SlideShare a Scribd company logo

Design Pattern for Federated Single Sign-On Access

Mike Reams
Mike Reams

A Design Pattern provides a scheme for refining the subsystems or components of a software system, or the relationships between them

Technology
1 of 1
Federated Enterprise Single Sign-On Architecture Design Pattern – Tier 1 Solution Building Block Version: 1.0 Author: Mike Reams Last Modified: Design Pattern Federated Single Sign-On (SSO) A Design Pattern provides a scheme for refining the subsystems or components of a software system, or the relationships between them. It describes commonly recurring structure of communicating components that solves a general design problem within a particular context . Architectural patterns are similar to software design patterns but have a broader scope. The architectural patterns address various issues in software engineering, such as computer hardware performance limitations, high availability and minimization of a business risk. Federated SSO The Industry Standard is SAML 2.0 with Organizational Standard of assertions use SAML 2.0 Post Bindings. Supported use cases are (1) IdP Initiated; (2) SP Initiated; (3)IdP Trusted; (4) SP Real-Time Registration; Preference is to Sign both the SAML Assertion Request & Response. With PII data, entire xml must be encrypted end-to-end over the SOAP channel. SP=Service Provider | IdP=Identity Provider Architecture Domain(s) Identity Management | Security | Middleware Web Server (SP) Access Manager Access Policy General Architecture Assertion Consumer Service (ACS) Service Provider Service Provider Initiated (SP) Web Service Metadata Exchange Invokes IdPInvokes SP Identity Provider 4. IdP posts SAML Response with 10 digit ID SP Trusted User IdP Trusted User Guest User Service Provider B. Certificate & URI exchange (Build Trust) 1. User invokes a Service Provider (SP) protected URL 2. SP sends user to IdP with SAML Redirect Post Request 3. User enters credentials on IdP Login page 1. User invokes IdP protected application A. Identity Exchange 6. SP grants authorization Application 5b. SP trusted user is redirected with an IdM SAML assertion to access SP 3. User enters credentials on IdP Login page 2. IdP sends guest user to Login page (challenge URL) Assertion Consumer Service (ACS) 4. IdP posts SAML Request with a valid 10 digit ID Application 6. IdP user is authorized w/ token to access SP 5a. SP trusted user is registered real-time if not found 5. IdP Creates token for On-Prem Access

Recommended

Synopsis of online Attendance System
Synopsis of online Attendance SystemSynopsis of online Attendance System
Synopsis of online Attendance SystemShyam Sundar Pandey
 
Collaboration diagram- UML diagram
Collaboration diagram- UML diagram Collaboration diagram- UML diagram
Collaboration diagram- UML diagram Ramakant Soni
 
SCHOOL BUS ROUTING MANAGEMENT SYSTEM [FINAL]
SCHOOL BUS ROUTING MANAGEMENT SYSTEM [FINAL]SCHOOL BUS ROUTING MANAGEMENT SYSTEM [FINAL]
SCHOOL BUS ROUTING MANAGEMENT SYSTEM [FINAL]ayushi goyal
 
Online Examination System Report
Online Examination System ReportOnline Examination System Report
Online Examination System ReportAnkan Banerjee
 
MDD: Models, frameworks, & code generation
MDD: Models, frameworks, & code generationMDD: Models, frameworks, & code generation
MDD: Models, frameworks, & code generationPedro J. Molina
 
ORGAN DONATION MANAGEMENT SYSTEM (PROJECT: ODMS)
ORGAN DONATION MANAGEMENT SYSTEM (PROJECT: ODMS)ORGAN DONATION MANAGEMENT SYSTEM (PROJECT: ODMS)
ORGAN DONATION MANAGEMENT SYSTEM (PROJECT: ODMS)IJCSEA Journal
 
App Proposals - Cab Booking
App Proposals - Cab BookingApp Proposals - Cab Booking
App Proposals - Cab BookingVibes Communications Pvt Ltd
 
Data power use cases
Data power use casesData power use cases
Data power use casessflynn073
 

