Actuate Security
                             Enterprise class, Standards based,
                                    Robus...
Anatomy of an Actuate Application




            `

                `

                    `        FW1                FW...
Features of Actuate Security
     AuthN & AuthZ

           • Authentication -Verify if users are who they claim to
      ...
Features of Actuate Security
     AuthN & AuthZ

         • Non-repudiation on actions -Important user
           actions ...
Features of Actuate Security
     AuthN & AuthZ

            • Robust authentication & authorization capabilities
        ...
External User Registration and Authentication
     process flow
                                                  Business...
Authorization Controls
     What can you protect??


  • Server Controls
            • Resource –
              Universal
...
Authorization & Privilege Management Levels


                                              Limits access at the URL
     ...
Usage Logging
     What have you accessed?
                                             • Provides records required to
   ...
Actuate Security
     Scalable and Flexible



                             Key Server Dispatcher     Enforcement
        ...
Security Extensions

         iPortal Security Extension (iPSE)
           • For Single Sign-on
         Report Server Sec...
Single Cluster supports diverse and disparate
     security systems

      • Actuate integrates with
        all major sec...
Java RSSE Architecture




                                                                                               ...
Transport Security


                                                 Web Tier                      J2EE Server Farm(e.g. ...
Microsoft IIS Web Tier Integration

            • Reverse HTTP Proxy – using AJP plug-in
                     • Supports I...
How It Works: ASP.net Forms Authentication & SSO
     with Actuate
                                                       ...
Seamless Access to Actuate




17
© Actuate Corporation 2008
Seamless Access to Actuate




18
© Actuate Corporation 2008
Upcoming SlideShare
Loading in...5
×

Enterprise Security & SSO

1,620

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,620
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Enterprise Security & SSO"

