SlideShare a Scribd company logo

OpenSSO Deployments

β€’
β€’
Eduardo Pelegri-Llopart
Eduardo Pelegri-Llopart

Verizon Wireless deployed Sun OpenSSO Enterprise across its wireless and broadband lines of business to provide single sign-on for over 50 million customer accounts. This allows customers to access all authorized Verizon products and services with one login. The deployment involved integrating OpenSSO with over 25 vendors and implementing high availability, high performance authentication, and identity federation between Verizon brands. Key aspects included geographic redundancy across data centers, session failover, a highly tuned architecture leveraging Sun hardware, and over 50 million user identities.

TechnologyBusiness
1 of 10
Download to read offline
Real world deployment with Sun OpenSSO Enterprise at Verizon Wireless Ajay Sondhi 1
Verizon Wireless OpenSSO Deployment Verizon Wireless is a leader in wireless voice, data, ξ€Š information and entertainment services ξ€Š Joint venture of Verizon Comms (NYSE: VZ) + Vodafone (NYSE: VOD) ξ€Š 85 million customers ξ€Š 71,000 employees ξ€Š $44 billion annual revenue ξ€Š More than 2,600 retail stores & kiosks ξ€Š One of the most reliable wireless network in the U.S. ● Network coverage: 267M POPs ● Rapid Disaster Response, Portable Cell Site 2
Verizon Wireless OpenSSO Deployment Goals Give users a unified experience across all ● authorized products and services by Single Sign On (SSO) by assigning Account Owner and Account Member roles and multi-line accounts ● Permit standardization across all self-serve platforms by authentication and authorization logic to prevent site intrusion ● Provide seamless integration between Verizon Wireless (VZW) and other lines of businesses (LOBs) to improve customer experience Benefits Easy to integrate new products and services ● ● Simplified SSO reduces IT cost and improves security ● Access Manager (AM) improves security by authentication & authorization logic ● Enable cross-domain SSO unifies user experience between VZW and ASPs ● Enable customized audit capabilities through AM for log access information and diagnostic information analysis 3
Verizon Wireless (Technical Requirements) A Deployment Topology & Architecture that supports High Availability ● High Throughput ● High Performance ● A flexible Systems Design that supports SSO with applications hosted on disparate platforms & containers ● Federation & Liberty Protocols ● Customization at all levels including Authentication, Authorization and ● Federation 4
Verizon Wireless OpenSSO Deployment Access Manager SSO : Implemented for both B2C and B2B on Wireless ● and Broadband ● 50M MyVerizon wireless customers registered online ● 2M logins/day on VZW ● Supports role based access ● 25 different product vendors integrated Federation : Implemented Federation across VZW and VZT for ● B2C customers ● Implement Federation across VZW and .Net for SMB customers ● Implemented Federation across VZW and VZB for business customers ● Login once & toggle between two distinct My Account websites. ● Convenient access for One-Bill and bundle services 5
Verizon Wireless (AM SSO Features) Account Management Registration & Login (2M Logins/day) ● ● Password Management ● Profile & Preference Management User Authentication Cross-Domain Single Sign-On and ● ● State Management ● Role-based Access Control ● Standard User Authentication System for All External Sites Customized APIs Customized Services for Billing, ● Handset, Provisioning and Post-Login Functions 6
Verizon Wireless (AM Federation Features) Seamless integration between Verizon Wireless ● and other Verizon LOBs ● Login once & toggle between two distinct My Account web sites ● Convenient access for One-Bill and bundle services ● Cross-sell opportunities on both sites 7
Verizon Wireless Architecture High Availability Geographic redundancy in two data ● centers (East & West) ● Session failover capabilities with four instances of AM within each data center. ● Six way multi-mastered directory servers across data centers High Performance Over 50M identities ● ● Over 4000 successful authentications per minute (peak) ● Over 250K active users (peak) ● Provide SSO with over 25 ASPs 8
Verizon Wireless Architecture Superior Sun hardware Web servers -T2K (Niagra chipset) for superior multithreaded performance ● ● Directory –x4600 (Opteron chipset) for high disk i/o Design Choices Use of Session Attributes (as opposed to profile) ● ● Turn off profile notifications from AM to agents ● Segregating the configuration Realm ● Restrict the use of URL policy and J2EE policy mode ● Load balancer configuration to ensure stickiness ● Writing to one master LDAP Tuning OS –Memory, File system and Networking ● ● AM Tuning ● JVM tuning ● Agent Tuning ● Directory Server Tuning 9
Questions? 10