Recommended

Synopsis of online Attendance System
Synopsis of online Attendance SystemSynopsis of online Attendance System
Synopsis of online Attendance SystemShyam Sundar Pandey
 
Collaboration diagram- UML diagram
Collaboration diagram- UML diagram Collaboration diagram- UML diagram
Collaboration diagram- UML diagram Ramakant Soni
 
SCHOOL BUS ROUTING MANAGEMENT SYSTEM [FINAL]
SCHOOL BUS ROUTING MANAGEMENT SYSTEM [FINAL]SCHOOL BUS ROUTING MANAGEMENT SYSTEM [FINAL]
SCHOOL BUS ROUTING MANAGEMENT SYSTEM [FINAL]ayushi goyal
 
Online Examination System Report
Online Examination System ReportOnline Examination System Report
Online Examination System ReportAnkan Banerjee
 
MDD: Models, frameworks, & code generation
MDD: Models, frameworks, & code generationMDD: Models, frameworks, & code generation
MDD: Models, frameworks, & code generationPedro J. Molina
 
ORGAN DONATION MANAGEMENT SYSTEM (PROJECT: ODMS)
ORGAN DONATION MANAGEMENT SYSTEM (PROJECT: ODMS)ORGAN DONATION MANAGEMENT SYSTEM (PROJECT: ODMS)
ORGAN DONATION MANAGEMENT SYSTEM (PROJECT: ODMS)IJCSEA Journal
 
App Proposals - Cab Booking
App Proposals - Cab BookingApp Proposals - Cab Booking
App Proposals - Cab BookingVibes Communications Pvt Ltd
 
Data power use cases
Data power use casesData power use cases
Data power use casessflynn073
 
Online vehicle showroom DB project
Online vehicle showroom DB projectOnline vehicle showroom DB project
Online vehicle showroom DB projectTish997
 
Food delivery application report
Food delivery application reportFood delivery application report
Food delivery application reportAshwinBicholiya
 
SRS for online examination system
SRS for online examination systemSRS for online examination system
SRS for online examination systemlunarrain
 
online education system project report
online education system project reportonline education system project report
online education system project reportHagi Sahib
 
Flipkart Software Requirements Specification (SRS)
Flipkart Software Requirements Specification (SRS)Flipkart Software Requirements Specification (SRS)
Flipkart Software Requirements Specification (SRS)Aman Goel
 
Visio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowVisio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowMike Reams
 
Project report college information management system on Advanced Java
Project report college information management system on Advanced JavaProject report college information management system on Advanced Java
Project report college information management system on Advanced JavaRishabh Kumar ☁️
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best PracticesSalesforce Developers
 
Cab booking system india
Cab booking system indiaCab booking system india
Cab booking system indiaCustom Soft
 
Component Diagram
Component DiagramComponent Diagram
Component DiagramAhmed Yousef
 
Interfaces & Packages V2
Interfaces & Packages V2Interfaces & Packages V2
Interfaces & Packages V2Dr Anjan Krishnamurthy
 
Car rental system_newfinal2
Car rental system_newfinal2Car rental system_newfinal2
Car rental system_newfinal2rajdeep0007
 
Online Examination System with remote proctoring
Online Examination System with remote proctoringOnline Examination System with remote proctoring
Online Examination System with remote proctoringSplashgain Technology Solutions Pvt Ltd.
 
Attendance Management Report 2016
Attendance Management Report 2016Attendance Management Report 2016
Attendance Management Report 2016Pooja Maan
 
SOA Principles : 5. service abstraction
SOA Principles : 5. service abstractionSOA Principles : 5. service abstraction
SOA Principles : 5. service abstractionMohamed Zakarya Abdelgawad
 
Minor project Report for "Quiz Application"
Minor project Report for "Quiz Application"Minor project Report for "Quiz Application"
Minor project Report for "Quiz Application"Harsh Verma
 
IBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparisonIBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparisonIBM DataPower Gateway
 
car rental management system project
car rental management system project car rental management system project
car rental management system project Mubashar Hussain
 
Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document) Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document) Fatima Qayyum
 
