SlideShare a Scribd company logo
1 of 31
Download to read offline
Active Directory Single Sign-On
Worldwide Business Partner Technical Enablement 2016
Van Staub – North America Embedded Solution Agreement Technical Sales
1
Agenda
• review in a practical format configuring Active Directory and Active
Directory Federation Services
• configure SAML with WebSphere
• discuss SAML with Connections Cloud
• list notable resources at the end
Installing and Configuring Active Directory
• the “directory” used to perform authentication with IBM software (e.g.
WebSphere Portal)
• provides a variety of authentication mechanisms almost out of the box
– namely SAML, SPNEGO, and LDAP
• very easy to get started
Active Directory Single Sign-On with IBM
Active Directory Single Sign-On with IBM
Active Directory Single Sign-On with IBM
Active Directory Single Sign-On with IBM
Active Directory Single Sign-On with IBM
Active Directory Single Sign-On with IBM
Active Directory Federation Services 2.0
• supports SAML authentication with ”relying parties”
• SAML is a protocol that specifies the identity of a user in an
encrypted format
• identity of the user is provided using a “claim” (i.e.
sAMAccountName or email address)
SAMLFlow
XML
Installing and Configuring ADFS 2.0
• install the ADFS 2.0 software
• configure the first federation server
• manually add the SSL certificate to IIS if one is not listed as available
to use (I re-used a certificate; you can create a self-signed if needed)
• verify the SSL certificate you imported is also set as the Token-Signing
certificate
• also make sure it’s the primary certificate
Active Directory Single Sign-On with IBM
Active Directory Single Sign-On with IBM
manually importing
the SSL certificate
into IIS
Active Directory Single Sign-On with IBM
Manually set the
Token-Signing
Certificate
Configuring WebSphere for SAML
• ensure that security is enabled and working with Active Directory
• install the SAML ACS enterprise application
• configure the SAML TAI to work with the ADFS IdP
• steps create a global configuration
• steps are shown manually for clarity
• simply deploys the
SAML ACS
enterprise
application
• can also be done
manually
• Using WAS Console go to
Security -> Global Security
-> Web and SIP security -
> Trust Association
• Uncheck Enable trust
association
• Click Interceptors
• com.ibm.ws.secu
rity.web.saml.AC
STrustAssociatio
nInterceptor
• add settings seen in
screenshot
• Using WAS Console
go to Security ->
Global Security ->
Custom Properties
• add settings seen
in screenshot
• Using WAS Console
go to Security ->
SSL Certificate and
Key Management ->
Key stores and
Certificates
• either
NodeDefaultTrust
Store or
CellDefaultTrustST
ore
• Add SSL
certificate (public
key) manually or
retrieve from port
(i.e. the IIS server)
the Token-Signer
certificate specified
earlier
certificate alias you
just added to the
TrustStore
• Using WAS Console
go to Security ->
Federated
Repositories ->
Configure
• Click Trusted
authentication
realms - inbound
• add external ream
settings seen in
screenshot
Federation Server
identifier seen
earlier
• Using WAS Console go
to Security -> Global
Security -> Web and SIP
security -> Trust
Association
• Check Enable trust
association
Creating the Partnership
• SAML 2.0 metadata XML can be exported from WebSphere and
imported into ADFS
• use AdminTask.exportSAMLSpMetadata(‘-spMetadataFileName
<SpMetaDataFile> -ssoId 1′)
sso_1.sp.acsURL
sso_1.sp.acsURL
use defaults on next
screens
Finished Partnership (Relying Party Trust)
Resources
Understanding the WebSphere
Application Server SAML Trust
Association Interceptor
http://www.ibm.com/developerworks/websphere/techjournal/1307_lansche/1307_lansche.html
Step by step guide to
implement SAML 2.0 for Portal
8.5
https://developer.ibm.com/digexp/docs/docs/customization-administration/step-step-guide-implement-
saml-2-0-portal-8-5/
Front Side SAML SSO with
microsoft product (ADFS ->
WAS SAML TAI)
https://www.ibm.com/developerworks/community/blogs/8f2bc166-3bdc-4a9d-bad4-
3620dbb3e46c/entry/Front_Side_SAML_SSO_with_microsoft_product_ADFS_WAS_SAML_TAI?lang
=en
Step-by-Step guide to
Configure Single sign-on for
HTTP requests using SPNEGO
web authentication
https://www-10.lotus.com/ldd/portalwiki.nsf/dx/Step-by-Step_guide_to_Configure_Single_sign-
on_for_HTTP_requests_using_SPNEGO_web_authentication
AD + SAML + Kerberos + IBM
Notes and Domino = SSO!
http://www.andypedisich.com/blogs/andysblog.nsf/dx/robs-saml-presentation-from-mwlug-has-been-
posted.htm
BP104 Simplifying The S’s:
Single Sign-On, SPNEGO and
SAML (2014)
http://www.idonotes.com/IdoNotes/IdoConnect2013.nsf/dx/bp104-simplifying-the-ss-single-sign-on-
spnego-and-saml-2014.htm
Thank You
31

