SlideShare a Scribd company logo

Open am and_radiantone

J
Jose R
1 of 6
Download to read offline
TM USE CASE: RADIANTONE AND OPENAM Deliver Scalable Federated Identity—At a Fraction of Time and Cost www.radiantlogic.com | 877.727.6442 © Copyright 2012 Radiant Logic, Inc. All rights reserved. Page 1 Providing a Single Source of Aggregated Identity Data Extending single sign-on across your mobile, social or cloud applications is now a must for most IT departments—but there’s just one problem. Identity data, passwords, and attributes are scattered across many directories and data silos, using a mix of standards and security means. For most companies, such a complex identity infrastructure used to mean either sinking months of manpower and piles of cash into an unwieldy infrastructure overhaul, or bringing in an “Identity Management stack” from large vendors that only partially addresses the problem, yet eats a big chunk of the budget. Now there’s a better solution. Market leaders Radiant Logic and ForgeRock work in tandem to deliver a complete web access management (WAM) and Federation solution, for heterogeneous and distributed identity systems —at the best value point on the market. By combining innovative commercial open source Web Access Management (WAM) with a federated identity service based on virtualization, you can unify your identity silos into a one common LDAP identity store, radically simplifying a complex environment. Radiant Logic and ForgeRock’s solution enables your users to securely connect to your mobile, social and cloud applications or portal, without disrupting the identity ecosystem that you’ve already built. Together, Radiant Logic and ForgeRock provide an agile, integrated solution that’s simple to implement and architected from the ground up for Internet Scale. ▲▲ ForgeRock OpenAM is the only “All-in- One” Access Management solution that includes SSO, Authorization, Federation, Entitlements, Adaptive Authentication, Strong Authentication, and Web Services Security in a single, unifi ed product. It is the only developer-friendly access control solution to use a single, common programming interface (REST) that’s easy to invoke. ▲▲ Radiant Logic’s Federated Identity Service links identity information and attributes stored across the enterprise, cloud, and federated environments. By abstracting identity out of disparate, heterogeneous sources, and into a common, interoperable service, RadiantOne creates a virtual identity hub for many initiatives. It enables faster deployments, lower integration costs, fl exibility you need to navigate changing business requirements.
TM USE CASE: RADIANTONE AND OPENAM Challenge Achieving SSO with Distributed Identity Sources and a Heterogeneous Environment Federation deployments are often focused on the security layer, and which protocols to use for which purpose. However, the layer behind the scenes—that heterogeneous and highly distributed tangle of existing identity sources—continues to be a signifi cant hurdle to achieving true single sign-on. For example, when it comes to SAML, the job of the federation layer is to route all authentication requests from the federated applications to one (or more) identity provider (IdP)—and that’s where it stops. The implementation of the identity provider is your problem to solve. The IdP is supposed to receive the authentication request, try to authenticate the user, then either allow or deny access. But this becomes increasingly diffi cult when you have multiple sources of identity and authentication in the mix. Many of today’s complex enterprises face the following challenges when it comes to providing single sign-on: ▲▲ Multiple identity silos such as Active Directory domains and forests, LDAP directories, SQL databases, or even application repositories, such www.radiantlogic.com | 877.727.6442 © Copyright 2012 Radiant Logic, Inc. All rights reserved. Page 2 as Salesforce and Google Apps. ▲▲ Multitude protocols and connections (including LDAP, JDBC, or web services). ▲▲ Attributes and passwords or other credentials stored locally in disparate sources.
TM USE CASE: RADIANTONE AND OPENAM .Authentication With many identity silos and proprietary identity stores belonging to each application, there are typically many password repositories. Even the protocols used to reach each source are different and may include LDAP, SQL, or web services. In order to provide single sign-on using OpenAM, you have to navigate all these distributed sources. If your system can’t fi nd the correct user in the appropriate identity store and get the corresponding login credentials to the application, you can’t deliver single sign-on. And without SSO, your users have to keep track of multiple login names, and go through numerous password resets and calls to the helpdesk. Authorization Commonly used to protect URLs, page objects, or possibly the scope of a web page, authorization is based on policy. These policies are commonly enforced through user attributes. Enforcement can be done locally—inside the application—or centralized through your IAM solution. This is also a problem when attributes are scattered across disparate resources. Your IAM tool needs to know which attributes belong to which user, and policy enforcement may require user attributes stored in a variety of repositories. While OpenAM is equipped with a XACML authorization engine, without a way to unify user attributes, it’s limited in its ability to enforce policy at a granular level. The ideal solution to the problem of scattered identities, passwords, and attributes would be a central identity store, with constantly updated information. www.radiantlogic.com | 877.727.6442 © Copyright 2012 Radiant Logic, Inc. All rights reserved. Page 3