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis OverviewSAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis OverviewSAP Technology
 
SharePoint Connector – Setup and Configuration
SharePoint Connector – Setup and ConfigurationSharePoint Connector – Setup and Configuration
SharePoint Connector – Setup and ConfigurationAdobe
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuthDan Brinkmann
 

More Related Content

What's hot

Online vehicle showroom DB project
Online vehicle showroom DB projectOnline vehicle showroom DB project
Online vehicle showroom DB projectTish997
 
Food delivery application report
Food delivery application reportFood delivery application report
Food delivery application reportAshwinBicholiya
 
SRS for online examination system
SRS for online examination systemSRS for online examination system
SRS for online examination systemlunarrain
 
online education system project report
online education system project reportonline education system project report
online education system project reportHagi Sahib
 
Flipkart Software Requirements Specification (SRS)
Flipkart Software Requirements Specification (SRS)Flipkart Software Requirements Specification (SRS)
Flipkart Software Requirements Specification (SRS)Aman Goel
 
Visio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowVisio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowMike Reams
 
Project report college information management system on Advanced Java
Project report college information management system on Advanced JavaProject report college information management system on Advanced Java
Project report college information management system on Advanced JavaRishabh Kumar ☁️
 
Cab booking system india
Cab booking system indiaCab booking system india
Cab booking system indiaCustom Soft
 
Car rental system_newfinal2
Car rental system_newfinal2Car rental system_newfinal2
Car rental system_newfinal2rajdeep0007
 
Attendance Management Report 2016
Attendance Management Report 2016Attendance Management Report 2016
Attendance Management Report 2016Pooja Maan
 
Minor project Report for "Quiz Application"
Minor project Report for "Quiz Application"Minor project Report for "Quiz Application"
Minor project Report for "Quiz Application"Harsh Verma
 
IBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparisonIBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparisonIBM DataPower Gateway
 
car rental management system project
car rental management system project car rental management system project
car rental management system project Mubashar Hussain
 
Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document) Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document) Fatima Qayyum
 
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis OverviewSAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis OverviewSAP Technology
 

What's hot (20)

Online vehicle showroom DB project
Online vehicle showroom DB projectOnline vehicle showroom DB project
Online vehicle showroom DB project
 
Food delivery application report
Food delivery application reportFood delivery application report
Food delivery application report
 
SRS for online examination system
SRS for online examination systemSRS for online examination system
SRS for online examination system
 
online education system project report
online education system project reportonline education system project report
online education system project report
 
Flipkart Software Requirements Specification (SRS)
Flipkart Software Requirements Specification (SRS)Flipkart Software Requirements Specification (SRS)
Flipkart Software Requirements Specification (SRS)
 
Visio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowVisio Diagram of a user SSO Flow
Visio Diagram of a user SSO Flow
 
Project report college information management system on Advanced Java
Project report college information management system on Advanced JavaProject report college information management system on Advanced Java
Project report college information management system on Advanced Java
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best Practices
 
Cab booking system india
Cab booking system indiaCab booking system india
Cab booking system india
 
Component Diagram
Component DiagramComponent Diagram
Component Diagram
 
Interfaces & Packages V2
Interfaces & Packages V2Interfaces & Packages V2
Interfaces & Packages V2
 
Car rental system_newfinal2
Car rental system_newfinal2Car rental system_newfinal2
Car rental system_newfinal2
 
Online Examination System with remote proctoring
Online Examination System with remote proctoringOnline Examination System with remote proctoring
Online Examination System with remote proctoring
 
Attendance Management Report 2016
Attendance Management Report 2016Attendance Management Report 2016
Attendance Management Report 2016
 
SOA Principles : 5. service abstraction
SOA Principles : 5. service abstractionSOA Principles : 5. service abstraction
SOA Principles : 5. service abstraction
 
Minor project Report for "Quiz Application"
Minor project Report for "Quiz Application"Minor project Report for "Quiz Application"
Minor project Report for "Quiz Application"
 
IBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparisonIBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparison
 
car rental management system project
car rental management system project car rental management system project
car rental management system project
 
Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document) Srs (Software Requirement Specification Document)
Srs (Software Requirement Specification Document)
 
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis OverviewSAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis Overview
 

Similar to Design Pattern for Federated Single Sign-On Access

SharePoint Connector – Setup and Configuration
SharePoint Connector – Setup and ConfigurationSharePoint Connector – Setup and Configuration
SharePoint Connector – Setup and ConfigurationAdobe
 
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...Cisco Canada
 
Taking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security ModelTaking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security ModelSalesforce Developers
 
O2 Presentation Sdp Event
O2 Presentation Sdp EventO2 Presentation Sdp Event
O2 Presentation Sdp Eventjameskenney
 
Tech UG - Newcastle 09-17 - logic apps
Tech UG - Newcastle 09-17 - logic appsTech UG - Newcastle 09-17 - logic apps
Tech UG - Newcastle 09-17 - logic appsMichael Stephenson
 
Cisco SocialMiner Tools for Social Media Customer Care
Cisco SocialMiner Tools for Social Media Customer CareCisco SocialMiner Tools for Social Media Customer Care
Cisco SocialMiner Tools for Social Media Customer CareNatasha Kelly
 
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONIAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONForgeRock
 
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...Cisco Canada
 
Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...
Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...
Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...MongoDB
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricSpiffy
 
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...DevOps for Enterprise Systems
 
Sharksim Overview
Sharksim OverviewSharksim Overview
Sharksim Overviewtcoyle72
 
Impact 2013 2971 - Fundamental integration and service patterns
Impact 2013 2971 - Fundamental integration and service patternsImpact 2013 2971 - Fundamental integration and service patterns
Impact 2013 2971 - Fundamental integration and service patternsBrian Petrini
 
Syllabus for Technical courses
Syllabus for Technical coursesSyllabus for Technical courses
Syllabus for Technical coursesMontek1Learning
 
Lead Allocation System - Attribute Driven Design (ADD)
Lead Allocation System - Attribute Driven Design (ADD)Lead Allocation System - Attribute Driven Design (ADD)
Lead Allocation System - Attribute Driven Design (ADD)Amin Bandeali
 

Similar to Design Pattern for Federated Single Sign-On Access (20)

SharePoint Connector – Setup and Configuration
SharePoint Connector – Setup and ConfigurationSharePoint Connector – Setup and Configuration
SharePoint Connector – Setup and Configuration
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
 
Taking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security ModelTaking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security Model
 
O2 Presentation Sdp Event
O2 Presentation Sdp EventO2 Presentation Sdp Event
O2 Presentation Sdp Event
 
Tech UG - Newcastle 09-17 - logic apps
Tech UG - Newcastle 09-17 - logic appsTech UG - Newcastle 09-17 - logic apps
Tech UG - Newcastle 09-17 - logic apps
 
Architecting Multi-Org Solutions
Architecting Multi-Org SolutionsArchitecting Multi-Org Solutions
Architecting Multi-Org Solutions
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
 
Saas security
Saas securitySaas security
Saas security
 
Cisco SocialMiner Tools for Social Media Customer Care
Cisco SocialMiner Tools for Social Media Customer CareCisco SocialMiner Tools for Social Media Customer Care
Cisco SocialMiner Tools for Social Media Customer Care
 
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONIAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
 
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
 
Sindhumathi Vellaidurai
Sindhumathi VellaiduraiSindhumathi Vellaidurai
Sindhumathi Vellaidurai
 
Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...
Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...
Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App Fabric
 
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
 
Sharksim Overview
Sharksim OverviewSharksim Overview
Sharksim Overview
 
Impact 2013 2971 - Fundamental integration and service patterns
Impact 2013 2971 - Fundamental integration and service patternsImpact 2013 2971 - Fundamental integration and service patterns
Impact 2013 2971 - Fundamental integration and service patterns
 
Syllabus for Technical courses
Syllabus for Technical coursesSyllabus for Technical courses
Syllabus for Technical courses
 
