IDP Proxy Concept: Accessing Identity Data Sources Everywhere!


Published on

Peter Major, Support Engineer at ForgeRock, presents on IDP Proxy Concept in a Breakout Session at the 2014 IRM Summit in Phoenix, Arizona.

Published in: Software, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Mention CDSSO
    Example for federation: OpenAM and SalesForce
  • IdP provides the identity data
    SP performs authorization based on the received identity information
  • usually one Identity Provider and several Service Provider applications
  • signing/encryption
    The SP needs to trust the IdP
    The SP performs its authorization checks once the assertion is received
  • So this was the simple setup, let’s see what is the main difference between this and the IdP Proxy use-case
  • Provides the capability to have more than one Identity Provider
    Gives an abstraction layer between the SP and the IdPs, the SPs only have to trust the IdP Proxy!
    IdP proxy is both IdP and SP
  • IdP selection at IdP Proxy
    IdP Proxy issues new Authentication Request and an Assertion, because the IdP Proxy is both an SP and the IdP
  • Adaptable: it allows you to dynamically choose the IdP
    Borderless: we just removed the border in the STORK project and allow new participants in the deployment with ease
  • IDP Proxy Concept: Accessing Identity Data Sources Everywhere!

    1. 1. IRM Summit 2014 IDP PROXY CONCEPT Accessing Identity Data Sources Everywhere! Peter Major
    2. 2. ‹#›IRM Summit 2014 About me ■ Working with OpenSSO/OpenAM since 2009 ■ Support/Sustaining Engineer at ForgeRock since 2011 ■ Contact – @majorpetya – – –
    3. 3. ‹#›IRM Summit 2014 SAML Federations ■ Provides a standardized solution for web browser single sign on ■ Introduces the concept of federated identities ■ Widely used
    4. 4. ‹#›IRM Summit 2014 Terminology ■ Identity Provider (IdP): the authoritative source of identity data ■ Service Provider (SP): content provider ■ Assertion: a set of information about the logged in user
    5. 5. ‹#›IRM Summit 2014 Basic SAML setup
    6. 6. ‹#›IRM Summit 2014 Basic SAML flow
    7. 7. ‹#›IRM Summit 2014 Basic SAML setup
    8. 8. ‹#›IRM Summit 2014 IdP Proxy setup
    9. 9. ‹#›IRM Summit 2014
    10. 10. ‹#›IRM Summit 2014 STORK ■ Secure idenTity acrOss boRders linKed ■ European eID Interoperability Platform ■ Establish e-relations across borders
    11. 11. ‹#›IRM Summit 2014 STORK
    12. 12. ‹#›IRM Summit 2014 STORK
    13. 13. ‹#›IRM Summit 2014 STORK
    14. 14. ‹#›IRM Summit 2014 STORK
    15. 15. ‹#›IRM Summit 2014 IRM
    16. 16. ‹#›IRM Summit 2014 Demo
    17. 17. ‹#›IRM Summit 2014 Questions?