Federation in Practice


Published on

A Development session led by Technical Enablement Lead Bert Van Beeck

Learn more about ForgeRock Access Management:

Learn more about ForgeRock Identity Management:

Published in: Technology, Business
1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Federation in Practice

  1. 1. 2013 Open Stack Identity Summit - France Federation in practice
  2. 2. Applications and data within the firewall perimeter Users within the enterprise Difficult to roll out new services OLD ACCESS CONTROL
  3. 3. Hanseatic League (Hansa) Trade Confederation Centuries 13th – 17th Trading outside the walls •  Secure •  Membership agreement •  Follow protocol
  4. 4. Customers Outsourcing Partners Suppliers Information, services and users outside the fireWALL
  5. 5. The dictionary Federalism is a political concept in which a group of members are bound together by covenant (Latin: foedus, covenant*) with a governing representative head. *Agreement
  6. 6. SChengen Area It is a group of 26 European countries that have abolished passport and immigration controls at their common borders. §  Present your security token at the entrance §  Travel seamlessly within the area
  7. 7. Customers Outsourcing Databases Directory Active Directory Commercial Applications In-house dev applications Legacy applications FEDERATED IDENTITY Enterprise Partners Suppliers Is the means of linking a person´s electronic identity and attributes, stored across multiple distinct identity management systems
  8. 8. Benefits of Federated identity •  Provides Single Sign On for an enhanced user experience •  Share information across partners securely and privately •  Promote adoption of new services •  Reduces costs •  Cloud friendly •  Mobile friendly
  9. 9. Identity Federation Standards ID-FF Ws-federation SAML 2.0
  10. 10. Federation support OpenID
 Connect! OAUTH 2.0! REST/JSON ID-FF" Shibboleth 1.0/1.1" SAML 1.0" SAML 1.x" Shibboleth 2
 (SAML2)" OpenAM" SAML 2.0! ADFS2
 (SAML 2)" WS-Federation 1.0" WS-Federation 1.1" ADFS" SOAP/XML 10
  11. 11. Identity Federation Actors Circle of Trust Identity Provider, Asserting PARTY, IdP Authenticate Obtain Token Agreements Service Provider, Relaying party, Consumer, SP principal Service Provider, Relaying party, Consumer, SP Present token Access resource
  12. 12. Use Cases §  Enterprise connected to Cloud SaaS, partners, suppliers, etc Social §  Customers using social authentication Databases Directory Active Directory Commercial Applications SaaS In-house dev applications Legacy applications Private Cloud Partners Outsourcing Suppliers
  13. 13. Use Cases §  SaaS/IDaas Providing services to Enterprises §  Social authentication to SaaS and IDaaS Databases Directory Active Directory Commercial Applications In-house dev applications Legacy applications Social SaaS Multi-tenant IdP Private Cloud Multi-tenant SP
  14. 14. Mobile IAM for the Modern Web Web App Web App Login App OAuth2 Native App REST Native App OpenID Connect OpenAM Authentication Authorization Attribute Delivery Cloud Federation SSO Token Persistence Session Mgmt OAuth2 Provider Enterprise 14
  15. 15. SP to IdP Mesh IdP SP IdP SP IdP SP IdP
  16. 16. IdP Proxy IdP SP IdP SP SP IdP Proxy IdP IdP
  17. 17. Federation is more than SSO SAML 2.0 IdP, SP, IdP Proxy, Attribute Query Provider, Attribute Authority, Authentication Authority, XACML PEP, XACML PDP WS-Federation IdP, SP ID-FF IdP, SP OAuth 2.0 RESTful Authorization protocol OpenID Connect Uses OAUTH2 tokens, adds services
  18. 18. OpenAM + family OpenAM Full blown Federation OpenAM Fedlet Lightweight SAML 2.0 SP OpenIG and Fedlet Powerful combination of integration and SAML 2.0 Bridge SPE/SalesForce Bridge SAAS oriented federation/sync bridge, includes SAML 2.0 and OAUTH2.
  19. 19. Custom federation Reverse Proxy 1 3 Custom AuthN Module State 1 Policy Agent “Custom IDP” OpenAM Application 6 Policy Agent Application Application Application 2 SP IDP Fedlet Custom AuthN Module State 2 Custom Post Authentication Module 4 5 19
  20. 20. Walkthrough configure OpenAM to achieve SSO to Google Apps WordPress Office365 using SAML2
  21. 21. Federated Single Sign-On demo.openam.org IDP Circle of Trust SP SP SP
  22. 22. 2013 Open Stack Identity Summit - France Federation in practice