Lead Allocation System - Attribute Driven Design (ADD)
Lead Allocation System - Attribute Driven Design (ADD)Lead Allocation System - Attribute Driven Design (ADD)
Lead Allocation System - Attribute Driven Design (ADD)
 

More from Mike Reams

Design Pattern Logical Model
Design Pattern Logical ModelDesign Pattern Logical Model
Design Pattern Logical ModelMike Reams
 
Knowledge Transfer Training Presentation for Identity Lifecycle Manager
Knowledge Transfer Training Presentation for Identity Lifecycle ManagerKnowledge Transfer Training Presentation for Identity Lifecycle Manager
Knowledge Transfer Training Presentation for Identity Lifecycle ManagerMike Reams
 
Mobile user single sign on flow
Mobile user single sign on flowMobile user single sign on flow
Mobile user single sign on flowMike Reams
 
Solution Delivery Calendar
Solution Delivery CalendarSolution Delivery Calendar
Solution Delivery CalendarMike Reams
 
Environment Gap Analysis for Applications
Environment Gap Analysis for ApplicationsEnvironment Gap Analysis for Applications
Environment Gap Analysis for ApplicationsMike Reams
 
Perimeter Protected Access Design Pattern
Perimeter Protected Access Design PatternPerimeter Protected Access Design Pattern
Perimeter Protected Access Design PatternMike Reams
 
Design Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningDesign Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningMike Reams
 
Retiree Data Flow Diagram
Retiree Data Flow DiagramRetiree Data Flow Diagram
Retiree Data Flow DiagramMike Reams
 
Series of Visual Flow Diagrams
Series of Visual Flow DiagramsSeries of Visual Flow Diagrams
Series of Visual Flow DiagramsMike Reams
 
High-level Architecture viewpoint of a Troux Infrastructure
High-level Architecture viewpoint of a Troux InfrastructureHigh-level Architecture viewpoint of a Troux Infrastructure
High-level Architecture viewpoint of a Troux InfrastructureMike Reams
 
Visio Diagram Scripting and Server Management flow
Visio Diagram Scripting and Server Management flowVisio Diagram Scripting and Server Management flow
Visio Diagram Scripting and Server Management flowMike Reams
 
Visio Diagram for Configuration Management
Visio Diagram for Configuration ManagementVisio Diagram for Configuration Management
Visio Diagram for Configuration ManagementMike Reams
 
User Flow swim-lane Diagram for New Hire
User Flow swim-lane Diagram for New Hire User Flow swim-lane Diagram for New Hire
User Flow swim-lane Diagram for New Hire Mike Reams
 
Architecture Design Presentation for OIM
Architecture Design Presentation for OIMArchitecture Design Presentation for OIM
Architecture Design Presentation for OIMMike Reams
 
Sample Template for Single Sign-On (SSO)
Sample Template for Single Sign-On (SSO)Sample Template for Single Sign-On (SSO)
Sample Template for Single Sign-On (SSO)Mike Reams
 
Visual representation as an architectural artifact
Visual representation as an architectural artifactVisual representation as an architectural artifact
Visual representation as an architectural artifactMike Reams
 

More from Mike Reams (16)

Design Pattern Logical Model
Design Pattern Logical ModelDesign Pattern Logical Model
Design Pattern Logical Model
 
Knowledge Transfer Training Presentation for Identity Lifecycle Manager
Knowledge Transfer Training Presentation for Identity Lifecycle ManagerKnowledge Transfer Training Presentation for Identity Lifecycle Manager
Knowledge Transfer Training Presentation for Identity Lifecycle Manager
 
Mobile user single sign on flow
Mobile user single sign on flowMobile user single sign on flow
Mobile user single sign on flow
 
Solution Delivery Calendar
Solution Delivery CalendarSolution Delivery Calendar
Solution Delivery Calendar
 
Environment Gap Analysis for Applications
Environment Gap Analysis for ApplicationsEnvironment Gap Analysis for Applications
Environment Gap Analysis for Applications
 