More Related Content

What's hot

Best practices in deploying IBM Operation Decision Manager Standard 8.8.0
Best practices in deploying IBM Operation Decision Manager Standard 8.8.0Best practices in deploying IBM Operation Decision Manager Standard 8.8.0
Best practices in deploying IBM Operation Decision Manager Standard 8.8.0Pierre Feillet
 
Introduction to Test Automation - Technology and Tools
Introduction to Test Automation - Technology and ToolsIntroduction to Test Automation - Technology and Tools
Introduction to Test Automation - Technology and ToolsKMS Technology
 
Spring Framework Petclinic sample application
Spring Framework Petclinic sample applicationSpring Framework Petclinic sample application
Spring Framework Petclinic sample applicationAntoine Rey
 
ASP.NET Core MVC + Web API with Overview
ASP.NET Core MVC + Web API with OverviewASP.NET Core MVC + Web API with Overview
ASP.NET Core MVC + Web API with OverviewShahed Chowdhuri
 
An Introduction to Windows PowerShell
An Introduction to Windows PowerShellAn Introduction to Windows PowerShell
An Introduction to Windows PowerShellDale Lane
 
AIXpert - AIX Security expert
AIXpert - AIX Security expertAIXpert - AIX Security expert
AIXpert - AIX Security expertdlfrench
 
Java database connectivity
Java database connectivityJava database connectivity
Java database connectivityVaishali Modi
 
Jmeter Performance Testing
Jmeter Performance TestingJmeter Performance Testing
Jmeter Performance TestingAtul Pant
 
Oracle APEX Cheat Sheet
Oracle APEX Cheat SheetOracle APEX Cheat Sheet
Oracle APEX Cheat SheetDimitri Gielis
 
Introducing Playwright's New Test Runner
Introducing Playwright's New Test RunnerIntroducing Playwright's New Test Runner
Introducing Playwright's New Test RunnerApplitools
 
Batchable vs @future vs Queueable
Batchable vs @future vs QueueableBatchable vs @future vs Queueable
Batchable vs @future vs QueueableBoris Bachovski
 
Java 8-streams-collectors-patterns
Java 8-streams-collectors-patternsJava 8-streams-collectors-patterns
Java 8-streams-collectors-patternsJosé Paumard
 
Node.js Express Tutorial | Node.js Tutorial For Beginners | Node.js + Expres...
Node.js Express Tutorial | Node.js Tutorial For Beginners | Node.js +  Expres...Node.js Express Tutorial | Node.js Tutorial For Beginners | Node.js +  Expres...
Node.js Express Tutorial | Node.js Tutorial For Beginners | Node.js + Expres...Edureka!
 
Spring Batch Performance Tuning
Spring Batch Performance TuningSpring Batch Performance Tuning
Spring Batch Performance TuningGunnar Hillert
 
Chapter03 Creating And Managing User Accounts
Chapter03      Creating And  Managing  User  AccountsChapter03      Creating And  Managing  User  Accounts
Chapter03 Creating And Managing User AccountsRaja Waseem Akhtar
 
Test Automation Framework Development Introduction
Test Automation Framework Development IntroductionTest Automation Framework Development Introduction
Test Automation Framework Development IntroductionGanuka Yashantha
 

What's hot (20)