Recommended

ALOHA Load Balancer - Virtual Appliance
ALOHA Load Balancer - Virtual ApplianceALOHA Load Balancer - Virtual Appliance
ALOHA Load Balancer - Virtual Appliance
EXCELIANCE
Β 
Mfp80 certificate pinning
Mfp80 certificate pinningMfp80 certificate pinning
Mfp80 certificate pinning
Jorge Iglesias FernΓ‘ndez
Β 
Asymmetric deployment mfp
Asymmetric deployment mfpAsymmetric deployment mfp
Asymmetric deployment mfp
Jorge Iglesias FernΓ‘ndez
Β 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
Β 
FoxT BoKS ServerControl Full Specifications Document
FoxT BoKS ServerControl Full Specifications DocumentFoxT BoKS ServerControl Full Specifications Document
FoxT BoKS ServerControl Full Specifications Document
Ryan Gallavin
Β 
WebSphere DataPower B2B Appliance overview
WebSphere DataPower B2B Appliance overviewWebSphere DataPower B2B Appliance overview
WebSphere DataPower B2B Appliance overview
Sarah Duffy
Β 
MS TechDays 2011 - How to Run Middleware in the Cloud Story of Windows Azure ...
MS TechDays 2011 - How to Run Middleware in the Cloud Story of Windows Azure ...MS TechDays 2011 - How to Run Middleware in the Cloud Story of Windows Azure ...
MS TechDays 2011 - How to Run Middleware in the Cloud Story of Windows Azure ...
Spiffy
Β 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
John Bauer
Β 