TM USE CASE: RADIANTONE AND OPENAM Solution A Common Access Point Powered by a Federated Identity Service In order to provide SSO, you need a centralized access solution for all applications and identities. By providing an access hub between a variety of applications and identity stores, Radiant Logic and ForgeRock combine two technologies to allow seamless authentication between all sources. So all your applications—web, cloud, mobile, and more—can connect to ForgeRock OpenAM, and ensure they’re relying on the right identity and login credentials thanks to the RadiantOne federated identity service. This connection can be made using a variety of methods. These range from policy agents, to WS* and REST API’s, , to proxy technology. Whatever the application requests, the combined solution can provide the identity information using the applications’ preferred connection method. VDS + OpenAM Reduces Complexity VDS create a single connection to OpenAM using LDAPv3, completely hiding the attribute distribution and password information. It’s a solution that’s fully supported without any customization on the level of OpenAM, guaranteeing scalability and high availability. The solution works in three steps: 1. Enable authentication and SSO across multiple sources by building a union list with no duplicates. Federated identity service works by creating a hub that unites all of the identity information stored within individual data sources—LDAP directories, SQL databases, AD forests, or almost any other fi le format—into one virtualized directory. Then all these identity sources are inventoried to pull their data into the new virtual directory in a coherent way. The virtualization engine creates an authoritative global list of all users across the system, and unifi es overlapping user representation. It tags each user with a unique identifi er and correlates those identifi ers across silos (regardless of format), creating a single global list of all users in the network, without collision. So there’s no need to build scripts directing authentication toward different data repositories. Now users from different identity stores, including multiple AD forests, are all accessible via the same common list. www.radiantlogic.com | 877.727.6442 © Copyright 2012 Radiant Logic, Inc. All rights reserved. Page 4
TM USE CASE: RADIANTONE AND OPENAM 2. Support attribute-driven authorization via joining to create global user profi les. After creating a union list of users, a join is performed to extend each user profi le with attributes stored in multiple identity sources. This enables custom user views based on any attribute in any identity source, or a complete view of a single user with all attributes across all sources. These joined attributes complete the user profi le that RadiantOne hands to ForgeRock’s OpenAM, translating exactly the attributes the federation wants, in the credential format it demands, for each authentication or authorization request. Since these user profi les join all the attributes from each data 3. Provide one access point for ForgeRock OpenAM Thanks to the union and join operation performed by the RadiantOne VDS, OpenAM can access a single connection to one virtual identity store. This enables OpenAM to receive the identifi ers and credentials it needs in order to provide single sign-on to cloud, web, and legacy applications; reverse proxy services; or even mobile devices. A variety of authentication methods can be used, including WS* and REST APIs, policy agents, , and password replay, depending on what the application is expecting. www.radiantlogic.com | 877.727.6442 © Copyright 2012 Radiant Logic, Inc. All rights reserved. Page 5 source, you easily can perform much more fi ne-grained authorizations.
TM USE CASE: RADIANTONE AND OPENAM Benefits of the RadiantOne and ForgeRock Solution ▲▲ Open source offers great value with exceptional service delivery and support. ▲▲ One single user store connection for ForgeRock OpenAM. ▲▲ Range of APIs enable the developer to choose the best option. ▲▲ Does not disrupt current deployments. ▲▲ Intuitive, wizard-driven work process. ▲▲ Fully supported, scalable, and highly available. ▲▲ Faster deployment times for new applications. About RadiantOne Radiant Logic, Inc. is the market-leading provider of identity virtualization solutions. Since pioneering the first virtual directory, Radiant Logic has evolved its groundbreaking technology into a complete federated identity service, enabling Fortune 1000 companies to solve their toughest identity management challenges. Using model-driven virtualization technology, the RadiantOne federated identity service builds customizable views from disparate data silos, streamlining authentication and authorization for identity management, context-driven applications, and cloud-based infrastructures. Organizations in a wide range of sectors rely on RadiantOne to deliver quick ROI by reducing administrative effort, simplifying integration tasks, and enabling future identity and data management initiatives. www.radiantlogic.com | 877.727.6442 © Copyright 2012 Radiant Logic, Inc. All rights reserved. Page 6 Contact Us To find out more about Radiant Logic, please call us at 1.877.727.6442, email us at info@radiantlogic.com, or visit www.radiantlogic.com.