  1. 1. Actuate Security Enterprise class, Standards based, Robust and Flexible Ambareesh Kulkarni, Director 1 © Actuate Corporation 2008
  2. 2. Anatomy of an Actuate Application ` ` ` FW1 FW2 FW3 Application Web Server Server farm Actuate iServer Actuate Farm running Active nodes Encycl. Portal 2 © Actuate Corporation 2008
  3. 3. Features of Actuate Security AuthN & AuthZ • Authentication -Verify if users are who they claim to be • Authorization -Users can only access what the security policy allows • Role-based access control -Grant access based on the user’s role in the organization • Data privacy -Data integrity & reliability • User Registration -External and Internal • Audit information -Usage and exceptions • Transport Security -Secure delivery of information 3 © Actuate Corporation 2008
  4. 4. Features of Actuate Security AuthN & AuthZ • Non-repudiation on actions -Important user actions carry proof of execution to prevent denial • Session security -User sessions are uniquely identifiable and not subject to masquerading • Session time-out -Session inactivity leads to session termination • Audit logs -All actions are logged for audit use. • Single sign-on -Usage of multiple systems or services does not require additional credentials. 4 © Actuate Corporation 2008
  5. 5. Features of Actuate Security AuthN & AuthZ • Robust authentication & authorization capabilities • Supports both Internal and External Authentication • Can use a combination of UserID/Password for authentication • Optionally: • trust credentials passed to it • Extract Userid and/or password from encrypted artifacts such as (e.g. token, logon ticket etc.) • Granular authorization • Fast and easy mapping of business rules to authorization policy • Course, medium and fine-grained authorization • An open, interoperable Java-based architecture with data source flexibility • Plug-n-play integration with Web, application and directory services • Supports LDAP, RDBMS and any custom data sources 5 © Actuate Corporation 2008
  6. 6. External User Registration and Authentication process flow Business Process 2 Workflow 1 3  Automated Access Approval End Portal Server Users 5 Data Store 4 6 Data Repository Actuate 8 Authentication/Revalidation 7 Services 9 Actuate 6 © Actuate Corporation 2008
  7. 7. Authorization Controls What can you protect?? • Server Controls • Resource – Universal Resource Indicator… • Applications – group of resources… • Dynamic Content – EJB’s, JSP’s, Servlets… • Method-level Protection – Access, Get, Post • Wild-Card Control – *, /*/, *.* 7 © Actuate Corporation 2008
  8. 8. Authorization & Privilege Management Levels Limits access at the URL Coarse-grained level to protect machines Coarse and their contents Provides conditional Medium-grained access to Actuate Folders and files based on access control lists and user roles Controls what data users Fine Fine-grained see once they have access to the report (Page Level Security) 8 © Actuate Corporation 2008
  9. 9. Usage Logging What have you accessed? • Provides records required to meet security policy and compliance requirements Usage logging • Helps pinpoint problem areas against policies • Captures “contextual” Actuate usage log information for better captures ALL diagnosing issues User Activity 9 © Actuate Corporation 2008
  10. 10. Actuate Security Scalable and Flexible Key Server Dispatcher Enforcement (Agent or Proxy) End Users Authentication Authorization Engine Actuate iServer Centralized Logging Engine Browser-based Web/App Administration Server Entitlements Engine 10 © Actuate Corporation 2008
  11. 11. Security Extensions iPortal Security Extension (iPSE) • For Single Sign-on Report Server Security Extension (RSSE) • For any external data store including LDAP & Microsoft Active Directory integration 11 © Actuate Corporation 2008
  12. 12. Single Cluster supports diverse and disparate security systems • Actuate integrates with all major security systems and services providers • RSA, Netegrity, Kerberos, SAP, Tivoli, BMC, SAML, etc. • Leverages investments in enterprise security models • Centralizes the administration of common user information • Supports multiple authentication and authorization sources from a single iServer cluster 12 © Actuate Corporation 2008
  13. 13. Java RSSE Architecture Interface Implementation (Published by Actuate) iServer Endpoint HTTP request RSSE Endpoint DB Access API Java Interface SOAP 3rd party database HTTP response (e.g. LDAP) iServer RSSE Service 13 © Actuate Corporation 2008
  14. 14. Transport Security Web Tier J2EE Server Farm(e.g. WebSphere) Report Server Farm SSl Encrypted Web Browser session Internal traffic SOAP/http Optionally Encrypted using Stunnel or IPSEC ` ` ` FW1 FW2 FW3 Application Web Server Server farm Actuate iServer Actuate Farm running Active nodes Encycl. Portal 14 © Actuate Corporation 2008
  15. 15. Microsoft IIS Web Tier Integration • Reverse HTTP Proxy – using AJP plug-in • Supports IIS forwarding requests to iPortal • AJP plug-in configured with Microsoft IIS Microsoft IIS Oracle Actuate Oracle Containers for AJP 13 HTTP Containers for or iServer Cluster J2EE AJP connector Server J2EE iServer Express 15 © Actuate Corporation 2008
  16. 16. How It Works: ASP.net Forms Authentication & SSO with Actuate Active Directory 1 Microsoft IIS /ASP.NET 2 RSSE 4 8 3 4. App authentication 5 6 Actuate Oracle Oracle 7 HTTP Containers for AJP connector Server Containers for or iServer Cluster J2EE J2EE iServer Express 1. GET default.aspx HTTP/1.1 7. Submit Actuate URL from ASP page 2. 302 Redirect Location: login.aspx 8. Report Server Security Extension provides external authentication 3. POST default.aspx HTTP/1.1 & registration services <form data containing credentials> 5. 200 OK Set-Cookie: .ASPXAUTH Auth Ticket 6. GET default.aspx HTTP/1.1 16 Cookie: .ASPXAUTH Auth Ticket © Actuate Corporation 2008
  17. 17. Seamless Access to Actuate 17 © Actuate Corporation 2008
  18. 18. Seamless Access to Actuate 18 © Actuate Corporation 2008

×