BriForum 2014 Boston
Dan Brinkmann presents on Identity Providers, SAML, and OAuth. An example of setting up Office 365 to use Active Directory Federation Services is also shown.
How do SAML, OpenID Connect and OAuth compare? How are they similar? Different? When do you use one or the other? For more info, also see my blog: http://gluu.co/oauth-saml-openid
BriForum 2014 Boston
Dan Brinkmann presents on Identity Providers, SAML, and OAuth. An example of setting up Office 365 to use Active Directory Federation Services is also shown.
How do SAML, OpenID Connect and OAuth compare? How are they similar? Different? When do you use one or the other? For more info, also see my blog: http://gluu.co/oauth-saml-openid
The Client is not always right! How to secure OAuth authentication from your...Mike Schwartz
The OpenID Connect or OAuth frameworks can be used to achieve a range of security levels. Properly used, it mitigates many risks. However, OpenID Connect’s flexibility, combined with its shared ontogeny with OAuth 2.0, creates opportunities for error--developers may not use (or even know about ) certain features necessary to achieve the transaction integrity they desire. The good news is that client software and middleware services can do some of the heavy lifting. You can have the best of both worlds--maximizing security and developer joy. Whether you’re a developer or security architect, what should you look for in an application that acts as an OpenID Connect client?
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLJ V
Alfresco Summit 2013 (Barcelona and Boston)
This talk will provide an introduction to the OASIS SAML standard (Security Assertion Markup Language) and then describe in detail how we use OpenSAML to provide secure SSO to Alfresco Cloud in a multi-tenant environment, both in terms of Share and the core Repository. We will demonstrate the steps required for an Enterprise Network Admin to setup a trusted SAML connection ('circle of trust') to their chosen Identity Provider (IdP) such as Centrify, Ping Identity, ForgeRock OpenAM (formerly Sun OpenSSO) or potentially any other type of IdP that supports SAML v2.0. We will also discuss possible future requirements and improvements.
http://summit.alfresco.com/boston/sessions/implementing-secure-single-sign-sso-opensaml
http://www.youtube.com/watch?v=KroIZa1co6g
Websites and applications are implementing social single sign-on to allow users to login using trusted authentication providers such as Google, Facebook, and even Salesforce. Join us to learn how to configure the OpenID Connect authentication provider to allow users to authenticate at Google to access a Salesforce environment. We'll also look at how you can relieve yourself of the burden of password management by having your web app login users via Salesforce.
In this session Novell technical support engineers will cover best practices guidelines for functionality and performance to proactively avoid problems in Novell Access Manager. They will discuss architecture issues and cover the flow of operation of key Access Manager components. Finally, they will describe key troubleshooting tips and tools to enable you to proactively avoid common issues, and solve them more quickly should they occur.
Speaker: Neil Cashell Technical Support Engineer
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
John Bradley, Ping Identity
Overview of the different participant rolls in OpenID Connect, how JSON Web Tokens (JWT) are used, how OpenID Connect provides both authentication and authorization tokens in a single flow, and how OpenID Connect can support Single Sign on for Native Applications.
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
SSO is not a new concept, even we’ve heard very much in your work or research. It's useful but it’s really belong to administration/management people? It's interesting for users but it's really complex and headache for someone implement it? Especially nowadays, we are in an age of Troika Computing: Cloud, Social Network, Mobile, Big data and federation problems. So, with being a professional organisation, or being a skilled member in development team, you will start from where? what is your knowledge about it? which methods will you choose to implement in your organisation? how to develop or intergrate to your customers' products? how does your organisation deploy to support customers and partners...
Using Federation to Simplify Access to SharePoint, SaaS and Partner ApplicationsNovell
Identity federation has become the standard method for delivering access to services across organizational boundaries. More recently, federation has become the preferred method for managing user access within Microsoft SharePoint environments.
In this session, you will get an overview of the federation capabilities in Novell Access Manager. Specifically, the presenters will provide an introduction to identity federation, cover basic setup and configuration, and show you how to enable federated access to Microsoft SharePoint and Google applications. No previous knowledge of federation standards is required for this session.
My slides from the Identity Protocol Smackdown session at Gartner Catalyst 2013. Ignite format - 20 slides, 15 seconds per slide. There are auto-builds on a few slides, so download and view in PowerPoint for the best experience.
Session I delivered at Oredev, with some updates, more detail, reviewing all of the security standards including ws-federation, saml, ws-trust, oauth,openID connect.