Recommended

ALOHA Load Balancer - Virtual Appliance
ALOHA Load Balancer - Virtual ApplianceALOHA Load Balancer - Virtual Appliance
ALOHA Load Balancer - Virtual Appliance
EXCELIANCE
Β 
Mfp80 certificate pinning
Mfp80 certificate pinningMfp80 certificate pinning
Mfp80 certificate pinning
Jorge Iglesias FernΓ‘ndez
Β 
Asymmetric deployment mfp
Asymmetric deployment mfpAsymmetric deployment mfp
Asymmetric deployment mfp
Jorge Iglesias FernΓ‘ndez
Β 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
Β 
FoxT BoKS ServerControl Full Specifications Document
FoxT BoKS ServerControl Full Specifications DocumentFoxT BoKS ServerControl Full Specifications Document
FoxT BoKS ServerControl Full Specifications Document
Ryan Gallavin
Β 
WebSphere DataPower B2B Appliance overview
WebSphere DataPower B2B Appliance overviewWebSphere DataPower B2B Appliance overview
WebSphere DataPower B2B Appliance overview
Sarah Duffy
Β 
MS TechDays 2011 - How to Run Middleware in the Cloud Story of Windows Azure ...
MS TechDays 2011 - How to Run Middleware in the Cloud Story of Windows Azure ...MS TechDays 2011 - How to Run Middleware in the Cloud Story of Windows Azure ...
MS TechDays 2011 - How to Run Middleware in the Cloud Story of Windows Azure ...
Spiffy
Β 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
John Bauer
Β 
Uccx social miner_presentation_v01
Uccx social miner_presentation_v01Uccx social miner_presentation_v01
Uccx social miner_presentation_v01
Emin Aliev
Β 
CICS Transaction Gateway V9.1 Overview
CICS Transaction Gateway V9.1 OverviewCICS Transaction Gateway V9.1 Overview
CICS Transaction Gateway V9.1 Overview
Robert Jones
Β 
Access To CICS From WebSphere Application Server Using CTG- zJournal 1209
Access To CICS From WebSphere Application Server Using CTG- zJournal 1209Access To CICS From WebSphere Application Server Using CTG- zJournal 1209
Access To CICS From WebSphere Application Server Using CTG- zJournal 1209
Elena Nanos
Β 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
Β 
Aerohive-GuestManager
Aerohive-GuestManagerAerohive-GuestManager
Aerohive-GuestManager
ppuichaud
Β 
ALOHA Load Balancer - Rackable Appliance
ALOHA Load Balancer - Rackable ApplianceALOHA Load Balancer - Rackable Appliance
ALOHA Load Balancer - Rackable Appliance
EXCELIANCE
Β 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Ajit Dadresa
Β 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
Swati Sinha
Β 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
Shiu-Fun Poon
Β 
Webim English
Webim EnglishWebim English
Webim English
Webim
Β 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise Applications
SafeNet
Β 
OpenSSO Tech Overview Aquarium
OpenSSO Tech Overview AquariumOpenSSO Tech Overview Aquarium
OpenSSO Tech Overview Aquarium
Eduardo Pelegri-Llopart
Β 
Data power use cases
Data power use casesData power use cases
Data power use cases
sflynn073
Β 
Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.
sflynn073
Β 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data power
sflynn073
Β 
Azure Services Platform
Azure Services PlatformAzure Services Platform
Azure Services Platform
David Chou
Β 
Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
deimos
Β 
WSO2 Ecosystem platform for Connected Telco
WSO2 Ecosystem platform for Connected TelcoWSO2 Ecosystem platform for Connected Telco
WSO2 Ecosystem platform for Connected Telco
Mifan Careem
Β 
Webinar NETGEAR - Insight, le funzionalita' per il Networking Management
Webinar NETGEAR - Insight, le funzionalita' per il Networking ManagementWebinar NETGEAR - Insight, le funzionalita' per il Networking Management
Webinar NETGEAR - Insight, le funzionalita' per il Networking Management
Netgear Italia
Β 
Aeroscout 090325154500 Phpapp02
Aeroscout 090325154500 Phpapp02Aeroscout 090325154500 Phpapp02
Aeroscout 090325154500 Phpapp02
Marc
Β 
Application Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomApplication Services On The Web Sales Forcecom
Application Services On The Web Sales Forcecom
QConLondon2008
Β 
The Video Service Assurance (VSA) Platform
The Video Service Assurance (VSA) PlatformThe Video Service Assurance (VSA) Platform
The Video Service Assurance (VSA) Platform
Andrew Tram
Β 

More Related Content

What's hot

ALOHA Load Balancer - Rackable Appliance
ALOHA Load Balancer - Rackable ApplianceALOHA Load Balancer - Rackable Appliance
ALOHA Load Balancer - Rackable Appliance
EXCELIANCE
Β 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise Applications
SafeNet
Β 

What's hot (11)

Uccx social miner_presentation_v01
Uccx social miner_presentation_v01Uccx social miner_presentation_v01
Uccx social miner_presentation_v01
Β 
CICS Transaction Gateway V9.1 Overview
CICS Transaction Gateway V9.1 OverviewCICS Transaction Gateway V9.1 Overview
CICS Transaction Gateway V9.1 Overview
Β 
Access To CICS From WebSphere Application Server Using CTG- zJournal 1209
Access To CICS From WebSphere Application Server Using CTG- zJournal 1209Access To CICS From WebSphere Application Server Using CTG- zJournal 1209
Access To CICS From WebSphere Application Server Using CTG- zJournal 1209
Β 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
Β 
Aerohive-GuestManager
Aerohive-GuestManagerAerohive-GuestManager
Aerohive-GuestManager
Β 
ALOHA Load Balancer - Rackable Appliance
ALOHA Load Balancer - Rackable ApplianceALOHA Load Balancer - Rackable Appliance
ALOHA Load Balancer - Rackable Appliance
Β 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Β 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
Β 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
Β 
Webim English
Webim EnglishWebim English
Webim English
Β 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise Applications
Β 

