SlideShare a Scribd company logo

Api gateway @ vaudoise assurances

SmartWave
SmartWave

Discover how Vaudoise Assurance company implemented a Web SSO solution with Axway API Gateway to improve partner and customer engagement.

Software
1 of 8
Axway APIGW A customer feedback 01/02/2018
Context 01/02/2018 2 Private Customers Enterprise Customers Partners Employees ▪ SAML WebSSO solution ▪ IGB2B constraints ▪ Local Identity Provider (IDP) RFP POC IDP 2014 2015 2016 2017 POC IDP Axway Other federations POC SAML MeP MeP MeP Note: WebSSO was not the only task in order to have a "go production" Audit Audit simplesamlphp
Solution 01/02/2018 3 WebSSO policies Authentification level criteria • Application default level • User's group based • Restricted zone (URL, group based) Perimetrical authentification level • No authentification • SAML (sp and idp initiated) • Username/password • OIDC • Facebook Connect • Kerberos backends User repository authN OTP • SMS (email2sms / soap) Step-Up authN supported Backend definition • Applications • Population Different user registries • External users • Employees Anti bruteforce SAML anti replay Backend authentification • JWT • Attribute mapping (saml) • Kerberos AuthZ • Group based Customization of logon pages / error messages DNS alias support authZ MISC
Topology 401/02/2018
Non-regression testing (@Vaudoise) 5 • JWT application & Kerberos application ▪ Employees Kerberos ▪ Employees Username/password/OTP ▪ External username/password/OTP ▪ External SAML (sp/idp) ▪ External OIDC • SSO • AuthN failure • SAML anti-replay / validity / … • SAML SLO • Stepup-authN • Timeout verification • AuthZ verification • Attribute mapping • Alias • Group based authN • … 01/02/2018
Axway apigw advantages / disadvantages • Advantages • Toolbox with lots of predefined filters in order to build a solution. Caution: some filter may not be appropriate (example: OIDC) • Java code in order to implement about everything we want…. • Business requirements, as well as IGB2B constraints have been implemented • Stable solution 01/02/2018 6 • Disadvantages • Time consuming (specifications) • Non-regression testing • No Axway support for the custom solution • No Smartwave SLA contract support for the custom solution • Product lacks of true IDP, but… • We setup an Access Control Solution (SAML SP, OIDP RP, Identity transformation) Our context Interested in our integration work? We are willing to share our policies
01/02/2018 7 Questions ? ? ??
01/02/2018 8 Merci de votre attention Dorian Rougier / Smartwave Chris Dixon / Smartwave Christian Gigandet / Vaudoise Assurances

Recommended

Developing for Next Gen Identity Services
Developing for Next Gen Identity ServicesDeveloping for Next Gen Identity Services
Developing for Next Gen Identity ServicesForgeRock
 
SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and LiferayMika Koivisto
 
Gestión de identidad en Cloud
Gestión de identidad en CloudGestión de identidad en Cloud
Gestión de identidad en CloudIbon Landa
 
Session 3c The SF SaaS Framework
Session 3c The SF SaaS FrameworkSession 3c The SF SaaS Framework
Session 3c The SF SaaS FrameworkCode Mastery
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCraig Wu
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2
 
Synergies across APIs and IAM
Synergies across APIs and IAMSynergies across APIs and IAM
Synergies across APIs and IAMSagara Gunathunga
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 

Recommended

Developing for Next Gen Identity Services
Developing for Next Gen Identity ServicesDeveloping for Next Gen Identity Services
Developing for Next Gen Identity ServicesForgeRock
 
SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and LiferayMika Koivisto
 
Gestión de identidad en Cloud
Gestión de identidad en CloudGestión de identidad en Cloud
Gestión de identidad en CloudIbon Landa
 
Session 3c The SF SaaS Framework
Session 3c The SF SaaS FrameworkSession 3c The SF SaaS Framework
Session 3c The SF SaaS FrameworkCode Mastery
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCraig Wu
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2
 
Synergies across APIs and IAM
Synergies across APIs and IAMSynergies across APIs and IAM
Synergies across APIs and IAMSagara Gunathunga
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
API Economy, Realizing the Business Value of APIs
API Economy, Realizing the Business Value of APIsAPI Economy, Realizing the Business Value of APIs
API Economy, Realizing the Business Value of APIsColdFusionConference
 
Preparing for Office 365
Preparing for Office 365Preparing for Office 365
Preparing for Office 365Jan Egil Ring
 
Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応Naohiro Fujie
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOpenIDFoundation
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewNYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewForgeRock
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguru122
 
Securing Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity ServerSecuring Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity ServerWSO2
 
MongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence Architecture
MongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence ArchitectureMongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence Architecture
MongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence ArchitectureMongoDB
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with EverythingDave Hay
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Azure and web sites hackaton deck
Azure and web sites hackaton deckAzure and web sites hackaton deck
Azure and web sites hackaton deckAlexey Bokov
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04Paul Madsen
 
Azure AD for browser-based application developers
Azure AD for browser-based application developersAzure AD for browser-based application developers
Azure AD for browser-based application developersBob German
 
Asp.net identity dot netconf
Asp.net identity dot netconfAsp.net identity dot netconf
Asp.net identity dot netconfrustd
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborationsjbasney
 
Open Source Identity Management
Open Source Identity ManagementOpen Source Identity Management
Open Source Identity ManagementRadovan Semancik
 
Azure Application insights - An Introduction
Azure Application insights - An IntroductionAzure Application insights - An Introduction
Azure Application insights - An IntroductionMatthias Güntert
 
Azure AD B2C – integration in a bank
Azure AD B2C – integration in a bankAzure AD B2C – integration in a bank
Azure AD B2C – integration in a bankKseniia Lvova
 
How to build an API strategy - Dorian Rougierx.
How to build an API strategy - Dorian Rougierx. How to build an API strategy - Dorian Rougierx.
How to build an API strategy - Dorian Rougierx.SmartWave
 
Répondre aux défis de la gestion des factures fournisseurs
Répondre aux défis de la gestion des factures fournisseursRépondre aux défis de la gestion des factures fournisseurs
Répondre aux défis de la gestion des factures fournisseursSmartWave
 

More Related Content

Similar to Api gateway @ vaudoise assurances

API Economy, Realizing the Business Value of APIs
API Economy, Realizing the Business Value of APIsAPI Economy, Realizing the Business Value of APIs
API Economy, Realizing the Business Value of APIsColdFusionConference
 
Preparing for Office 365
Preparing for Office 365Preparing for Office 365
Preparing for Office 365Jan Egil Ring
 
Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応Naohiro Fujie
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOpenIDFoundation
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewNYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewForgeRock
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguru122
 
Securing Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity ServerSecuring Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity ServerWSO2
 
MongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence Architecture
MongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence ArchitectureMongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence Architecture
MongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence ArchitectureMongoDB
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with EverythingDave Hay
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Azure and web sites hackaton deck
Azure and web sites hackaton deckAzure and web sites hackaton deck
Azure and web sites hackaton deckAlexey Bokov
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04Paul Madsen
 
Azure AD for browser-based application developers
Azure AD for browser-based application developersAzure AD for browser-based application developers
Azure AD for browser-based application developersBob German
 
Asp.net identity dot netconf
Asp.net identity dot netconfAsp.net identity dot netconf
Asp.net identity dot netconfrustd
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborationsjbasney
 
Open Source Identity Management
Open Source Identity ManagementOpen Source Identity Management
Open Source Identity ManagementRadovan Semancik
 
Azure Application insights - An Introduction
Azure Application insights - An IntroductionAzure Application insights - An Introduction
Azure Application insights - An IntroductionMatthias Güntert
 
Azure AD B2C – integration in a bank
Azure AD B2C – integration in a bankAzure AD B2C – integration in a bank
Azure AD B2C – integration in a bankKseniia Lvova
 

Similar to Api gateway @ vaudoise assurances (20)

API Economy, Realizing the Business Value of APIs
API Economy, Realizing the Business Value of APIsAPI Economy, Realizing the Business Value of APIs
API Economy, Realizing the Business Value of APIs
 
Preparing for Office 365
Preparing for Office 365Preparing for Office 365
Preparing for Office 365
 
Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応Ad(microsoftの方)のOpenId Connect対応
Ad(microsoftの方)のOpenId Connect対応
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
 
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform OverviewNYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxford
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxford
 
Securing Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity ServerSecuring Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity Server
 
MongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence Architecture
MongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence ArchitectureMongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence Architecture
MongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence Architecture
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
Azure and web sites hackaton deck
Azure and web sites hackaton deckAzure and web sites hackaton deck
Azure and web sites hackaton deck
 
Jan19 scim webinar-04
Jan19 scim webinar-04Jan19 scim webinar-04
Jan19 scim webinar-04
 
Azure AD for browser-based application developers
Azure AD for browser-based application developersAzure AD for browser-based application developers
Azure AD for browser-based application developers
 
Asp.net identity dot netconf
Asp.net identity dot netconfAsp.net identity dot netconf
Asp.net identity dot netconf
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
Open Source Identity Management
Open Source Identity ManagementOpen Source Identity Management
Open Source Identity Management
 