Outline :
Introduction of SSO
Need of SSO
Simple SSO process
Types of SSO
Architecture of web SSO system
Kerberos-Based Authentication
How it works?
Conclusion
References
These slides are supposed to help you understand the basics of application security, and how the latest technologies come together to enable you to reduce the number of times people at your organization need to authenticate.
For more information visit. http://gluu.org
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
With the proliferation of cloud applications, mobile devices, and the need to connect to external users, IT organizations are increasingly challenged with how to manage and gain transparency into user access to systems and applications. As your organization looks to deploy Identity in the cloud, it’s critical that this is backed by open-standards.
In this webinar, Chuck Mortimore, Pat Patterson, and Ian Glazer will give you a broad overview of how OpenID Connect can help better connect you with your customers, partners, apps, and devices
Key Takeaways
Get introduced to OpenID Connect, learn how it builds on top of OAuth, and discover why it’s an important new standard for your organization
Consume OpenID Connect from popular Identity providers with Social Sign-On
Provide a single, branded Identity to your own users and applications using OpenID Connect
Use OpenID Connect to easily build Identity-enabled mobile applications
Plan for the next generation of connected devices
Intended Audience
This webinar is aimed at a technical audience of administrators, developers, architects and business analysts who are wishing to learn more about Identity and Standards
Because the SAML Protocol is so foundational to the cloud identity software as a service Gluu provides, we wanted to lay out the basics of SAML for those interested.
The following can be thought of as a basic guide to getting you conversational with the SAML protocol.
The Client is not always right! How to secure OAuth authentication from your...Mike Schwartz
The OpenID Connect or OAuth frameworks can be used to achieve a range of security levels. Properly used, it mitigates many risks. However, OpenID Connect’s flexibility, combined with its shared ontogeny with OAuth 2.0, creates opportunities for error--developers may not use (or even know about ) certain features necessary to achieve the transaction integrity they desire. The good news is that client software and middleware services can do some of the heavy lifting. You can have the best of both worlds--maximizing security and developer joy. Whether you’re a developer or security architect, what should you look for in an application that acts as an OpenID Connect client?
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLJ V
Alfresco Summit 2013 (Barcelona and Boston)
This talk will provide an introduction to the OASIS SAML standard (Security Assertion Markup Language) and then describe in detail how we use OpenSAML to provide secure SSO to Alfresco Cloud in a multi-tenant environment, both in terms of Share and the core Repository. We will demonstrate the steps required for an Enterprise Network Admin to setup a trusted SAML connection ('circle of trust') to their chosen Identity Provider (IdP) such as Centrify, Ping Identity, ForgeRock OpenAM (formerly Sun OpenSSO) or potentially any other type of IdP that supports SAML v2.0. We will also discuss possible future requirements and improvements.
http://summit.alfresco.com/boston/sessions/implementing-secure-single-sign-sso-opensaml
http://www.youtube.com/watch?v=KroIZa1co6g
Websites and applications are implementing social single sign-on to allow users to login using trusted authentication providers such as Google, Facebook, and even Salesforce. Join us to learn how to configure the OpenID Connect authentication provider to allow users to authenticate at Google to access a Salesforce environment. We'll also look at how you can relieve yourself of the burden of password management by having your web app login users via Salesforce.
In this session Novell technical support engineers will cover best practices guidelines for functionality and performance to proactively avoid problems in Novell Access Manager. They will discuss architecture issues and cover the flow of operation of key Access Manager components. Finally, they will describe key troubleshooting tips and tools to enable you to proactively avoid common issues, and solve them more quickly should they occur.
Speaker: Neil Cashell Technical Support Engineer
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
John Bradley, Ping Identity
Overview of the different participant rolls in OpenID Connect, how JSON Web Tokens (JWT) are used, how OpenID Connect provides both authentication and authorization tokens in a single flow, and how OpenID Connect can support Single Sign on for Native Applications.
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
SSO is not a new concept, even we’ve heard very much in your work or research. It's useful but it’s really belong to administration/management people? It's interesting for users but it's really complex and headache for someone implement it? Especially nowadays, we are in an age of Troika Computing: Cloud, Social Network, Mobile, Big data and federation problems. So, with being a professional organisation, or being a skilled member in development team, you will start from where? what is your knowledge about it? which methods will you choose to implement in your organisation? how to develop or intergrate to your customers' products? how does your organisation deploy to support customers and partners...