Recommended

816isdfo
816isdfo816isdfo
816isdfoAnil Pandey
 
Shmat ccs12
Shmat ccs12Shmat ccs12
Shmat ccs12Rahul Sule
 
70 346 Managing office 365 identities
70 346 Managing office 365 identities70 346 Managing office 365 identities
70 346 Managing office 365 identitiesclounoud
 
InfoRouter Document Management Software Technical Presentation
InfoRouter Document Management Software Technical PresentationInfoRouter Document Management Software Technical Presentation
InfoRouter Document Management Software Technical PresentationActive Innovations, Inc - infoRouter
 
sharepoint.microsoft.com
sharepoint.microsoft.comsharepoint.microsoft.com
sharepoint.microsoft.comwebhostingguy
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEcscpconf
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huangKen Huang
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityWSO2
 

Recommended

816isdfo
816isdfo816isdfo
816isdfoAnil Pandey
 
Shmat ccs12
Shmat ccs12Shmat ccs12
Shmat ccs12Rahul Sule
 
70 346 Managing office 365 identities
70 346 Managing office 365 identities70 346 Managing office 365 identities
70 346 Managing office 365 identitiesclounoud
 
InfoRouter Document Management Software Technical Presentation
InfoRouter Document Management Software Technical PresentationInfoRouter Document Management Software Technical Presentation
InfoRouter Document Management Software Technical PresentationActive Innovations, Inc - infoRouter
 
sharepoint.microsoft.com
sharepoint.microsoft.comsharepoint.microsoft.com
sharepoint.microsoft.comwebhostingguy
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEcscpconf
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huangKen Huang
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityWSO2
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
8.1.6 newsecurity features
8.1.6 newsecurity features8.1.6 newsecurity features
8.1.6 newsecurity featuresAnil Pandey
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)Luís Serra Libório
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
SwiftKnowledge Multitenancy
SwiftKnowledge MultitenancySwiftKnowledge Multitenancy
SwiftKnowledge MultitenancyPivotLogix
 
Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0Mohamed Atef
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm WorkshopMohamed Atef
 
Sim-webcast-part1-1aa
Sim-webcast-part1-1aaSim-webcast-part1-1aa
Sim-webcast-part1-1aaOracleIDM
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewEmpowerID
 
Design Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningDesign Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningMike Reams
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Securityguest2a5a03
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
Web Services Security - Short Report
Web Services Security - Short ReportWeb Services Security - Short Report
Web Services Security - Short ReportMuhammad Jawaid Shamshad
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager BasicsChekka Venkateshwar Rao
 
Openam misc
Openam miscOpenam misc
Openam miscJose R
 
Don't be tardy configure password expiration with open sso and identity mana...
Don't be tardy configure password expiration with open sso and identity mana...Don't be tardy configure password expiration with open sso and identity mana...
Don't be tardy configure password expiration with open sso and identity mana...Jose R
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study ForgeRock
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 

More Related Content

What's hot

How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
8.1.6 newsecurity features
8.1.6 newsecurity features8.1.6 newsecurity features
8.1.6 newsecurity featuresAnil Pandey
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)Luís Serra Libório
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
SwiftKnowledge Multitenancy
SwiftKnowledge MultitenancySwiftKnowledge Multitenancy
SwiftKnowledge MultitenancyPivotLogix
 
Sim-webcast-part1-1aa
Sim-webcast-part1-1aaSim-webcast-part1-1aa
Sim-webcast-part1-1aaOracleIDM
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewEmpowerID
 
Design Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningDesign Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningMike Reams
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Securityguest2a5a03
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 

What's hot (18)

How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
 
8.1.6 newsecurity features
8.1.6 newsecurity features8.1.6 newsecurity features
8.1.6 newsecurity features
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
 
SwiftKnowledge Multitenancy
SwiftKnowledge MultitenancySwiftKnowledge Multitenancy
SwiftKnowledge Multitenancy
 
Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm Workshop
 
Sim-webcast-part1-1aa
Sim-webcast-part1-1aaSim-webcast-part1-1aa
Sim-webcast-part1-1aa
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite Overview
 
Design Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningDesign Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity Provisioning
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Security
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
 
