Open Identity SummitOpen Identity SummitBrazilian Success HistoryRogério A. RondiniProfessional Service ManagerSmart Softw...
Open Identity SummitSpeaker BIO Former SUN solution architect Over 15 years of experience on thedevelopment of critic mi...
Open Identity SummitBrasil
Open Identity SummitBrasil Emerging economy IT market handle 102bi in the last year –growth of 11% Has become a leader ...
Open Identity SummitSmart Software Young Company Leaders are former Sun employee/consulting Development and Integration...
Open Identity SummitSmart SoftwareS.O e Virtualização(Red Hat Partner)Middleware(Red Hat Partner)B.I(Pentaho Community)BPM...
Open Identity SummitSuccess HistoryLargest Latin America payment company Leading in payment processing industry 1.3 mill...
Open Identity SummitSuccess HistoryLargest Latin America payment company 3 year of success deployment First protected ap...
Open Identity SummitBusiness Problem # 01 Myriad of application accessing LDAP, each ofyour own way– Without API standard...
Open Identity SummitBusiness Problem # 02 Employees must to authenticate in third-partapplication (SaaS model) with your ...
Open Identity SummitBusiness Problem # 03 Applications using different technology andrequiring different way of authentic...
Open Identity SummitOpenAM Solution # 01 OpenAM central Authentication andAuthorization Server No more direct access to ...
Open Identity SummitLDAPOpenAMOpenAMinfrastructureinfrastructureApp ACustom WeblogicAuth-provider callingWS/Rest interface...
Open Identity Summit Ongoing deployment (continuous deployment) C++ web application Protected by Apache Policy Agent S...
Open Identity SummitLDAPOpenAMOpenAMinfrastructureinfrastructureApp ACustom WeblogicAuth-provider callingWS/Rest interface...
Open Identity SummitOpenAM Solution # 03 Web Sphere Portal Server integration–WPS is not a simple JEE application–OpenAM ...
Open Identity SummitWPS Integration problem... Custom User Registry(AmAgentUserRegistry) does notwork with WPSOpenAM Solut...
Open Identity SummitWPS Integration problem... OpenAM agent filter(AmAgentFilter) does not takeeffect in WPS... IBM recomm...
Open Identity SummitThe Solution...1. Configure WebSphere Federated Repositoryinstead of Custom User Registry2. Use Agent ...
Open Identity SummitFederated Repository...Using default Websphere LDAPAdaptor classNext step, to implement a custom VMM...
Open Identity SummitCustom filter...ImplementationWebSphere ConfigurationOpenAM Solution # 03
Open Identity SummitOpenAM Solution # 03 Legacy Portal X WPS Portal–The problem statement is to enable access tothe user ...
Open Identity SummitOpenAM Solution # 03 Proposed solution Protect legacy application with JEE Policy Agent Withdraw le...
Open Identity SummitFinal Remarks OpenAM is the best Enterprise Class AccessManager solution Simple deployment Open sta...
Q & AQ & A
Upcoming SlideShare
Loading in …5
×

Case Study - Largest Brazilian Credit and Debtor Operator, A ForgeRock OpenAM Deployment

1,014 views
833 views

Published on

Presented by Rogerio A. Rondini Professional Services Manager & Solutions Architect, Smart Software at the ForgeRock Open Identity Summit, June 2013

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,014
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
47
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • 05/20/13 05/20/13
  • Case Study - Largest Brazilian Credit and Debtor Operator, A ForgeRock OpenAM Deployment