Using Federation to Simplify Access to SharePoint, SaaS and Partner ApplicationsNovell
Identity federation has become the standard method for delivering access to services across organizational boundaries. More recently, federation has become the preferred method for managing user access within Microsoft SharePoint environments.
In this session, you will get an overview of the federation capabilities in Novell Access Manager. Specifically, the presenters will provide an introduction to identity federation, cover basic setup and configuration, and show you how to enable federated access to Microsoft SharePoint and Google applications. No previous knowledge of federation standards is required for this session.
My slides from the Identity Protocol Smackdown session at Gartner Catalyst 2013. Ignite format - 20 slides, 15 seconds per slide. There are auto-builds on a few slides, so download and view in PowerPoint for the best experience.
Session I delivered at Oredev, with some updates, more detail, reviewing all of the security standards including ws-federation, saml, ws-trust, oauth,openID connect.
Outline :
Introduction of SSO
Need of SSO
Simple SSO process
Types of SSO
Architecture of web SSO system
Kerberos-Based Authentication
How it works?
Conclusion
References
These slides are supposed to help you understand the basics of application security, and how the latest technologies come together to enable you to reduce the number of times people at your organization need to authenticate.
For more information visit. http://gluu.org
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
With the proliferation of cloud applications, mobile devices, and the need to connect to external users, IT organizations are increasingly challenged with how to manage and gain transparency into user access to systems and applications. As your organization looks to deploy Identity in the cloud, it’s critical that this is backed by open-standards.
In this webinar, Chuck Mortimore, Pat Patterson, and Ian Glazer will give you a broad overview of how OpenID Connect can help better connect you with your customers, partners, apps, and devices
Key Takeaways
Get introduced to OpenID Connect, learn how it builds on top of OAuth, and discover why it’s an important new standard for your organization
Consume OpenID Connect from popular Identity providers with Social Sign-On
Provide a single, branded Identity to your own users and applications using OpenID Connect
Use OpenID Connect to easily build Identity-enabled mobile applications
Plan for the next generation of connected devices
Intended Audience
This webinar is aimed at a technical audience of administrators, developers, architects and business analysts who are wishing to learn more about Identity and Standards
Because the SAML Protocol is so foundational to the cloud identity software as a service Gluu provides, we wanted to lay out the basics of SAML for those interested.
The following can be thought of as a basic guide to getting you conversational with the SAML protocol.
What is SAML , How does SAML Works , request and Response , Enterprise and Web SSO, Advantages and Disadvantages of SSO, What is SSO, Single Sign On, Security Assertion Mark-up language.
This is a draft presentation about connecting IMS Learning Tools Interoperability and a SAML / Shibboleth SSO system. SAML and LTI are not direct replacements for each other. This presentation shows a design as to how they can work together to lead to a result that is better for the end user than when either is used separately.
This is a draft and comments are welcome.
A Development session led by Technical Enablement Lead Bert Van Beeck
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
Sham Hassan Chikkegowda, CS Engineer, and Timothee Maret, Senior Developer, of Adobe provide a review of using Security Assertion Markup Language (SAML) with your Experience Manager deployments. SAML is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee. To watch the session on demand at http://bit.ly/AEMGems72016 or the MP4 version http://bit.ly/AEMGem72016
I den här presentationen diskuteras begreppet tjänsteplattform, e-tjänsteplattform, "kommunal tjänsteplattform" och vad den plattformen egentligen behöver innehålla för att svara upp mot en hållbar e-utveckling.
Med hållbar avses här att göra rätt från början, att inte måla in sig i ett hörn, att inte hamna i en återvändsgränd - bara för att man inte hade hela bilden klart för sig när man startade.
Och det går att börja smått, ändå. Med enkla e-tjänster.
Technologies that are being used together to secure RESTful APIs: SAML (and eventually OpenID Connect), OAuth, SCIM, and the JSON Identity Protocol Suite (esp. JWT).
Discussion how these technologies can be combined to provide enterprise grade security for APIs and put this need into the broader context.
CIS14: Creating a Federated Identity Service for Better SSOCloudIDSummit
Matt Tatro, Denise Lores, Wade Ellery
Radiant Logic
How to avoid building half an Enterprise IdP; demonstration of how to create a federated identity service that will complement and improve your SSO by aggregating all of your identity silos into an enterprise IdP.