Web Services Security - Short Report
Web Services Security - Short ReportWeb Services Security - Short Report
Web Services Security - Short Report
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
 

Viewers also liked

Openam misc
Openam miscOpenam misc
Openam miscJose R
 
Don't be tardy configure password expiration with open sso and identity mana...
Don't be tardy configure password expiration with open sso and identity mana...Don't be tardy configure password expiration with open sso and identity mana...
Don't be tardy configure password expiration with open sso and identity mana...Jose R
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study ForgeRock
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 

Viewers also liked (7)

Openam misc
Openam miscOpenam misc
Openam misc
 
Don't be tardy configure password expiration with open sso and identity mana...
Don't be tardy configure password expiration with open sso and identity mana...Don't be tardy configure password expiration with open sso and identity mana...
Don't be tardy configure password expiration with open sso and identity mana...
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 

Similar to Open am and_radiantone

Open Identity Stack Roadmap
Open Identity Stack RoadmapOpen Identity Stack Roadmap
Open Identity Stack RoadmapForgeRock
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptxchelsi33
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfSahilSingh316535
 
LTS Secure Identity Management
LTS Secure Identity ManagementLTS Secure Identity Management
LTS Secure Identity Managementrver21
 
Identity Manager & AirWatch Cloud Mobile App - Infographic
Identity Manager & AirWatch Cloud Mobile App - InfographicIdentity Manager & AirWatch Cloud Mobile App - Infographic
Identity Manager & AirWatch Cloud Mobile App - InfographicVMware Academy
 
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...Abhishek Sood
 
Identity Management
Identity ManagementIdentity Management
Identity Managementrver21
 
Cloud Circle Talk - Enterprise Architecture, Cloud Computing and Integrations
Cloud Circle Talk - Enterprise Architecture, Cloud Computing and IntegrationsCloud Circle Talk - Enterprise Architecture, Cloud Computing and Integrations
Cloud Circle Talk - Enterprise Architecture, Cloud Computing and Integrationspaulfallon
 
LTS Secure Identity Management
LTS Secure Identity ManagementLTS Secure Identity Management
LTS Secure Identity Managementrver21
 
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Amazon Web Services
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
3 Building Blocks For Managing Cloud Applications Webinar
3 Building Blocks For Managing Cloud Applications Webinar3 Building Blocks For Managing Cloud Applications Webinar
3 Building Blocks For Managing Cloud Applications WebinarTodd Clayton
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followNCCOMMS
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarJohn Lewis
 
Con8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-finalCon8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-finalOracleIDM
 
Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2Ashnikbiz
 

Similar to Open am and_radiantone (20)

Saas security
Saas securitySaas security
Saas security
 
Open Identity Stack Roadmap
Open Identity Stack RoadmapOpen Identity Stack Roadmap
Open Identity Stack Roadmap
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptx
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdf
 
LTS Secure Identity Management
LTS Secure Identity ManagementLTS Secure Identity Management
LTS Secure Identity Management
 
Identity Manager & AirWatch Cloud Mobile App - Infographic
Identity Manager & AirWatch Cloud Mobile App - InfographicIdentity Manager & AirWatch Cloud Mobile App - Infographic
Identity Manager & AirWatch Cloud Mobile App - Infographic
 
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...
okta | Top 8 Identity and Access Management Challenges with Your SaaS Applica...
 
Identity Management
Identity ManagementIdentity Management
Identity Management
 
Cloud Circle Talk - Enterprise Architecture, Cloud Computing and Integrations
Cloud Circle Talk - Enterprise Architecture, Cloud Computing and IntegrationsCloud Circle Talk - Enterprise Architecture, Cloud Computing and Integrations
Cloud Circle Talk - Enterprise Architecture, Cloud Computing and Integrations
 
LTS Secure Identity Management
LTS Secure Identity ManagementLTS Secure Identity Management
LTS Secure Identity Management
 
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
 
3 Building Blocks For Managing Cloud Applications Webinar
3 Building Blocks For Managing Cloud Applications Webinar3 Building Blocks For Managing Cloud Applications Webinar
3 Building Blocks For Managing Cloud Applications Webinar
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
O365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to followO365con14 - moving from on-premises to online, the road to follow
O365con14 - moving from on-premises to online, the road to follow
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
 
Con8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-finalCon8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-final
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2
 