Best practices in deploying IBM Operation Decision Manager Standard 8.8.0
Best practices in deploying IBM Operation Decision Manager Standard 8.8.0Best practices in deploying IBM Operation Decision Manager Standard 8.8.0
Best practices in deploying IBM Operation Decision Manager Standard 8.8.0
 
Introduction to Test Automation - Technology and Tools
Introduction to Test Automation - Technology and ToolsIntroduction to Test Automation - Technology and Tools
Introduction to Test Automation - Technology and Tools
 
Spring Framework Petclinic sample application
Spring Framework Petclinic sample applicationSpring Framework Petclinic sample application
Spring Framework Petclinic sample application
 
ASP.NET Core MVC + Web API with Overview
ASP.NET Core MVC + Web API with OverviewASP.NET Core MVC + Web API with Overview
ASP.NET Core MVC + Web API with Overview
 
Windows PowerShell
Windows PowerShellWindows PowerShell
Windows PowerShell
 
An Introduction to Windows PowerShell
An Introduction to Windows PowerShellAn Introduction to Windows PowerShell
An Introduction to Windows PowerShell
 
PCP
PCPPCP
PCP
 
AIXpert - AIX Security expert
AIXpert - AIX Security expertAIXpert - AIX Security expert
AIXpert - AIX Security expert
 
Java database connectivity
Java database connectivityJava database connectivity
Java database connectivity
 
Jmeter Performance Testing
Jmeter Performance TestingJmeter Performance Testing
Jmeter Performance Testing
 
Oracle APEX Cheat Sheet
Oracle APEX Cheat SheetOracle APEX Cheat Sheet
Oracle APEX Cheat Sheet
 
Introducing Playwright's New Test Runner
Introducing Playwright's New Test RunnerIntroducing Playwright's New Test Runner
Introducing Playwright's New Test Runner
 
Batchable vs @future vs Queueable
Batchable vs @future vs QueueableBatchable vs @future vs Queueable
Batchable vs @future vs Queueable
 
Java 8-streams-collectors-patterns
Java 8-streams-collectors-patternsJava 8-streams-collectors-patterns
Java 8-streams-collectors-patterns
 
React js
React jsReact js
React js
 
Node.js Express Tutorial | Node.js Tutorial For Beginners | Node.js + Expres...
Node.js Express Tutorial | Node.js Tutorial For Beginners | Node.js +  Expres...Node.js Express Tutorial | Node.js Tutorial For Beginners | Node.js +  Expres...
Node.js Express Tutorial | Node.js Tutorial For Beginners | Node.js + Expres...
 
Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019
 
Spring Batch Performance Tuning
Spring Batch Performance TuningSpring Batch Performance Tuning
Spring Batch Performance Tuning
 
Chapter03 Creating And Managing User Accounts
Chapter03      Creating And  Managing  User  AccountsChapter03      Creating And  Managing  User  Accounts
Chapter03 Creating And Managing User Accounts
 
Test Automation Framework Development Introduction
Test Automation Framework Development IntroductionTest Automation Framework Development Introduction
Test Automation Framework Development Introduction
 

Viewers also liked

IBM Social Business Toolkit
IBM Social Business ToolkitIBM Social Business Toolkit
IBM Social Business ToolkitVan Staub, MBA
 
IBM Digital Experience Theme Customization
IBM Digital Experience Theme CustomizationIBM Digital Experience Theme Customization
IBM Digital Experience Theme CustomizationVan Staub, MBA
 
IBM Watson Work Services Development
IBM Watson Work Services DevelopmentIBM Watson Work Services Development
IBM Watson Work Services DevelopmentVan Staub, MBA
 
Dave hay desktop single sign-on in an active directory world
Dave hay   desktop single sign-on in an active directory worldDave hay   desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave Hay
 
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...Dave Hay
 
IBM Connect Switzerland - Der entspannte Administrator
IBM Connect Switzerland - Der entspannte AdministratorIBM Connect Switzerland - Der entspannte Administrator
IBM Connect Switzerland - Der entspannte AdministratorKlaus Bild
 
Migration to IBM SmartCloud Notes
Migration to IBM SmartCloud Notes Migration to IBM SmartCloud Notes
Migration to IBM SmartCloud Notes jackdowning
 