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?Scott Hoag
Office 365 brings a host of productivity options, but one of the most overlooked components is how we'll authenticate to The Cloud™. With Microsoft Azure Active Directory driving access and authentication to our Office 365 tenants, it is important to understand how we can interact with it. Join us as we explore Cloud Identity, identity federation, directory synchronisation, and most importantly Azure and its impacts on user experience and access Office 365. Throughout this session, we'll answer the questions that impact you and how your decisions around identity shape your Office 365 experience.
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...ITProceed
Active Directory Federation Services (AD FS) is the Microsoft technology to bridge your on-premises Identity systems towards cloud Identity providers like Azure Active Directory. Colleagues depend on a reliable, yet cost effective deployment of AD FS and it’s our jobs as IT Pros to make it happen. This session covers the 10 most common mistakes we see in the field In organizations that have deployed AD FS and performed a hybrid identity deployment. Learn from their mistakes, so you don’t have to make them.
SYDSP - Office 365 and Cloud Identity - What does it mean for me?Scott Hoag
Office 365 brings a host of productivity options, but one of the most overlooked components is how we'll authenticate to The Cloud™. With Microsoft Azure Active Directory driving access and authentication to our Office 365 tenants, it is important to understand how we can interact with it. Join us as we explore Cloud Identity, identity federation, directory synchronisation, and most importantly Azure and its impacts on user experience and access Office 365. Throughout this session, we'll answer the questions that impact you and how your decisions around identity shape your Office 365 experience.
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?Scott Hoag
Office 365 brings a host of productivity options, but one of the most overlooked components is how we'll authenticate to the Cloud. With Azure Active Directory (AAD) driving access and authentication to our Office 365 tenants, it is important to understand how we can interact with it. Join us as we explore Cloud Identity, Identity Federation, Directory Synchronization and most importantly Azure and its impacts on user experience and access of Office 365. Throughout this session, we'll answer the questions that impact you and how your decisions around identity shape your Office 365 experiences.
Similar to SAML and Other Types of Federation for Your Enterprise (20)
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....Denis Gundarev
Imagine that you just found the new job of your dreams: You are now a system administrator in a large enterprise. Everything is going like clockwork, except for one major problem: There are 5 different versions of Presentation Server in use and there is no documentation for any system. Now imagine you are a consultant ready to do an assessment of Citrix infrastructure, but nobody in the company knows how many farms and servers exist, or how they are configured. (Wanting a new imaginary job yet?) In this session, Denis Gundarev will share tips on how to document infrastructure and tricks on how to find all components or users that are "forgotten." Attendees will learn several methods for elevating permissions and taking ownership of forgotten systems.
На Citrix Synergy был представлен XenDesktop 5, как всегда, в пресс-релизах все стало лучше, быстрее, сильнее и чудесатее. Данный доклад поможет разобраться в деталях
Обратная сторона облака Чтобы Вы не витали в облаках от рассказов вендоров, настоящий практик – Антон Жбанков, гордо носящий титул vExpert расскажет про проблемы при внедрении «виртуализации всего» и опыт их решения в докладе «Обратная сторона Облака»
RUCUG: 4. Brian Madden:Terminal Services или VDI, что сейчас происходит с des...Denis Gundarev
Brian Madden, один из самых известных независимых экспертов по Citrix, RDS и Server-Based Computing. Брайан расскажет про парадокс имени себя и про борьбу «классиков» (Terminal Services) с «Современниками» (VDI). А также про то, почему проваливаются VDI проекты, и как этого избежать
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
5. @fdwl #BriForum @entisys
Identity and Account Management Basics
Identity Management (IdM) describes the
management of individual principals,
their authentication, authorization, and
privileges within enterprise
Integral components of identity and
access management:
Identification
Authentication
Authorization
7. @fdwl #BriForum @entisys
Entity vs Identity vs Credential vs Attribute
Entity
• Person
• Computer
Identity
• Active
Directory
Account
• Passport
Number
• Serial
Number
Credential
• Passport
• Credit Card
• Kerberos
token
Attribute
• Address
• Qualification
• Criminal
record
8. @fdwl #BriForum @entisys
Attribute Assertion
An attribute assertion is a claim made by someone (the asserter) that a particular person
possesses a particular attribute.
College can confirm that person is graduated.
Active Directory can confirm that password is correct
A digitally signed attribute assertion = authorization credential.