Open am and_radiantone

  • 1. TM USE CASE: RADIANTONE AND OPENAM Deliver Scalable Federated Identity—At a Fraction of Time and Cost www.radiantlogic.com | 877.727.6442 © Copyright 2012 Radiant Logic, Inc. All rights reserved. Page 1 Providing a Single Source of Aggregated Identity Data Extending single sign-on across your mobile, social or cloud applications is now a must for most IT departments—but there’s just one problem. Identity data, passwords, and attributes are scattered across many directories and data silos, using a mix of standards and security means. For most companies, such a complex identity infrastructure used to mean either sinking months of manpower and piles of cash into an unwieldy infrastructure overhaul, or bringing in an “Identity Management stack” from large vendors that only partially addresses the problem, yet eats a big chunk of the budget. Now there’s a better solution. Market leaders Radiant Logic and ForgeRock work in tandem to deliver a complete web access management (WAM) and Federation solution, for heterogeneous and distributed identity systems —at the best value point on the market. By combining innovative commercial open source Web Access Management (WAM) with a federated identity service based on virtualization, you can unify your identity silos into a one common LDAP identity store, radically simplifying a complex environment. Radiant Logic and ForgeRock’s solution enables your users to securely connect to your mobile, social and cloud applications or portal, without disrupting the identity ecosystem that you’ve already built. Together, Radiant Logic and ForgeRock provide an agile, integrated solution that’s simple to implement and architected from the ground up for Internet Scale. ▲▲ ForgeRock OpenAM is the only “All-in- One” Access Management solution that includes SSO, Authorization, Federation, Entitlements, Adaptive Authentication, Strong Authentication, and Web Services Security in a single, unifi ed product. It is the only developer-friendly access control solution to use a single, common programming interface (REST) that’s easy to invoke. ▲▲ Radiant Logic’s Federated Identity Service links identity information and attributes stored across the enterprise, cloud, and federated environments. By abstracting identity out of disparate, heterogeneous sources, and into a common, interoperable service, RadiantOne creates a virtual identity hub for many initiatives. It enables faster deployments, lower integration costs, fl exibility you need to navigate changing business requirements.
  • 2. TM USE CASE: RADIANTONE AND OPENAM Challenge Achieving SSO with Distributed Identity Sources and a Heterogeneous Environment Federation deployments are often focused on the security layer, and which protocols to use for which purpose. However, the layer behind the scenes—that heterogeneous and highly distributed tangle of existing identity sources—continues to be a signifi cant hurdle to achieving true single sign-on. For example, when it comes to SAML, the job of the federation layer is to route all authentication requests from the federated applications to one (or more) identity provider (IdP)—and that’s where it stops. The implementation of the identity provider is your problem to solve. The IdP is supposed to receive the authentication request, try to authenticate the user, then either allow or deny access. But this becomes increasingly diffi cult when you have multiple sources of identity and authentication in the mix. Many of today’s complex enterprises face the following challenges when it comes to providing single sign-on: ▲▲ Multiple identity silos such as Active Directory domains and forests, LDAP directories, SQL databases, or even application repositories, such www.radiantlogic.com | 877.727.6442 © Copyright 2012 Radiant Logic, Inc. All rights reserved. Page 2 as Salesforce and Google Apps. ▲▲ Multitude protocols and connections (including LDAP, JDBC, or web services). ▲▲ Attributes and passwords or other credentials stored locally in disparate sources.
  • 3. TM USE CASE: RADIANTONE AND OPENAM .Authentication With many identity silos and proprietary identity stores belonging to each application, there are typically many password repositories. Even the protocols used to reach each source are different and may include LDAP, SQL, or web services. In order to provide single sign-on using OpenAM, you have to navigate all these distributed sources. If your system can’t fi nd the correct user in the appropriate identity store and get the corresponding login credentials to the application, you can’t deliver single sign-on. And without SSO, your users have to keep track of multiple login names, and go through numerous password resets and calls to the helpdesk. Authorization Commonly used to protect URLs, page objects, or possibly the scope of a web page, authorization is based on policy. These policies are commonly enforced through user attributes. Enforcement can be done locally—inside the application—or centralized through your IAM solution. This is also a problem when attributes are scattered across disparate resources. Your IAM tool needs to know which attributes belong to which user, and policy enforcement may require user attributes stored in a variety of repositories. While OpenAM is equipped with a XACML authorization engine, without a way to unify user attributes, it’s limited in its ability to enforce policy at a granular level. The ideal solution to the problem of scattered identities, passwords, and attributes would be a central identity store, with constantly updated information. www.radiantlogic.com | 877.727.6442 © Copyright 2012 Radiant Logic, Inc. All rights reserved. Page 3