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessOAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessMehdi Medjaoui
 
NEPHP '12: Create a RESTful API
NEPHP '12: Create a RESTful APINEPHP '12: Create a RESTful API
NEPHP '12: Create a RESTful APIAndrew Curioso
 
MongoDB - The database strikes back
MongoDB - The database strikes back MongoDB - The database strikes back
MongoDB - The database strikes back Steven Cooper
 
Tomboy Web Sync Explained
Tomboy Web Sync ExplainedTomboy Web Sync Explained
Tomboy Web Sync ExplainedMohan Krishnan
 
Angular meteor for angular devs
Angular meteor for angular devsAngular meteor for angular devs
Angular meteor for angular devsArc & Codementor
 
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016Restlet
 
VMUG - Using PowerShell to call RESTful APIs
VMUG - Using PowerShell to call RESTful APIsVMUG - Using PowerShell to call RESTful APIs
VMUG - Using PowerShell to call RESTful APIsChris Wahl
 
The Present Future of OAuth
The Present Future of OAuthThe Present Future of OAuth
The Present Future of OAuthMichael Bleigh
 
Joker'15 Java straitjackets for MongoDB
Joker'15 Java straitjackets for MongoDBJoker'15 Java straitjackets for MongoDB
Joker'15 Java straitjackets for MongoDBAlexey Zinoviev
 
VMUG - Picking Up New Skills - Tips and Tricks to Build Your Technical Tool C...
VMUG - Picking Up New Skills - Tips and Tricks to Build Your Technical Tool C...VMUG - Picking Up New Skills - Tips and Tricks to Build Your Technical Tool C...
VMUG - Picking Up New Skills - Tips and Tricks to Build Your Technical Tool C...Chris Wahl
 

Viewers also liked (20)

IBM Social Business Toolkit
IBM Social Business ToolkitIBM Social Business Toolkit
IBM Social Business Toolkit
 
IBM Digital Experience Theme Customization
IBM Digital Experience Theme CustomizationIBM Digital Experience Theme Customization
IBM Digital Experience Theme Customization
 
IBM Single Sign-On
IBM Single Sign-OnIBM Single Sign-On
IBM Single Sign-On
 
IBM Watson Work Services Development
IBM Watson Work Services DevelopmentIBM Watson Work Services Development
IBM Watson Work Services Development
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
 
Dave hay desktop single sign-on in an active directory world
Dave hay   desktop single sign-on in an active directory worldDave hay   desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory world
 
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
 
IBM Connect Switzerland - Der entspannte Administrator
IBM Connect Switzerland - Der entspannte AdministratorIBM Connect Switzerland - Der entspannte Administrator
IBM Connect Switzerland - Der entspannte Administrator
 
Migration to IBM SmartCloud Notes
Migration to IBM SmartCloud Notes Migration to IBM SmartCloud Notes
Migration to IBM SmartCloud Notes
 
OAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guessOAuth In The Real World : 10 actual implementations you can't guess
OAuth In The Real World : 10 actual implementations you can't guess
 
NEPHP '12: Create a RESTful API
NEPHP '12: Create a RESTful APINEPHP '12: Create a RESTful API
NEPHP '12: Create a RESTful API
 
MongoDB - The database strikes back
MongoDB - The database strikes back MongoDB - The database strikes back
MongoDB - The database strikes back
 
Tomboy Web Sync Explained
Tomboy Web Sync ExplainedTomboy Web Sync Explained
Tomboy Web Sync Explained
 
Angular meteor for angular devs
Angular meteor for angular devsAngular meteor for angular devs
Angular meteor for angular devs
 
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016
 
VMUG - Using PowerShell to call RESTful APIs
VMUG - Using PowerShell to call RESTful APIsVMUG - Using PowerShell to call RESTful APIs
VMUG - Using PowerShell to call RESTful APIs
 
The Present Future of OAuth
The Present Future of OAuthThe Present Future of OAuth
The Present Future of OAuth
 
Joker'15 Java straitjackets for MongoDB
Joker'15 Java straitjackets for MongoDBJoker'15 Java straitjackets for MongoDB
Joker'15 Java straitjackets for MongoDB
 
MongoDB Workshop
MongoDB WorkshopMongoDB Workshop
MongoDB Workshop
 
VMUG - Picking Up New Skills - Tips and Tricks to Build Your Technical Tool C...
VMUG - Picking Up New Skills - Tips and Tricks to Build Your Technical Tool C...VMUG - Picking Up New Skills - Tips and Tricks to Build Your Technical Tool C...
VMUG - Picking Up New Skills - Tips and Tricks to Build Your Technical Tool C...
 