Source: David W Chadwick Federated Identity Management http://kar.kent.ac.uk/30609/1/FederatedIdManChapter.pdf
9. @fdwl #BriForum @entisys
Credential Types
Credentials Authenticity
Credentials Not been tampered
Received exactly as issued by the issuing
authority
Digitally signed to prove authenticity
Credentials Validity
Monopoly money is authentic if obtained
from the Monopoly game pack.
valid for buying stuff in the game
NOT valid in a grocery store
Credit card is an authentic credential.
Valid in Marks & Spencer
Not valid in a fisherman village in the
middle of nowhere during the night
Source: David W Chadwick Federated Identity Management http://kar.kent.ac.uk/30609/1/FederatedIdManChapter.pdf
10. @fdwl #BriForum @entisys
What is Federation?
A set of standards-based technology & IT processes
to facilitate distributed identification, authentication
& authorization across boundaries (security,
departmental, organizational or platform).
12. @fdwl #BriForum @entisys
Federation Example
Facebook perform authentication and
generate a signed attributes assertion
with user name and unique user ID
Digg maintain a user database and
authorization
13. @fdwl #BriForum @entisys
Why Do I Need Federation?
Provide access to your applications to suppliers or partners
Quickly onboard acquired organization
Provide access for temporary workers by using “bring your own identity” model
Service Providers
14. @fdwl #BriForum @entisys
Can’t I Just Create User Accounts?
More work for you
Less security for your network
No control over the user population
15. @fdwl #BriForum @entisys
Can’t I Just Use Forest Trusts?
Network connection between partners
User principal name (UPN) suffixes, service
principal name (SPN) suffixes, and security
ID (SID) namespaces are replicated
DNS configuration is required
16. @fdwl #BriForum @entisys
Benefits of Federation
Better Access Experience
Single sign-on across networks & organizational boundaries
Increased Security & Simpler Administration
Heightened identity assurance
No passwords involved
Account de-activation is handled by the account partner
Account partner can easily be disabled at the organizational level
Strong authentication such as user certificates or OTP tokens can be layered on top of federation
claim
18. @fdwl #BriForum @entisys
SAML
SAML – Security Assertions Markup Language
XML-based security specification for exchanging authentication and authorization information
Developed by the OASIS standards organisation
Use HTTP as a communication protocol
Designed to addresses the complexities of establishing Business-to-Business communication
between differing systems.
19. @fdwl #BriForum @entisys
SAML Assertion
A set of statements (claims) made by a SAML authority (Identity provider or IdP)
Authentication statement: subject was authenticated using a particular technique at a particular
time
Attribute statement: particular attribute values are associated with the subject
Optional authorization decision statement: subject is authorized to perform certain actions
19
21. @fdwl #BriForum @entisys
X.509 Certificates
Trust is managed through
certificates
Certificates for
HTTPS Communications
Security token signing and
encryption
Require PKI for A & B
certificates, C & D can be
self-signed
CommunicationA
Signing
Relying party Issuer
ST
Encyption ST
B
Public key of C C
Public key of DD
Root for ARoot for B
22. @fdwl #BriForum @entisys
Federation Metadata
During the establishment of the issuer / relying party trust, both parties will require
configuration which includes
End-points for communication
Claims offered by issuer
Claims accepted by replying party
Public keys for signing and encryption
This information can be manually configured or automatically via the exchange of
federation metadata
Federation metadata can be automatically updated
24. @fdwl #BriForum @entisys
Active Directory Federation Services
AD FS 1.0 - released with Windows Server 2003 R2 as part of the operating system
AD FS 1.1 - released with Windows Server 2008 and was carried into Windows Server 2008
R2
AD FS 2.0 was released after Windows Server 2008 R2. It was released to the web and is
free to download.
ADFS 2.1 was released to Windows Server 2012 as part of the operating system
25. @fdwl #BriForum @entisys
ADFS 1.x
AD FS 1.x is limited
WS-Federation Passive Requestor Profile (browser)
SAML 1.0 TOKENS
SAML 2.x is not backward compatible with SAML 1.x, so forget about ADFS 1.x
26. @fdwl #BriForum @entisys
ADFS 2.x
A SAML implementation (both IdP and SP) from Microsoft
An AD-based single sign-on system
SAMLv2 Authentication
Allows for Single Sign on support for Web based applications.
ADFS for Windows 2008 R2 has SAML 2.0 support.
27. @fdwl #BriForum @entisys
Can I Have it Out of the Box?