  • 4. TM USE CASE: RADIANTONE AND OPENAM Solution A Common Access Point Powered by a Federated Identity Service In order to provide SSO, you need a centralized access solution for all applications and identities. By providing an access hub between a variety of applications and identity stores, Radiant Logic and ForgeRock combine two technologies to allow seamless authentication between all sources. So all your applications—web, cloud, mobile, and more—can connect to ForgeRock OpenAM, and ensure they’re relying on the right identity and login credentials thanks to the RadiantOne federated identity service. This connection can be made using a variety of methods. These range from policy agents, to WS* and REST API’s, , to proxy technology. Whatever the application requests, the combined solution can provide the identity information using the applications’ preferred connection method. VDS + OpenAM Reduces Complexity VDS create a single connection to OpenAM using LDAPv3, completely hiding the attribute distribution and password information. It’s a solution that’s fully supported without any customization on the level of OpenAM, guaranteeing scalability and high availability. The solution works in three steps: 1. Enable authentication and SSO across multiple sources by building a union list with no duplicates. Federated identity service works by creating a hub that unites all of the identity information stored within individual data sources—LDAP directories, SQL databases, AD forests, or almost any other fi le format—into one virtualized directory. Then all these identity sources are inventoried to pull their data into the new virtual directory in a coherent way. The virtualization engine creates an authoritative global list of all users across the system, and unifi es overlapping user representation. It tags each user with a unique identifi er and correlates those identifi ers across silos (regardless of format), creating a single global list of all users in the network, without collision. So there’s no need to build scripts directing authentication toward different data repositories. Now users from different identity stores, including multiple AD forests, are all accessible via the same common list. www.radiantlogic.com | 877.727.6442 © Copyright 2012 Radiant Logic, Inc. All rights reserved. Page 4
  • 5. TM USE CASE: RADIANTONE AND OPENAM 2. Support attribute-driven authorization via joining to create global user profi les. After creating a union list of users, a join is performed to extend each user profi le with attributes stored in multiple identity sources. This enables custom user views based on any attribute in any identity source, or a complete view of a single user with all attributes across all sources. These joined attributes complete the user profi le that RadiantOne hands to ForgeRock’s OpenAM, translating exactly the attributes the federation wants, in the credential format it demands, for each authentication or authorization request. Since these user profi les join all the attributes from each data 3. Provide one access point for ForgeRock OpenAM Thanks to the union and join operation performed by the RadiantOne VDS, OpenAM can access a single connection to one virtual identity store. This enables OpenAM to receive the identifi ers and credentials it needs in order to provide single sign-on to cloud, web, and legacy applications; reverse proxy services; or even mobile devices. A variety of authentication methods can be used, including WS* and REST APIs, policy agents, , and password replay, depending on what the application is expecting. www.radiantlogic.com | 877.727.6442 © Copyright 2012 Radiant Logic, Inc. All rights reserved. Page 5 source, you easily can perform much more fi ne-grained authorizations.
  • 6. TM USE CASE: RADIANTONE AND OPENAM Benefits of the RadiantOne and ForgeRock Solution ▲▲ Open source offers great value with exceptional service delivery and support. ▲▲ One single user store connection for ForgeRock OpenAM. ▲▲ Range of APIs enable the developer to choose the best option. ▲▲ Does not disrupt current deployments. ▲▲ Intuitive, wizard-driven work process. ▲▲ Fully supported, scalable, and highly available. ▲▲ Faster deployment times for new applications. About RadiantOne Radiant Logic, Inc. is the market-leading provider of identity virtualization solutions. Since pioneering the first virtual directory, Radiant Logic has evolved its groundbreaking technology into a complete federated identity service, enabling Fortune 1000 companies to solve their toughest identity management challenges. Using model-driven virtualization technology, the RadiantOne federated identity service builds customizable views from disparate data silos, streamlining authentication and authorization for identity management, context-driven applications, and cloud-based infrastructures. Organizations in a wide range of sectors rely on RadiantOne to deliver quick ROI by reducing administrative effort, simplifying integration tasks, and enabling future identity and data management initiatives. www.radiantlogic.com | 877.727.6442 © Copyright 2012 Radiant Logic, Inc. All rights reserved. Page 6 Contact Us To find out more about Radiant Logic, please call us at 1.877.727.6442, email us at info@radiantlogic.com, or visit www.radiantlogic.com.