Similar to OpenSSO Deployments

Data power use cases
Data power use casesData power use cases
Data power use cases
sflynn073
Β 
Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.
sflynn073
Β 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data power
sflynn073
Β 
Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
deimos
Β 
Aeroscout 090325154500 Phpapp02
Aeroscout 090325154500 Phpapp02Aeroscout 090325154500 Phpapp02
Aeroscout 090325154500 Phpapp02
Marc
Β 
Application Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomApplication Services On The Web Sales Forcecom
Application Services On The Web Sales Forcecom
QConLondon2008
Β 
The Video Service Assurance (VSA) Platform
The Video Service Assurance (VSA) PlatformThe Video Service Assurance (VSA) Platform
The Video Service Assurance (VSA) Platform
Andrew Tram
Β 
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
WSO2
Β 
Convertigo Mobile Application Development platform for Enterprises
Convertigo Mobile Application Development platform for EnterprisesConvertigo Mobile Application Development platform for Enterprises
Convertigo Mobile Application Development platform for Enterprises
Convertigo | MADP & MBaaS
Β 

Similar to OpenSSO Deployments (20)

OpenSSO Tech Overview Aquarium
OpenSSO Tech Overview AquariumOpenSSO Tech Overview Aquarium
OpenSSO Tech Overview Aquarium
Β 
Data power use cases
Data power use casesData power use cases
Data power use cases
Β 
Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.
Β 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data power
Β 
Azure Services Platform
Azure Services PlatformAzure Services Platform
Azure Services Platform
Β 
Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
Β 
WSO2 Ecosystem platform for Connected Telco
WSO2 Ecosystem platform for Connected TelcoWSO2 Ecosystem platform for Connected Telco
WSO2 Ecosystem platform for Connected Telco
Β 
Webinar NETGEAR - Insight, le funzionalita' per il Networking Management
Webinar NETGEAR - Insight, le funzionalita' per il Networking ManagementWebinar NETGEAR - Insight, le funzionalita' per il Networking Management
Webinar NETGEAR - Insight, le funzionalita' per il Networking Management
Β 
Aeroscout 090325154500 Phpapp02
Aeroscout 090325154500 Phpapp02Aeroscout 090325154500 Phpapp02
Aeroscout 090325154500 Phpapp02
Β 
Application Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomApplication Services On The Web Sales Forcecom
Application Services On The Web Sales Forcecom
Β 
The Video Service Assurance (VSA) Platform
The Video Service Assurance (VSA) PlatformThe Video Service Assurance (VSA) Platform
The Video Service Assurance (VSA) Platform
Β 
Datapower Steven Cawn
Datapower Steven CawnDatapower Steven Cawn
Datapower Steven Cawn
Β 
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
Β 
Layer 7 and Oracle -
Layer 7 and Oracle - Layer 7 and Oracle -
Layer 7 and Oracle -
Β 
Framework WSo2 orientato ai servizi
Framework WSo2 orientato ai serviziFramework WSo2 orientato ai servizi
Framework WSo2 orientato ai servizi
Β 
Consul Connect - EPAM SEC - 22nd september 2018
Consul Connect - EPAM SEC - 22nd september 2018Consul Connect - EPAM SEC - 22nd september 2018
Consul Connect - EPAM SEC - 22nd september 2018
Β 
Convertigo Mobile Application Development platform for Enterprises
Convertigo Mobile Application Development platform for EnterprisesConvertigo Mobile Application Development platform for Enterprises
Convertigo Mobile Application Development platform for Enterprises
Β 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
Β 
WebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower sessionWebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower session
Β 
WSO2Con EU 2016: Understanding the WSO2 API Management Platform
WSO2Con EU 2016: Understanding the WSO2 API Management PlatformWSO2Con EU 2016: Understanding the WSO2 API Management Platform
WSO2Con EU 2016: Understanding the WSO2 API Management Platform
Β 