Not with StoreFront
Web Interface 5.4 supports ADFS out of the box!
ADFS version 1.1 only
Windows Server 2003 R2 only
32-bit edition of 2003 R2 only
Not supported with NetScaler, Secure Gateway only
Does not work with XenDesktop
28. @fdwl #BriForum @entisys
Authentication in XenApp/XenDesktop
Support for several authentication methods
Smart cards, client certificates, RSA SecurID, etc.
Support for OS and non-OS credentials stores
OS: Active Directory and eDirectory
Non-OS: LDAP, RADIUS, 3rd party authentication methods.
Leverage Authentication methods supported by Windows:
Smartcard support
Client certificates support
Custom 3rd party authentication mechanisms through GINA extensions.
Leverage Windows authentication to flow the OS identity tokens between Access Infrastructure services
Example: flowing Kerberos tickets between ICA client and XA server.
31. @fdwl #BriForum @entisys
NetScaler & SAML Authentication
NetScaler can act as a Service Provider (SP)
User can be authenticated on LB or CS
vserver
NetScaler Gateway 10.1 supports SAML 2.0
Configuring SAML Authentication on
NetScaler Gateway
http://support.citrix.com/proddocs/topic/nets
caler-gateway-101/ng-authen-saml-con.html
NetScaler practical / SAML AAA against
simplesamlphp IdP
http://blogs.citrix.com/2012/08/24/174193098/
How to Configure NetScaler SAML to Work
with Microsoft AD FS 2.0 IdP
https://support.citrix.com/article/CTX133919
Does not provide metadata
Use Metadata builder
http://samlmetajs.simplesamlphp.org/demo
32. @fdwl #BriForum @entisys
Authentication flow
IdPNetScaler (SP) Active Directory
Browse to NG
Not authenticated
Redirected to IdP
Authenticate
User
Query for user attributes
Return Security Token
Return page
and cookie
Send Token
ST
ST
SP trusts IdP
35. @fdwl #BriForum @entisys
Authentication in XenApp/XenDesktop
Support for several authentication methods
Smart cards, client certificates, RSA SecurID, etc.
Support for OS and non-OS credentials stores
OS: Active Directory and eDirectory
Non-OS: LDAP, RADIUS, 3rd party authentication methods.
Leverage Authentication methods supported by Windows:
Smartcard support
Client certificates support
Custom 3rd party authentication mechanisms through GINA extensions.
Leverage Windows authentication to flow the OS identity tokens between Access Infrastructure services
Example: flowing Kerberos tickets between ICA client and XA server.
36. @fdwl #BriForum @entisys
Federation Example
Facebook perform authentication and
generate a signed attributes assertion
with user name and unique user ID
Digg maintain a user database and
authorization
Shadow Accounts
37. @fdwl #BriForum @entisys
Shadow Accounts
Required to delegate access to non-
claim aware resources
Regular user account
Mapped to the attribute received from
IdP
Can be mapped to any attribute
38. @fdwl #BriForum @entisys
SAML for XenApp/XenDesktop Options
S4U (Service-for-User) Kerberos Extensions
Kerberos delegation and S4U on NetScaler – too complicated
S4U on WebInterface? No future!
S4U on StoreFront? You mean StoreFront code customization?
42. @fdwl #BriForum @entisys
Account Manager Service
Web Application
Create and shadow user accounts with
random password in AD
Store password securely
Respond on HTTP request with user
password
GET /GetPassword/gundarev@partner.com
Response:
0@J4y9jCv9CHzP2Q!rhMHY@7AOk7vfF2Rf1!
T!i29QG^se^RQZbhjt4fOOmn$CN4
46. @fdwl #BriForum @entisys
Communication flow
Active Directory
User
Browser
ADFS Active Directory
Account Manager
StoreFront
1. User Authenticates at SSO
portal
2. SSO Send SAML Response to
the user s browser
NetScaler
3. User s browser POST SAML
response to NetScaler
Gateway
4. Netscaler request shadow
user credentials from Account
Manager
5. Account Manager send
credentials back to NetScaler
6.Netscalersubmitshadowuser
credentialstoStoreFront
XenDesktop
Controller
7. StoreFront request
XenDesktop token from DDC
8. DDC send XenDesktop token
back to StoreFRont
9.StoreFront sends ICA file
10. Citrix receiver connects to
access gateway
11. NetScaler gateway connects
to the desktop
VDA
12Shadow
userloggedon