Federation in Practice
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Federation in Practice

on

  • 1,666 views

A Development session led by Technical Enablement Lead Bert Van Beeck

A Development session led by Technical Enablement Lead Bert Van Beeck

Statistics

Views

Total Views
1,666
Views on SlideShare
1,665
Embed Views
1

Actions

Likes
2
Downloads
90
Comments
0

1 Embed 1

https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Federation in Practice Presentation Transcript

  • 1. 2013 Open Stack Identity Summit - France Federation in practice
  • 2. Applications and data within the firewall perimeter Users within the enterprise Difficult to roll out new services OLD ACCESS CONTROL
  • 3. Hanseatic League (Hansa) Trade Confederation Centuries 13th – 17th Trading outside the walls •  Secure •  Membership agreement •  Follow protocol
  • 4. Customers Outsourcing Partners Suppliers Information, services and users outside the fireWALL
  • 5. The dictionary Federalism is a political concept in which a group of members are bound together by covenant (Latin: foedus, covenant*) with a governing representative head. *Agreement
  • 6. SChengen Area It is a group of 26 European countries that have abolished passport and immigration controls at their common borders. §  Present your security token at the entrance §  Travel seamlessly within the area
  • 7. Customers Outsourcing Databases Directory Active Directory Commercial Applications In-house dev applications Legacy applications FEDERATED IDENTITY Enterprise Partners Suppliers Is the means of linking a person´s electronic identity and attributes, stored across multiple distinct identity management systems
  • 8. Benefits of Federated identity •  Provides Single Sign On for an enhanced user experience •  Share information across partners securely and privately •  Promote adoption of new services •  Reduces costs •  Cloud friendly •  Mobile friendly
  • 9. Identity Federation Standards ID-FF Ws-federation SAML 2.0
  • 10. Federation support OpenID
 Connect! OAUTH 2.0! REST/JSON ID-FF" Shibboleth 1.0/1.1" SAML 1.0" SAML 1.x" Shibboleth 2
 (SAML2)" OpenAM" SAML 2.0! ADFS2
 (SAML 2)" WS-Federation 1.0" WS-Federation 1.1" ADFS" SOAP/XML 10
  • 11. Identity Federation Actors Circle of Trust Identity Provider, Asserting PARTY, IdP Authenticate Obtain Token Agreements Service Provider, Relaying party, Consumer, SP principal Service Provider, Relaying party, Consumer, SP Present token Access resource
  • 12. Use Cases §  Enterprise connected to Cloud SaaS, partners, suppliers, etc Social §  Customers using social authentication Databases Directory Active Directory Commercial Applications SaaS In-house dev applications Legacy applications Private Cloud Partners Outsourcing Suppliers
  • 13. Use Cases §  SaaS/IDaas Providing services to Enterprises §  Social authentication to SaaS and IDaaS Databases Directory Active Directory Commercial Applications In-house dev applications Legacy applications Social SaaS Multi-tenant IdP Private Cloud Multi-tenant SP
  • 14. Mobile IAM for the Modern Web Web App Web App Login App OAuth2 Native App REST Native App OpenID Connect OpenAM Authentication Authorization Attribute Delivery Cloud Federation SSO Token Persistence Session Mgmt OAuth2 Provider Enterprise 14
  • 15. SP to IdP Mesh IdP SP IdP SP IdP SP IdP
  • 16. IdP Proxy IdP SP IdP SP SP IdP Proxy IdP IdP
  • 17. Federation is more than SSO SAML 2.0 IdP, SP, IdP Proxy, Attribute Query Provider, Attribute Authority, Authentication Authority, XACML PEP, XACML PDP WS-Federation IdP, SP ID-FF IdP, SP OAuth 2.0 RESTful Authorization protocol OpenID Connect Uses OAUTH2 tokens, adds services
  • 18. OpenAM + family OpenAM Full blown Federation OpenAM Fedlet Lightweight SAML 2.0 SP OpenIG and Fedlet Powerful combination of integration and SAML 2.0 Bridge SPE/SalesForce Bridge SAAS oriented federation/sync bridge, includes SAML 2.0 and OAUTH2.
  • 19. Custom federation Reverse Proxy 1 3 Custom AuthN Module State 1 Policy Agent “Custom IDP” OpenAM Application 6 Policy Agent Application Application Application 2 SP IDP Fedlet Custom AuthN Module State 2 Custom Post Authentication Module 4 5 19
  • 20. Walkthrough configure OpenAM to achieve SSO to Google Apps WordPress Office365 using SAML2
  • 21. Federated Single Sign-On demo.openam.org IDP Circle of Trust SP SP SP
  • 22. 2013 Open Stack Identity Summit - France Federation in practice