Your SlideShare is downloading. ×
0
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

OpenAM Best Practices - Corelio Media Case Study

3,433

Published on

IS4U Senior Architect Robin Gorris shares OpenAM Best practices at Corelio Media, presented as part of our Case Study session with Everett and ACA, moderated by ForgeRock VP of Services Steve Ferris …

IS4U Senior Architect Robin Gorris shares OpenAM Best practices at Corelio Media, presented as part of our Case Study session with Everett and ACA, moderated by ForgeRock VP of Services Steve Ferris and Director of Support Tim Rault-Smith.

Published in: Technology, Design
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,433
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
133
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  1. 2013 Open Stack Identity Summit - France
  2. Corelio Media An Open Identity Stack case study
  3. Introducing
  4. The case •  Custom built CRM system with provisioning •  Custom SSO implementations •  Room for improved privacy protection •  Per application social media integration •  In code authorization
  5. Goals and challenges •  Single Sign On •  Centralized policy & session management •  Multi-tenant support •  Identity management for 4.1M identities •  3 month time constraint
  6. Priorities •  Performance •  Ease of application integration •  User comfort & privacy
  7. Requiring the full stack •  Central user store: OpenDJ •  SSO & policy enforcement: OpenAM •  Provisioning of user store: OpenIDM
  8. The agent approach •  Simple architecture •  Agents scale with infastructure •  Distributed high availability architecture •  No impact on out-of-scope servers
  9. Special cases •  IP authentication •  Instant sync •  Remember me •  Entitlements •  Mobile applications
  10. Remember me
  11. Remember me Session cookies issued after successful authentication Persistent cookie (DProPCookie) P S Session cookie (iPlanetDirectoryPro)
  12. Remember me Close and reopen browser P S
  13. Remember me But if browser doesn’t close, then at session time-out Expired Session cookie (iPlanetDirectoryPro) P S
  14. Remember me Solution: persist session cookie If session times-out, expired cookie won’t be sent P S S openam.session.persist_am_cookie com.iplanet.am.cookie.timeToLive
  15. Entitlements •  Access policies are URL based •  Define virtual URL policies •  Application checks authorization •  Through OpenAM authorization REST API
  16. Entitlements Policy: Allow URL: http://www.standaard.be/avond/* Group: Subscribers HTTP_UID=987654 HTTP_mail=jdoe@sample.com HTTP_sn=doe HTTP_givenname=john http://www.standaard.be/avond/art.aspx?id=23
  17. Entitlements Policy: Allow URL: http://virtual.standaard.be/ comment Group: White listed commenter http://www.standaard.be/avond/art.aspx?id=23&action=comment
  18. Mobile applications •  Apps cannot be impacted •  Third party not to store credentials •  Client credential OAuth profile •  Patches required in OpenAM XPress 10.1.0
  19. Mobile applications content OAuth token Content server e-mail/password e-mail/OAuth token Third party
  20. Project results •  Successfull launch of every tenant •  Agile policy management •  Centralized secure password storage •  Session quota for subscribers enforced
  21. Lessons learned •  Value of ForgeRock support •  Avoid crosstalk through sticky sessions •  Use dedicated application pools in IIS •  Use OpenDJ entry cache for large static groups •  But don’t preload the entry cache
  22. Roadmap •  Session quota for mobile apps •  Open Identity Stack upgrade •  Media ID •  Metering
  23. Thank you Robin Gorris Partner - Senior Architect +32 (0)474 40 99 91 robin.gorris@is4u.be Business Park King Square Veldkant 33A - 2550 Kontich http://www.is4u.be

×