More from Eduardo Pelegri-Llopart

What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...
What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...
What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...
Eduardo Pelegri-Llopart
Β 

More from Eduardo Pelegri-Llopart (20)

Juggling at freenome
Juggling at freenomeJuggling at freenome
Juggling at freenome
Β 
Csumb capstone-fall2016
Csumb capstone-fall2016Csumb capstone-fall2016
Csumb capstone-fall2016
Β 
Digital activitymanagement
Digital activitymanagementDigital activitymanagement
Digital activitymanagement
Β 
Progress next iot_pelegri
Progress next iot_pelegriProgress next iot_pelegri
Progress next iot_pelegri
Β 
Pelegri Desarrollando en una nueva era de software
Pelegri Desarrollando en una nueva era de software Pelegri Desarrollando en una nueva era de software
Pelegri Desarrollando en una nueva era de software
Β 
Market trends in IT - exchange cala - October 2015
Market trends in IT - exchange cala - October 2015Market trends in IT - exchange cala - October 2015
Market trends in IT - exchange cala - October 2015
Β 
The impact of IOT - exchange cala - 2015
The impact of IOT - exchange cala - 2015The impact of IOT - exchange cala - 2015
The impact of IOT - exchange cala - 2015
Β 
IOT - Presentation to PEP @ Progress
IOT - Presentation to PEP @ ProgressIOT - Presentation to PEP @ Progress
IOT - Presentation to PEP @ Progress
Β 
Node.js as an IOT Bridge
Node.js as an IOT BridgeNode.js as an IOT Bridge
Node.js as an IOT Bridge
Β 
What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...
What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...
What is IoT and how Modulus and Pacific can Help - Featuring Node.js and Roll...
Β 
What is the Internet of Things and How it Impacts You
What is the Internet of Things and How it Impacts YouWhat is the Internet of Things and How it Impacts You
What is the Internet of Things and How it Impacts You
Β 
Community Update 25 Mar2010 - English
Community Update 25 Mar2010 - EnglishCommunity Update 25 Mar2010 - English
Community Update 25 Mar2010 - English
Β 
GlassFish Community Update 25 Mar2010
GlassFish Community Update 25 Mar2010GlassFish Community Update 25 Mar2010
GlassFish Community Update 25 Mar2010
Β 
Glass Fish Portfolio C1 West V3.Mini
Glass Fish Portfolio C1 West V3.MiniGlass Fish Portfolio C1 West V3.Mini
Glass Fish Portfolio C1 West V3.Mini
Β 
Virtual Box Aquarium May09
Virtual Box Aquarium May09Virtual Box Aquarium May09
Virtual Box Aquarium May09
Β 
Introduction To Web Beans
Introduction To Web BeansIntroduction To Web Beans
Introduction To Web Beans
Β 
Ehcache Architecture, Features And Usage Patterns
Ehcache Architecture, Features And Usage PatternsEhcache Architecture, Features And Usage Patterns
Ehcache Architecture, Features And Usage Patterns
Β 
OpenDS Primer Aquarium
OpenDS Primer AquariumOpenDS Primer Aquarium
OpenDS Primer Aquarium
Β 
Fuji Overview
Fuji OverviewFuji Overview
Fuji Overview
Β 
Nuxeo 5.2 Glassfish
Nuxeo 5.2 GlassfishNuxeo 5.2 Glassfish
Nuxeo 5.2 Glassfish
Β 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Β 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Β 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Β 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Β 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Β 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Β 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Β 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Β 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Β 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Β 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Β 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Β 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
Β 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Β 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Β 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Β 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Β 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Β 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Β 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Β 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Β 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Β 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Β 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Β 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Β 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Β 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
Β 

