Your SlideShare is downloading. ×
0
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Open Source Identity Integration with OpenSSO

5,261

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
5,261
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
199
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Open Source Identity Integration with OpenSSO July 4th, 2008 Pat Patterson Federation Architect pat.patterson@sun.com blogs.sun.com/superpat
  • 2. Agenda • Web Access Management > The Problem > The Solution > How Does It Work? • Federation > Single Sign-On Beyond a Single Enterprise > How Does It Work? • OpenSSO > Project Overview 2
  • 3. Typical Problems • “Every application wants me to log in!” • “I have too many passwords – my monitor is covered in Post-its!” • “We're implementing Sarbanes-Oxley – we need to control access to applications!” • “We need to access outsourced functions!” • “Our partners need to access our applications!” 3
  • 4. Web Access Management • Simplest scenario is within a single organization • Factor authentication and authorization out of web applications into web access management (WAM) solution • Can use browser cookies within a DNS domain • Proxy or Agent architecture implements role-based access control (RBAC) • Users get single sign-on, IT gets control 4
  • 5. Single Sign-On Within an Organization Web Server Web Server SSO Server Application Server End User 5
  • 6. How It Works SSO Server Browser Agent Application GET hrapp/index.html Redirect to SSO Server Authenticate Redirect to hrapp/index.html (with SSO cookie) GET hrapp/index.html (with SSO cookie) Is this user allowed to access hrapp/index.html? Yes! Allow request to proceed Application response 6
  • 7. Web Access Management Products • Sun Java System Access Manager > OpenSSO • CA (Netegrity) SiteMinder Access Manager • IBM Tivoli Access Manager • Oracle (Oblix) Access Manager • Novell Access Maneger • JA-SIG CAS • Spring Security (Acegi) • JOSSO 7
  • 8. Typical Problems • “Every application wants me to log in!” • “I have too many passwords – my monitor is covered in Post-its!” • “We're implementing Sarbanes-Oxley – we need to control access to applications!” • “We need to access outsourced functions!” • “Our partners need to access our applications!” 8
  • 9. Single Sign-on between Organizations • Cookies no longer work > Need a more sophisticated protocol • Can't mandate single vendor solution > Need standards for interoperability 9
  • 10. SSO Across Organizations Service Service Provider Provider Identity Provider Service Provider End User 10
  • 11. SAML 2.0 SSO Basics Identity Provider Browser Service Provider GET hrapp/index.html Redirect with SAML Request SAML Authentication Request Authenticate HTML form with SAML Response SAML Response Service Provider examines SAML Response and makes access Response control decision 11
  • 12. SAML 2.0 Assertion (Abbreviated!) <Assertion Version="2.0" ID="..." IssueInstant="2007-11-06T16:42:28Z"> <Issuer>https://pat-pattersons-computer.local:8181/</Issuer> <Signature>...</Signature> <saml:Subject> <saml:NameID Format="urn:oasis:...:persistent" ...> ZG0OZ3JWP9yduIQ1zFJbVVGHlQ9M </saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:...:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2007-11-06T16:42:28Z" NotOnOrAfter="2007-11-06T16:52:28Z"> <saml:AudienceRestriction> <saml:Audience> https://pat-pattersons-computer.local/example-pat/ </saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2007-11-06T16:42:28Z" ...> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:...:PasswordProtectedTransport </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion> 12
  • 13. SAML 2.0 Adoption • Sun, IBM, CA – all the usual suspects, except Microsoft • OpenSAML (Internet2) > Java, C++ • OpenSSO (Sun) > Java, PHP, Ruby • SimpleSAMLphp (Feide) • LASSO (Entr'ouvert) > C/SWIG • ZXID (Symlabs) > C/SWIG 13
  • 14. What is OpenSSO? • OpenSSO 1.0 == Federated Access Manager 8.0 • All FAM 8.0 builds available via OpenSSO Open Access. • Preview Features Open Federation. • Provide Feedback • Review code security 14
  • 15. OpenSSO Momentum • In less than 2 years... > >700 project members at opensso.org > ~15 external committers > Consistently in Top 10* java.net projects by mail traffic – * of over 3000 projects • Production deployments > www.audi.co.uk – 250,000 customer profiles > openid.sun.com – OpenID for Sun employees > telenet.be – Foundation for fine-grained authorization 15
  • 16. OpenSSO Extensions https://opensso.dev.java.net/public/extensions/ • PHP SAML 2.0 SP implementation > Picked up by Feide (Norway) SAML 2.0 • Ruby SAML 2.0 SP implementation • SAML 2.0 ECP test rig • OpenID 1.1 Provider OpenID > Deployed at openid.sun.com Client SDK • PHP Client SDK implementation • ActivIdentity 4Tress Authentication Modules • Hitachi Finger Vein Biometric • Information Card (aka CardSpace) 16
  • 17. Demo Deploy and Configure OpenSSO Create an Identity Provider SAML-enable a Service Provider... All in less than 10 minutes! 17
  • 18. DEMO GO!!! 18
  • 19. Participez! Join Download Sign up at OpenSSO 1.0 opensso.org Build 4 Subscribe Chat OpenSSO Mailing Lists #opensso on dev, users, announce freenode.net 19
  • 20. Resources https://opensso.dev.java.net/public/extensions/ OpenSSO • http://opensso.org/ OpenSSO Wiki • http://wiki.opensso.org/ Pat's Blog • Superpatterns > http://blogs.sun.com/superpat/ Daniel Raskin's Blog • Virtual Daniel > http://blogs.sun.com/raskin/ 20
  • 21. Open Source Identity Integration with OpenSSO July 4th, 2008 Pat Patterson Federation Architect pat.patterson@sun.com blogs.sun.com/superpat

×