    1. 1. Open Identity SummitOpen Identity SummitBrazilian Success HistoryRogério A. RondiniProfessional Service ManagerSmart Software
    2. 2. Open Identity SummitSpeaker BIO Former SUN solution architect Over 15 years of experience on thedevelopment of critic mission softwaresolutions PhD in Electrical Engineering Professor in computer science courses
    3. 3. Open Identity SummitBrasil
    4. 4. Open Identity SummitBrasil Emerging economy IT market handle 102bi in the last year –growth of 11% Has become a leader in open source adoption
    5. 5. Open Identity SummitSmart Software Young Company Leaders are former Sun employee/consulting Development and Integration focusing onOpen Source Solution First ForgeRock partner in Brasil
    6. 6. Open Identity SummitSmart SoftwareS.O e Virtualização(Red Hat Partner)Middleware(Red Hat Partner)B.I(Pentaho Community)BPM(Bonita SoftwarePartner)Portal and CMS(Liferay Community Platform)Security(ForgeRock Gold Partner)FullFullOpenOpen SourceSourceStackStack
    7. 7. Open Identity SummitSuccess HistoryLargest Latin America payment company Leading in payment processing industry 1.3 million active merchants Present in 99% of Brazilian municipalities Annual grow rate of 20% in Financial TradingVolume between 2011 and 2012
    8. 8. Open Identity SummitSuccess HistoryLargest Latin America payment company 3 year of success deployment First protected application on May, 2010 Dec, 2010 buy subscription support Today it has around 10 protected applicationsfrom different technologies Continuous deployment approach
    9. 9. Open Identity SummitBusiness Problem # 01 Myriad of application accessing LDAP, each ofyour own way– Without API standardization– CHAOS on the department of InformationSecurity– Performance bottleneck of LDAP Server
    10. 10. Open Identity SummitBusiness Problem # 02 Employees must to authenticate in third-partapplication (SaaS model) with your networklogin– Dump of LDAP DB to the third-partapplication, causing synchronization problemand security gap
    11. 11. Open Identity SummitBusiness Problem # 03 Applications using different technology andrequiring different way of authentication– Need for a solution which offers flexibility tocustomization
    12. 12. Open Identity SummitOpenAM Solution # 01 OpenAM central Authentication andAuthorization Server No more direct access to LDAP DB Continuous Deployment approach
    13. 13. Open Identity SummitLDAPOpenAMOpenAMinfrastructureinfrastructureApp ACustom WeblogicAuth-provider callingWS/Rest interfaceApp BWeblogicPolicy AgentApp CJBossPolicy AgentApp D.NET Appcalling RESTinterfaceOpenAM Solution # 01
    14. 14. Open Identity Summit Ongoing deployment (continuous deployment) C++ web application Protected by Apache Policy Agent Self-service password reset for external users More .NET applications calling REST interface Websphere Portal Server Webspehre Policy Agent Custom Auth-Module Custom self-serviceOpenAM Solution # 01
    15. 15. Open Identity SummitLDAPOpenAMOpenAMinfrastructureinfrastructureApp ACustom WeblogicAuth-provider callingWS/Rest interfaceApp BWeblogicPolicy AgentApp CJBossPolicy AgentApp D.NET Appcalling RESTinterfaceSaaS appsFedletFederationCicle of TrustOpenAM Solution # 02
    16. 16. Open Identity SummitOpenAM Solution # 03 Web Sphere Portal Server integration–WPS is not a simple JEE application–OpenAM Web Sphere Policy Agent is notsufficient to protect WPS–Need a custom solution
    17. 17. Open Identity SummitWPS Integration problem... Custom User Registry(AmAgentUserRegistry) does notwork with WPSOpenAM Solution # 03
    18. 18. Open Identity SummitWPS Integration problem... OpenAM agent filter(AmAgentFilter) does not takeeffect in WPS... IBM recommends the use of Session ValidationFilter, a portlet filter not a servlet filter.OpenAM Solution # 03
    19. 19. Open Identity SummitThe Solution...1. Configure WebSphere Federated Repositoryinstead of Custom User Registry2. Use Agent TAI (AmTrustAssociationInterceptor)to perform SSO3. Implements a custom Session Validation Filterinstead of agent filterOpenAM Solution # 03
    20. 20. Open Identity SummitFederated Repository...Using default Websphere LDAPAdaptor classNext step, to implement a custom VMM OpenAMAdaptorTrust Association Interceptor...OpenAM Solution # 03
    21. 21. Open Identity SummitCustom filter...ImplementationWebSphere ConfigurationOpenAM Solution # 03
    22. 22. Open Identity SummitOpenAM Solution # 03 Legacy Portal X WPS Portal–The problem statement is to enable access tothe user in both (WPS and Legacy) with asingle login• Legacy system uses your own login implementation• Legacy login implementation load a lot of information inthe http session• Some profile attributes are stored in RDBMS
    23. 23. Open Identity SummitOpenAM Solution # 03 Proposed solution Protect legacy application with JEE Policy Agent Withdraw legacy login servlet Turn new portal (WPS) the entry point to users. SSObetween WPS and Legacy will solve the single loginproblem Implement a custom Post Authentication Plugin to loadsession informations for legacy system, previously loadedby legacy login servlet
    24. 24. Open Identity SummitFinal Remarks OpenAM is the best Enterprise Class AccessManager solution Simple deployment Open standards Flexible to extends
    25. 25. Q & AQ & A

    ×