Azure Application insights - An Introduction
Azure Application insights - An IntroductionAzure Application insights - An Introduction
Azure Application insights - An Introduction
 
Azure AD B2C – integration in a bank
Azure AD B2C – integration in a bankAzure AD B2C – integration in a bank
Azure AD B2C – integration in a bank
 

More from SmartWave

How to build an API strategy - Dorian Rougierx.
How to build an API strategy - Dorian Rougierx. How to build an API strategy - Dorian Rougierx.
How to build an API strategy - Dorian Rougierx.SmartWave
 
Répondre aux défis de la gestion des factures fournisseurs
Répondre aux défis de la gestion des factures fournisseursRépondre aux défis de la gestion des factures fournisseurs
Répondre aux défis de la gestion des factures fournisseursSmartWave
 
SmartTechTalk : Asynchronous messaging
SmartTechTalk : Asynchronous messagingSmartTechTalk : Asynchronous messaging
SmartTechTalk : Asynchronous messagingSmartWave
 
Data Virtualisation and API Management United
Data Virtualisation and API Management UnitedData Virtualisation and API Management United
Data Virtualisation and API Management UnitedSmartWave
 
Data Agility and Security with Data Virtualisation
Data Agility and Security with Data VirtualisationData Agility and Security with Data Virtualisation
Data Agility and Security with Data VirtualisationSmartWave
 
API Program Lessons learned
API Program Lessons learnedAPI Program Lessons learned
API Program Lessons learnedSmartWave
 
Customer testimonal API Program Lessons learned
Customer testimonal API Program Lessons learnedCustomer testimonal API Program Lessons learned
Customer testimonal API Program Lessons learnedSmartWave
 
API Management Microservices beyond HIP
API Management Microservices beyond HIPAPI Management Microservices beyond HIP
API Management Microservices beyond HIPSmartWave
 
How does an API management strategy support your digital transformation?
How does an API management strategy support your digital transformation?How does an API management strategy support your digital transformation?
How does an API management strategy support your digital transformation?SmartWave
 
Monitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stackMonitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stackSmartWave
 
The elastic stack on docker
The elastic stack on dockerThe elastic stack on docker
The elastic stack on dockerSmartWave
 
Gestion des logs de vos containers avec elastic !
Gestion des logs de vos containers avec elastic !Gestion des logs de vos containers avec elastic !
Gestion des logs de vos containers avec elastic !SmartWave
 
How api management supports the digital transformation process
How api management supports the digital transformation processHow api management supports the digital transformation process
How api management supports the digital transformation processSmartWave
 
Docker Geneva Meetup - Jelastic
Docker Geneva Meetup - JelasticDocker Geneva Meetup - Jelastic
Docker Geneva Meetup - JelasticSmartWave
 
Docker Geneva Meetup - Swarm
Docker Geneva Meetup - SwarmDocker Geneva Meetup - Swarm
Docker Geneva Meetup - SwarmSmartWave
 
Docker Geneva Meetup - Kubernetes
Docker Geneva Meetup - KubernetesDocker Geneva Meetup - Kubernetes
Docker Geneva Meetup - KubernetesSmartWave
 
Dématérialisation du traitement des factures
Dématérialisation du traitement des facturesDématérialisation du traitement des factures
Dématérialisation du traitement des facturesSmartWave
 
Axway amplify api management platform
Axway amplify api management platformAxway amplify api management platform
Axway amplify api management platformSmartWave
 
MSC Digital transformation with Axway API Management products and SmartWave S...
MSC Digital transformation with Axway API Management products and SmartWave S...MSC Digital transformation with Axway API Management products and SmartWave S...
MSC Digital transformation with Axway API Management products and SmartWave S...SmartWave
 

More from SmartWave (20)

How to build an API strategy - Dorian Rougierx.
How to build an API strategy - Dorian Rougierx. How to build an API strategy - Dorian Rougierx.
How to build an API strategy - Dorian Rougierx.
 
Répondre aux défis de la gestion des factures fournisseurs
Répondre aux défis de la gestion des factures fournisseursRépondre aux défis de la gestion des factures fournisseurs
Répondre aux défis de la gestion des factures fournisseurs
 
SmartTechTalk : Asynchronous messaging
SmartTechTalk : Asynchronous messagingSmartTechTalk : Asynchronous messaging
SmartTechTalk : Asynchronous messaging
 
Data Virtualisation and API Management United
Data Virtualisation and API Management UnitedData Virtualisation and API Management United
Data Virtualisation and API Management United
 
Data Agility and Security with Data Virtualisation
Data Agility and Security with Data VirtualisationData Agility and Security with Data Virtualisation
Data Agility and Security with Data Virtualisation
 
API Program Lessons learned
API Program Lessons learnedAPI Program Lessons learned
API Program Lessons learned
 
Customer testimonal API Program Lessons learned
Customer testimonal API Program Lessons learnedCustomer testimonal API Program Lessons learned
Customer testimonal API Program Lessons learned
 
API Management Microservices beyond HIP
API Management Microservices beyond HIPAPI Management Microservices beyond HIP
API Management Microservices beyond HIP
 
How does an API management strategy support your digital transformation?
How does an API management strategy support your digital transformation?How does an API management strategy support your digital transformation?
How does an API management strategy support your digital transformation?
 
Monitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stackMonitoring docker, k8s and your applications with the elastic stack
Monitoring docker, k8s and your applications with the elastic stack
 
The elastic stack on docker
The elastic stack on dockerThe elastic stack on docker
The elastic stack on docker
 
Gestion des logs de vos containers avec elastic !
Gestion des logs de vos containers avec elastic !Gestion des logs de vos containers avec elastic !
Gestion des logs de vos containers avec elastic !
 
API Trends
API TrendsAPI Trends
API Trends
 
How api management supports the digital transformation process
How api management supports the digital transformation processHow api management supports the digital transformation process
How api management supports the digital transformation process
 
Docker Geneva Meetup - Jelastic
Docker Geneva Meetup - JelasticDocker Geneva Meetup - Jelastic
Docker Geneva Meetup - Jelastic
 
Docker Geneva Meetup - Swarm
Docker Geneva Meetup - SwarmDocker Geneva Meetup - Swarm
Docker Geneva Meetup - Swarm
 
Docker Geneva Meetup - Kubernetes
Docker Geneva Meetup - KubernetesDocker Geneva Meetup - Kubernetes
Docker Geneva Meetup - Kubernetes
 
Dématérialisation du traitement des factures
Dématérialisation du traitement des facturesDématérialisation du traitement des factures
Dématérialisation du traitement des factures
 
Axway amplify api management platform
Axway amplify api management platformAxway amplify api management platform
Axway amplify api management platform
 
MSC Digital transformation with Axway API Management products and SmartWave S...
MSC Digital transformation with Axway API Management products and SmartWave S...MSC Digital transformation with Axway API Management products and SmartWave S...
MSC Digital transformation with Axway API Management products and SmartWave S...
 

Recently uploaded

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 

Recently uploaded (20)

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 

Api gateway @ vaudoise assurances

  • 2. Context 01/02/2018 2 Private Customers Enterprise Customers Partners Employees ▪ SAML WebSSO solution ▪ IGB2B constraints ▪ Local Identity Provider (IDP) RFP POC IDP 2014 2015 2016 2017 POC IDP Axway Other federations POC SAML MeP MeP MeP Note: WebSSO was not the only task in order to have a "go production" Audit Audit simplesamlphp
  • 3. Solution 01/02/2018 3 WebSSO policies Authentification level criteria • Application default level • User's group based • Restricted zone (URL, group based) Perimetrical authentification level • No authentification • SAML (sp and idp initiated) • Username/password • OIDC • Facebook Connect • Kerberos backends User repository authN OTP • SMS (email2sms / soap) Step-Up authN supported Backend definition • Applications • Population Different user registries • External users • Employees Anti bruteforce SAML anti replay Backend authentification • JWT • Attribute mapping (saml) • Kerberos AuthZ • Group based Customization of logon pages / error messages DNS alias support authZ MISC
  • 5. Non-regression testing (@Vaudoise) 5 • JWT application & Kerberos application ▪ Employees Kerberos ▪ Employees Username/password/OTP ▪ External username/password/OTP ▪ External SAML (sp/idp) ▪ External OIDC • SSO • AuthN failure • SAML anti-replay / validity / … • SAML SLO • Stepup-authN • Timeout verification • AuthZ verification • Attribute mapping • Alias • Group based authN • … 01/02/2018
  • 6. Axway apigw advantages / disadvantages • Advantages • Toolbox with lots of predefined filters in order to build a solution. Caution: some filter may not be appropriate (example: OIDC) • Java code in order to implement about everything we want…. • Business requirements, as well as IGB2B constraints have been implemented • Stable solution 01/02/2018 6 • Disadvantages • Time consuming (specifications) • Non-regression testing • No Axway support for the custom solution • No Smartwave SLA contract support for the custom solution • Product lacks of true IDP, but… • We setup an Access Control Solution (SAML SP, OIDP RP, Identity transformation) Our context Interested in our integration work? We are willing to share our policies
  • 8. 01/02/2018 8 Merci de votre attention Dorian Rougier / Smartwave Chris Dixon / Smartwave Christian Gigandet / Vaudoise Assurances