Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Single sign on (SSO) How does your company apply?

4,735 views

Published on

SSO is not a new concept, even we’ve heard very much in your work or research. It's useful but it’s really belong to administration/management people? It's interesting for users but it's really complex and headache for someone implement it? Especially nowadays, we are in an age of Troika Computing: Cloud, Social Network, Mobile, Big data and federation problems. So, with being a professional organisation, or being a skilled member in development team, you will start from where? what is your knowledge about it? which methods will you choose to implement in your organisation? how to develop or intergrate to your customers' products? how does your organisation deploy to support customers and partners...

Single sign on (SSO) How does your company apply?

  1. 1. Single Sign On (SSO) How does your company apply? Do Duy Trung
  2. 2. Who???
  3. 3. Agenda - Overview - What? Why? Where? Which? How? - Q&A
  4. 4. IdM, AIM (Access & Identity Management)
  5. 5. Computing Troika Cloud Computing Social Computing Mobile Computing
  6. 6. We are ... USER password P@ssw0rd account? username? IT where? where? where? PIN ID
  7. 7. ???
  8. 8. What is SSO? A session/user authentication process in order to access multiple services/apps → Eliminates login prompts during a particular session. → Reduced Sign On (RSO)
  9. 9. Adv - uniform AaA policies - audit session - not have to understand - desk cost savings Dis-adv - single point of enterprise failure - data integrity
  10. 10. Diagram Sign-On Single Sign-On
  11. 11. User Account Manager OR SSO Product Protocol? Token?
  12. 12. Concepts & Protocols? SAML 2.0 OpenID Connect Others Description - Most widely adopted standard for Web SSO. - XML based. - Most promissing successor to SAML. - JSON based - A profile of OAuth 2. - Promises better support for mobile. - Earlier protocols that are still in use should be deprecated. - Cookie based (LtpaToken, LtpaToken2,...) Relavant jargon - Identity Provider (IdP) - Service Provider (SP) - Attributes - SP Metadata - OpenID Provider (OP) - Relying Party (RP) - User claims - Client Claims Kerberos, RADIUS, LDAP, WS-*, OpenID 2, CAS
  13. 13. Perform where? SP initiated SSO IdP initiated SSO
  14. 14. Examples
  15. 15. Code where?
  16. 16. Store where? - AD - OpenLDAP - Realm - Database
  17. 17. Classification - ESSO (Enterprise SSO) - WSSO (Web SSO) - Cloud SSO - Federated SSO
  18. 18. Classification (cont…) - Cookie based SSO - Token based SSO (XML, JSON) - MVF (multi value factor) authentication
  19. 19. Which products? SaaS Okta, OneLogin, Stormpath, Symplified - No root access to the server. If there's a security breach, it affects everyone - Per user or per application pricing can become costly Open Source Gluu, ForgeRock, CAS, Indepedent integrators and consulting shops - Expensive to design and build - High cost of care and feeding - Hard to support new app integrations Enterprise Software Oracle Access Manager, CA SiteMinder, IBM Tivoli Access Manager, RSA Cleartrust, Microsoft ADFS, Ping Federate,... - Expensive license fees - Vendor lock-in
  20. 20. How to do? - Ask yourself? - Ask your organisation? - Ask your customer? - Ask your partner? - Ask your producer?
  21. 21. Steps for Effective SSO Deployments Step 1. Get power users and executive sponsorship Step 2. Establish deployment goals and priorities Step 3. Understand end user resistance to change Step 4. Include the right people and resources in the project Step 5. Train people at all phases Step 6. Test thoroughly Step 7. Market the solution
  22. 22. Scenarios
  23. 23. Q&A
  24. 24. Thank you very much!
  25. 25. References - http://en.wikipedia.org/wiki/Single_sign-on - http://www.opengroup.org/security/sso/sso_intro.htm - http://searchsecurity.techtarget.com/definition/single-sign-on - http://www.authenticationworld.com/Single-Sign-On-Authentication/ - http://www.giac.org/paper/gsec/3618/single-sign-concepts-protocols/105876 - http://www.slideshare.net/gluu/sso-101 - http://qualtrics.com/wp-content/uploads/2013/05/SSO-Single-Sign-On-Specification.pdf - http://mauriziostorani.wordpress.com/2008/07/21/single-sign-on-sso-concepts-methods-and-frameworks/ - https://www.imprivata.com/customer-success/best-practices/7-steps-for-effective-sso-deployments - http://www.juniper.net/techpubs/en_US/sa8.0/topics/example/example-simple/secure-access-saml-cloud-googleapps.html - http://www.authenticationworld.com/Single-Sign-On-Authentication/101ThingsToKnowAboutSingleSignOn.pdf - http://www.timberlinetechnologies.com/products/sso.html
  26. 26. References - http://www.giac.org/paper/gsec/3618/single-sign-concepts-protocols/105876 - http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO - http://technet.microsoft.com/en-us/library/cc727987(v=ws.10).aspx - http://mauriziostorani.wordpress.com/2008/07/21/single-sign-on-sso-concepts-methods-and-frameworks/ - https://wiki.developerforce.com/page/Implementing_Single_Sign-On_Across_Multiple_Organizations - http://www.juniper.net/techpubs/en_US/sa8.0/topics/example/example-simple/secure-access-saml-cloud-googleapps.html - http://blog.empowerid.com/top-5-federated-single-sign-on-sso-scenarios?&__hssc=&__hstc&hsCtaTracking=a388cefe- 1353-4d80-8702-15118a0712c2%7C55b814cc-7c33-4574-baa4-978c98fc8485

×