Perimeter Protected Access Design Pattern
Perimeter Protected Access Design PatternPerimeter Protected Access Design Pattern
Perimeter Protected Access Design Pattern
 
Design Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningDesign Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity Provisioning
 
Retiree Data Flow Diagram
Retiree Data Flow DiagramRetiree Data Flow Diagram
Retiree Data Flow Diagram
 
Series of Visual Flow Diagrams
Series of Visual Flow DiagramsSeries of Visual Flow Diagrams
Series of Visual Flow Diagrams
 
High-level Architecture viewpoint of a Troux Infrastructure
High-level Architecture viewpoint of a Troux InfrastructureHigh-level Architecture viewpoint of a Troux Infrastructure
High-level Architecture viewpoint of a Troux Infrastructure
 
Visio Diagram Scripting and Server Management flow
Visio Diagram Scripting and Server Management flowVisio Diagram Scripting and Server Management flow
Visio Diagram Scripting and Server Management flow
 
Visio Diagram for Configuration Management
Visio Diagram for Configuration ManagementVisio Diagram for Configuration Management
Visio Diagram for Configuration Management
 
User Flow swim-lane Diagram for New Hire
User Flow swim-lane Diagram for New Hire User Flow swim-lane Diagram for New Hire
User Flow swim-lane Diagram for New Hire
 
Architecture Design Presentation for OIM
Architecture Design Presentation for OIMArchitecture Design Presentation for OIM
Architecture Design Presentation for OIM
 
Sample Template for Single Sign-On (SSO)
Sample Template for Single Sign-On (SSO)Sample Template for Single Sign-On (SSO)
Sample Template for Single Sign-On (SSO)
 
Visual representation as an architectural artifact
Visual representation as an architectural artifactVisual representation as an architectural artifact
Visual representation as an architectural artifact
 

Recently uploaded

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfalexjohnson7307
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfChristopherTHyatt
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...Product School
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 

Recently uploaded (20)

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 

Design Pattern for Federated Single Sign-On Access

  • 1. Federated Enterprise Single Sign-On Architecture Design Pattern – Tier 1 Solution Building Block Version: 1.0 Author: Mike Reams Last Modified: Design Pattern Federated Single Sign-On (SSO) A Design Pattern provides a scheme for refining the subsystems or components of a software system, or the relationships between them. It describes commonly recurring structure of communicating components that solves a general design problem within a particular context . Architectural patterns are similar to software design patterns but have a broader scope. The architectural patterns address various issues in software engineering, such as computer hardware performance limitations, high availability and minimization of a business risk. Federated SSO The Industry Standard is SAML 2.0 with Organizational Standard of assertions use SAML 2.0 Post Bindings. Supported use cases are (1) IdP Initiated; (2) SP Initiated; (3)IdP Trusted; (4) SP Real-Time Registration; Preference is to Sign both the SAML Assertion Request & Response. With PII data, entire xml must be encrypted end-to-end over the SOAP channel. SP=Service Provider | IdP=Identity Provider Architecture Domain(s) Identity Management | Security | Middleware Web Server (SP) Access Manager Access Policy General Architecture Assertion Consumer Service (ACS) Service Provider Service Provider Initiated (SP) Web Service Metadata Exchange Invokes IdPInvokes SP Identity Provider 4. IdP posts SAML Response with 10 digit ID SP Trusted User IdP Trusted User Guest User Service Provider B. Certificate & URI exchange (Build Trust) 1. User invokes a Service Provider (SP) protected URL 2. SP sends user to IdP with SAML Redirect Post Request 3. User enters credentials on IdP Login page 1. User invokes IdP protected application A. Identity Exchange 6. SP grants authorization Application 5b. SP trusted user is redirected with an IdM SAML assertion to access SP 3. User enters credentials on IdP Login page 2. IdP sends guest user to Login page (challenge URL) Assertion Consumer Service (ACS) 4. IdP posts SAML Request with a valid 10 digit ID Application 6. IdP user is authorized w/ token to access SP 5a. SP trusted user is registered real-time if not found 5. IdP Creates token for On-Prem Access