserting PARTY, IdPService Provider,Relaying party,Consumer, SPCircle of TrustService Provider,Relaying party,Consumer, SPAgreementsprincipalAuthenticateObtain TokenPresent tokenAccess resourceIdentity Federation actors
  • 11. Open Identity Summit! Enterprise connected to CloudSaaS, partners, suppliers, etc! Customers using socialauthenticationSaaSPrivate CloudSocialPartnersOutsourcingSuppliersCommercialApplicationsIn-house devapplicationsLegacyapplicationsDirectoryDatabasesActiveDirectoryUse cases
  • 12. Open Identity Summit! SaaS/IDaas Providing services toEnterprises! Social authentication to SaaS andIDaaSMulti-tenantIdPMulti-tenantSPIDaasSaaSSocialCommercialApplicationsIn-house devapplicationsLegacyapplicationsDirectoryDatabasesActiveDirectoryUse cases
  • 13. Open Identity SummitWebAppNativeAppNativeAppWebAppLoginAppREST/OAuth2/OpenIDConnectAuthenticationAuthorizationAttribute DeliveryFederationSSOToken PersistenceSession MgmtOAuth2 ProviderOpenAMCloudEnterpriseUse cases
  • 14. Open Identity SummitSP to IdP MeshIdP$IdP$IdP$IdP$SP$SP$SP$
  • 15. Open Identity SummitIdP ProxyIdP$IdP$IdP$IdP$SP$SP$SP$IdPProxy
  • 16. Open Identity SummitFederation is more than SSOSAML 2.0IdP, SP, IdP Proxy, Attribute Query Provider, AttributeAuthority, Authentication Authority, XACML PEP, XACMLPDPWS-FederationIdP, SPID-FFIdP, SPOAuth 2.0RESTful Authorization protocol
  • 17. Open Identity SummitOpenAM + familyOpenamFull blown FederationOpenAM FedletLightweight SAML 2.0 SPOpenIG and FedletPowerful combination of integration and SAML 2.0
  • 18. Open Identity SummitWalkthrough on how to configure OpenAMto achieve SSO to GoogleApps & SalesForceusing SAML2
  • 19. Open Identity SummitIDPSP SPCircle of TrustSSO to Google apps and salesforcedemo.openam.org
  • 20. Q & AVíctor AkéOpenAM Product ManagerForgeRockThanks !