OpenSSO Deployments

  • 1. Real world deployment with Sun OpenSSO Enterprise at Verizon Wireless Ajay Sondhi 1
  • 2. Verizon Wireless OpenSSO Deployment Verizon Wireless is a leader in wireless voice, data, ξ€Š information and entertainment services ξ€Š Joint venture of Verizon Comms (NYSE: VZ) + Vodafone (NYSE: VOD) ξ€Š 85 million customers ξ€Š 71,000 employees ξ€Š $44 billion annual revenue ξ€Š More than 2,600 retail stores & kiosks ξ€Š One of the most reliable wireless network in the U.S. ● Network coverage: 267M POPs ● Rapid Disaster Response, Portable Cell Site 2
  • 3. Verizon Wireless OpenSSO Deployment Goals Give users a unified experience across all ● authorized products and services by Single Sign On (SSO) by assigning Account Owner and Account Member roles and multi-line accounts ● Permit standardization across all self-serve platforms by authentication and authorization logic to prevent site intrusion ● Provide seamless integration between Verizon Wireless (VZW) and other lines of businesses (LOBs) to improve customer experience Benefits Easy to integrate new products and services ● ● Simplified SSO reduces IT cost and improves security ● Access Manager (AM) improves security by authentication & authorization logic ● Enable cross-domain SSO unifies user experience between VZW and ASPs ● Enable customized audit capabilities through AM for log access information and diagnostic information analysis 3
  • 4. Verizon Wireless (Technical Requirements) A Deployment Topology & Architecture that supports High Availability ● High Throughput ● High Performance ● A flexible Systems Design that supports SSO with applications hosted on disparate platforms & containers ● Federation & Liberty Protocols ● Customization at all levels including Authentication, Authorization and ● Federation 4
  • 5. Verizon Wireless OpenSSO Deployment Access Manager SSO : Implemented for both B2C and B2B on Wireless ● and Broadband ● 50M MyVerizon wireless customers registered online ● 2M logins/day on VZW ● Supports role based access ● 25 different product vendors integrated Federation : Implemented Federation across VZW and VZT for ● B2C customers ● Implement Federation across VZW and .Net for SMB customers ● Implemented Federation across VZW and VZB for business customers ● Login once & toggle between two distinct My Account websites. ● Convenient access for One-Bill and bundle services 5
  • 6. Verizon Wireless (AM SSO Features) Account Management Registration & Login (2M Logins/day) ● ● Password Management ● Profile & Preference Management User Authentication Cross-Domain Single Sign-On and ● ● State Management ● Role-based Access Control ● Standard User Authentication System for All External Sites Customized APIs Customized Services for Billing, ● Handset, Provisioning and Post-Login Functions 6
  • 7. Verizon Wireless (AM Federation Features) Seamless integration between Verizon Wireless ● and other Verizon LOBs ● Login once & toggle between two distinct My Account web sites ● Convenient access for One-Bill and bundle services ● Cross-sell opportunities on both sites 7
  • 8. Verizon Wireless Architecture High Availability Geographic redundancy in two data ● centers (East & West) ● Session failover capabilities with four instances of AM within each data center. ● Six way multi-mastered directory servers across data centers High Performance Over 50M identities ● ● Over 4000 successful authentications per minute (peak) ● Over 250K active users (peak) ● Provide SSO with over 25 ASPs 8
  • 9. Verizon Wireless Architecture Superior Sun hardware Web servers -T2K (Niagra chipset) for superior multithreaded performance ● ● Directory –x4600 (Opteron chipset) for high disk i/o Design Choices Use of Session Attributes (as opposed to profile) ● ● Turn off profile notifications from AM to agents ● Segregating the configuration Realm ● Restrict the use of URL policy and J2EE policy mode ● Load balancer configuration to ensure stickiness ● Writing to one master LDAP Tuning OS –Memory, File system and Networking ● ● AM Tuning ● JVM tuning ● Agent Tuning ● Directory Server Tuning 9