Similar to Active Directory Single Sign-On with IBM

AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAmazon Web Services
 
AWS Cyber Security Best Practices
AWS Cyber Security Best PracticesAWS Cyber Security Best Practices
AWS Cyber Security Best PracticesDoiT International
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Amazon Web Services
 
Powering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesPowering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesAmazon Web Services
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats CloudCheckr
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityLalitMohanSharma8
 
AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS  AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS Amazon Web Services
 
(DEV202) Under the Desk to the AWS Cloud with Windows PowerShell
(DEV202) Under the Desk to the AWS Cloud with Windows PowerShell(DEV202) Under the Desk to the AWS Cloud with Windows PowerShell
(DEV202) Under the Desk to the AWS Cloud with Windows PowerShellAmazon Web Services
 
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)Amazon Web Services
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations   Eevidence Collection, Security and Compliance Be...CIS Compliance Automations   Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...Faiza Mehar
 
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...CodeMill digital skills
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersDataWorks Summit
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsHackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
Hack proof your aws cloud cloudcheckr_040416
Hack proof your aws cloud cloudcheckr_040416Hack proof your aws cloud cloudcheckr_040416
Hack proof your aws cloud cloudcheckr_040416Jarrett Plante
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Get On Top of Azure Resource Security Using Secure DevOps Kit for AzureGet On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Get On Top of Azure Resource Security Using Secure DevOps Kit for AzureKasun Kodagoda
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Automating Security in your IaC Pipeline
Automating Security in your IaC PipelineAutomating Security in your IaC Pipeline
Automating Security in your IaC PipelineAmazon Web Services
 
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Amazon Web Services
 
Hackproof Your Cloud – Responding to 2016 Threats
Hackproof Your Cloud – Responding to 2016 ThreatsHackproof Your Cloud – Responding to 2016 Threats
Hackproof Your Cloud – Responding to 2016 ThreatsAmazon Web Services
 

Similar to Active Directory Single Sign-On with IBM (20)

AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
 
AWS Cyber Security Best Practices
AWS Cyber Security Best PracticesAWS Cyber Security Best Practices
AWS Cyber Security Best Practices
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
 
Powering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesPowering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon Workspaces
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS  AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS
 
(DEV202) Under the Desk to the AWS Cloud with Windows PowerShell
(DEV202) Under the Desk to the AWS Cloud with Windows PowerShell(DEV202) Under the Desk to the AWS Cloud with Windows PowerShell
(DEV202) Under the Desk to the AWS Cloud with Windows PowerShell
 
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations   Eevidence Collection, Security and Compliance Be...CIS Compliance Automations   Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
 
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsHackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats
 
Hack proof your aws cloud cloudcheckr_040416
Hack proof your aws cloud cloudcheckr_040416Hack proof your aws cloud cloudcheckr_040416
Hack proof your aws cloud cloudcheckr_040416
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
 
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Get On Top of Azure Resource Security Using Secure DevOps Kit for AzureGet On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Automating Security in your IaC Pipeline
Automating Security in your IaC PipelineAutomating Security in your IaC Pipeline
Automating Security in your IaC Pipeline
 
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
 
Hackproof Your Cloud – Responding to 2016 Threats
Hackproof Your Cloud – Responding to 2016 ThreatsHackproof Your Cloud – Responding to 2016 Threats
Hackproof Your Cloud – Responding to 2016 Threats
 

Recently uploaded

IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 

Recently uploaded (20)

IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 

Active Directory Single Sign-On with IBM

  • 1. Active Directory Single Sign-On Worldwide Business Partner Technical Enablement 2016 Van Staub – North America Embedded Solution Agreement Technical Sales 1
  • 2. Agenda • review in a practical format configuring Active Directory and Active Directory Federation Services • configure SAML with WebSphere • discuss SAML with Connections Cloud • list notable resources at the end
  • 3. Installing and Configuring Active Directory • the “directory” used to perform authentication with IBM software (e.g. WebSphere Portal) • provides a variety of authentication mechanisms almost out of the box – namely SAML, SPNEGO, and LDAP • very easy to get started
  • 10. Active Directory Federation Services 2.0 • supports SAML authentication with ”relying parties” • SAML is a protocol that specifies the identity of a user in an encrypted format • identity of the user is provided using a “claim” (i.e. sAMAccountName or email address)
  • 12. Installing and Configuring ADFS 2.0 • install the ADFS 2.0 software • configure the first federation server • manually add the SSL certificate to IIS if one is not listed as available to use (I re-used a certificate; you can create a self-signed if needed) • verify the SSL certificate you imported is also set as the Token-Signing certificate • also make sure it’s the primary certificate
  • 15. manually importing the SSL certificate into IIS
  • 18. Configuring WebSphere for SAML • ensure that security is enabled and working with Active Directory • install the SAML ACS enterprise application • configure the SAML TAI to work with the ADFS IdP • steps create a global configuration • steps are shown manually for clarity
  • 19. • simply deploys the SAML ACS enterprise application • can also be done manually
  • 20. • Using WAS Console go to Security -> Global Security -> Web and SIP security - > Trust Association • Uncheck Enable trust association
  • 21. • Click Interceptors • com.ibm.ws.secu rity.web.saml.AC STrustAssociatio nInterceptor • add settings seen in screenshot
  • 22. • Using WAS Console go to Security -> Global Security -> Custom Properties • add settings seen in screenshot
  • 23. • Using WAS Console go to Security -> SSL Certificate and Key Management -> Key stores and Certificates • either NodeDefaultTrust Store or CellDefaultTrustST ore • Add SSL certificate (public key) manually or retrieve from port (i.e. the IIS server) the Token-Signer certificate specified earlier
  • 24. certificate alias you just added to the TrustStore
  • 25. • Using WAS Console go to Security -> Federated Repositories -> Configure • Click Trusted authentication realms - inbound • add external ream settings seen in screenshot Federation Server identifier seen earlier
  • 26. • Using WAS Console go to Security -> Global Security -> Web and SIP security -> Trust Association • Check Enable trust association
  • 27. Creating the Partnership • SAML 2.0 metadata XML can be exported from WebSphere and imported into ADFS • use AdminTask.exportSAMLSpMetadata(‘-spMetadataFileName <SpMetaDataFile> -ssoId 1′) sso_1.sp.acsURL sso_1.sp.acsURL
  • 28. use defaults on next screens
  • 30. Resources Understanding the WebSphere Application Server SAML Trust Association Interceptor http://www.ibm.com/developerworks/websphere/techjournal/1307_lansche/1307_lansche.html Step by step guide to implement SAML 2.0 for Portal 8.5 https://developer.ibm.com/digexp/docs/docs/customization-administration/step-step-guide-implement- saml-2-0-portal-8-5/ Front Side SAML SSO with microsoft product (ADFS -> WAS SAML TAI) https://www.ibm.com/developerworks/community/blogs/8f2bc166-3bdc-4a9d-bad4- 3620dbb3e46c/entry/Front_Side_SAML_SSO_with_microsoft_product_ADFS_WAS_SAML_TAI?lang =en Step-by-Step guide to Configure Single sign-on for HTTP requests using SPNEGO web authentication https://www-10.lotus.com/ldd/portalwiki.nsf/dx/Step-by-Step_guide_to_Configure_Single_sign- on_for_HTTP_requests_using_SPNEGO_web_authentication AD + SAML + Kerberos + IBM Notes and Domino = SSO! http://www.andypedisich.com/blogs/andysblog.nsf/dx/robs-saml-presentation-from-mwlug-has-been- posted.htm BP104 Simplifying The S’s: Single Sign-On, SPNEGO and SAML (2014) http://www.idonotes.com/IdoNotes/IdoConnect2013.nsf/dx/bp104-simplifying-the-ss-single-sign-on- spnego-and-saml-2014.htm