Your SlideShare is downloading. ×
  • Like
Case Study - Largest Brazilian Credit and Debtor Operator, A ForgeRock OpenAM Deployment
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Case Study - Largest Brazilian Credit and Debtor Operator, A ForgeRock OpenAM Deployment

  • 649 views
Published

Presented by Rogerio A. Rondini Professional Services Manager & Solutions Architect, Smart Software at the ForgeRock Open Identity Summit, June 2013

Presented by Rogerio A. Rondini Professional Services Manager & Solutions Architect, Smart Software at the ForgeRock Open Identity Summit, June 2013

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
649
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
42
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13

Transcript

  • 1. Open Identity SummitOpen Identity SummitBrazilian Success HistoryRogério A. RondiniProfessional Service ManagerSmart Software
  • 2. Open Identity SummitSpeaker BIO Former SUN solution architect Over 15 years of experience on thedevelopment of critic mission softwaresolutions PhD in Electrical Engineering Professor in computer science courses
  • 3. Open Identity SummitBrasil
  • 4. Open Identity SummitBrasil Emerging economy IT market handle 102bi in the last year –growth of 11% Has become a leader in open source adoption
  • 5. Open Identity SummitSmart Software Young Company Leaders are former Sun employee/consulting Development and Integration focusing onOpen Source Solution First ForgeRock partner in Brasil
  • 6. Open Identity SummitSmart SoftwareS.O e Virtualização(Red Hat Partner)Middleware(Red Hat Partner)B.I(Pentaho Community)BPM(Bonita SoftwarePartner)Portal and CMS(Liferay Community Platform)Security(ForgeRock Gold Partner)FullFullOpenOpen SourceSourceStackStack
  • 7. Open Identity SummitSuccess HistoryLargest Latin America payment company Leading in payment processing industry 1.3 million active merchants Present in 99% of Brazilian municipalities Annual grow rate of 20% in Financial TradingVolume between 2011 and 2012
  • 8. Open Identity SummitSuccess HistoryLargest Latin America payment company 3 year of success deployment First protected application on May, 2010 Dec, 2010 buy subscription support Today it has around 10 protected applicationsfrom different technologies Continuous deployment approach
  • 9. Open Identity SummitBusiness Problem # 01 Myriad of application accessing LDAP, each ofyour own way– Without API standardization– CHAOS on the department of InformationSecurity– Performance bottleneck of LDAP Server
  • 10. Open Identity SummitBusiness Problem # 02 Employees must to authenticate in third-partapplication (SaaS model) with your networklogin– Dump of LDAP DB to the third-partapplication, causing synchronization problemand security gap
  • 11. Open Identity SummitBusiness Problem # 03 Applications using different technology andrequiring different way of authentication– Need for a solution which offers flexibility tocustomization
  • 12. Open Identity SummitOpenAM Solution # 01 OpenAM central Authentication andAuthorization Server No more direct access to LDAP DB Continuous Deployment approach
  • 13. Open Identity SummitLDAPOpenAMOpenAMinfrastructureinfrastructureApp ACustom WeblogicAuth-provider callingWS/Rest interfaceApp BWeblogicPolicy AgentApp CJBossPolicy AgentApp D.NET Appcalling RESTinterfaceOpenAM Solution # 01
  • 14. Open Identity Summit Ongoing deployment (continuous deployment) C++ web application Protected by Apache Policy Agent Self-service password reset for external users More .NET applications calling REST interface Websphere Portal Server Webspehre Policy Agent Custom Auth-Module Custom self-serviceOpenAM Solution # 01
  • 15. Open Identity SummitLDAPOpenAMOpenAMinfrastructureinfrastructureApp ACustom WeblogicAuth-provider callingWS/Rest interfaceApp BWeblogicPolicy AgentApp CJBossPolicy AgentApp D.NET Appcalling RESTinterfaceSaaS appsFedletFederationCicle of TrustOpenAM Solution # 02
  • 16. Open Identity SummitOpenAM Solution # 03 Web Sphere Portal Server integration–WPS is not a simple JEE application–OpenAM Web Sphere Policy Agent is notsufficient to protect WPS–Need a custom solution
  • 17. Open Identity SummitWPS Integration problem... Custom User Registry(AmAgentUserRegistry) does notwork with WPSOpenAM Solution # 03
  • 18. Open Identity SummitWPS Integration problem... OpenAM agent filter(AmAgentFilter) does not takeeffect in WPS... IBM recommends the use of Session ValidationFilter, a portlet filter not a servlet filter.OpenAM Solution # 03
  • 19. Open Identity SummitThe Solution...1. Configure WebSphere Federated Repositoryinstead of Custom User Registry2. Use Agent TAI (AmTrustAssociationInterceptor)to perform SSO3. Implements a custom Session Validation Filterinstead of agent filterOpenAM Solution # 03
  • 20. Open Identity SummitFederated Repository...Using default Websphere LDAPAdaptor classNext step, to implement a custom VMM OpenAMAdaptorTrust Association Interceptor...OpenAM Solution # 03
  • 21. Open Identity SummitCustom filter...ImplementationWebSphere ConfigurationOpenAM Solution # 03
  • 22. Open Identity SummitOpenAM Solution # 03 Legacy Portal X WPS Portal–The problem statement is to enable access tothe user in both (WPS and Legacy) with asingle login• Legacy system uses your own login implementation• Legacy login implementation load a lot of information inthe http session• Some profile attributes are stored in RDBMS
  • 23. Open Identity SummitOpenAM Solution # 03 Proposed solution Protect legacy application with JEE Policy Agent Withdraw legacy login servlet Turn new portal (WPS) the entry point to users. SSObetween WPS and Legacy will solve the single loginproblem Implement a custom Post Authentication Plugin to loadsession informations for legacy system, previously loadedby legacy login servlet
  • 24. Open Identity SummitFinal Remarks OpenAM is the best Enterprise Class AccessManager solution Simple deployment Open standards Flexible to extends
  • 25. Q & AQ & A