SlideShare a Scribd company logo

SSO - Presentation

Download as PPTX, PDF
Christopher Thant
Christopher Thant

- The document discusses single sign-on (SSO) integration and implementation. It defines key terms like identity provider (IdP), service provider (SP), and Security Assertion Markup Language (SAML) 2.0. - It outlines the typical steps to set up SSO between an IdP and SP, such as defining the user information to exchange and establishing an encrypted connection. - SAML 2.0 is presented as the industry standard for SSO, with descriptions of its components like assertions and attributes that specify user details.

1 of 11
• Graduated from UCSY (6th batch) in 1999. • Worked in Japan, Singapore, United States. • President and CEO of Teromac Technologies Inc AND Teromac Technologies Limited. • Founder of Myanmar Youth Development Project • Worked for Introduction
Single Sign-On • What is single sign-on? • What technologies/tools are available for SSO? • What are the steps to implement SSO integration? • Terms & definitions related to SSO integration process IdP, SP, SAML 2.0, Assertion attributes, X.509 public/private certificate • What is SAML 2.0? • Components of SAML 2.0
Single Sign-On Who uses Single Sign-On? AND 80% OF CORPORATES
Single Sign-On OAuth, OpenID, OpenID Connect and Facebook Connect => Single Sign-On? OAuth is an authorization protocol SSO is an authentication/authorization flow through which a user can log into multiple services using the same credentials. • Provide access, temporarily or permanently, to resources such as pictures, files .,etc • Involves mobile devices to create a form of Bearer Token • Enterprise level applications • Provide Access to partner/customer • Centralized Identity Source OAuth SAML
Single Sign-On Microsoft Azure Active Directory Access Control Products Microsoft Active Directory Federation Services Centrify Identity Service OneLogin Ping Identity PingOne Oracle Enterprise Single Sign-On CA Single Sign-On
Single Sign-On Tools
Single Sign-On • Define standard SSO process between two parties – SAML 2.0 is industrial standard • Define type of user information to exchange between two parties; Service Provider & Identity Provider • Define who will initiate the SSO login process. i.e. SP Initiated or IdP Initiated • Clarity if SP provider is required to support deep linking scenario if user bookmarked the link • Clarity if SAML 2.0 data encryption is required • Exchange public key X.509 certificate between two parties. - IdP public certificate is used by SP to validate the signed SSO request - SP public certificate is used by IdP to encrypt the SAML 2.0 Assertion data OR • Provide IdP descriptive SSO URL or description SSO SAML file to SP • Ensure SSO process is over HTTPS • Define SSO user experiences in different scenarios - login, logout, session timeout, bookmarking
Single Sign-On IdP = Identity Provider SP = Service Provider SAML 2.0 = Security Assertion Markup Language 2.0 Assertion attributes <saml:Assertion Version="2.0" ID="_8b91e13f-f67b-4a4a-9765-1eb0ee415da7" IssueInstant="2012- 06-20T17:19:37.699Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>https://domainname.idp.com/</saml:Issuer> <saml:Subject> <saml:NameID>XXXXXXXXXXXXXXXXX</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData Recipient="https://domainname.brandwizard.com/app/sso/sp_authenticate.aspx" /> </saml:SubjectConfirmation> </saml:Subject> <saml:AuthnStatement AuthnInstant="2012-06-20T17:19:37.702Z" /> <saml:AttributeStatement> <saml:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue>JOHNDOE2@domainname.com</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname- format:basic"> <saml:AttributeValue>John</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname- format:basic"> <saml:AttributeValue>Doe</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion>
Single Sign-On IdP Initiated
SP Initiated Single Sign-On
Single Sign-On Single Sign-On Technical Document SAML 2.0 components SAML 2.0 Encryption Single Sign-On Demo SSO & SSL certificates Q & A

Recommended

Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ON
Shambhavi Sahay
 
Single sign on
Single sign onSingle sign on
Single sign on
guest64ab8e
 
Auth-Shield
Auth-ShieldAuth-Shield
Auth-Shield
Chetan Kapila
 
Single Sign On - Case Study
Single Sign On - Case StudySingle Sign On - Case Study
Single Sign On - Case Study
Ebizon
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Ajit Dadresa
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web Applications
Olivier Potonniée
 

Recommended

Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ON
Shambhavi Sahay
 
Single sign on
Single sign onSingle sign on
Single sign on
guest64ab8e
 
Auth-Shield
Auth-ShieldAuth-Shield
Auth-Shield
Chetan Kapila
 
Single Sign On - Case Study
Single Sign On - Case StudySingle Sign On - Case Study
Single Sign On - Case Study
Ebizon
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Ajit Dadresa
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web Applications
Olivier Potonniée
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
Swati Sinha
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting Started
Ismaeel Enjreny
 
Single Sign On
Single Sign OnSingle Sign On
Single Sign On
Ping Identity
 
Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net core
Ismaeel Enjreny
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
OKsystem
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
Olivier Potonniée
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public Safety
Adam Lewis
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card Authentication
Dan Usher
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Richard Bullington-McGuire
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
Falcon authentication saml
Falcon authentication samlFalcon authentication saml
Falcon authentication saml
Katsumi Yamashita
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer
 
GWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies
GWAVACon 2013: Keyshield SSO Infrastructure for Novell TechnologiesGWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies
GWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies
GWAVA
 
FirstNet ICAM
FirstNet ICAMFirstNet ICAM
FirstNet ICAM
Adam Lewis
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using Claims
Volkan Uzun
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...
Mike Schwartz
 
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft AzureUno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Giuliano Latini
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
Hai Nguyen
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
Nicholas Davis
 
Centrify Intellect event
Centrify Intellect eventCentrify Intellect event
Centrify Intellect event
intellectsecurity
 
What's New in Centrify Server Suite 2016
What's New in Centrify Server Suite 2016What's New in Centrify Server Suite 2016
What's New in Centrify Server Suite 2016
Centrify Support
 

More Related Content

What's hot

Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
Swati Sinha
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting Started
Ismaeel Enjreny
 
Single Sign On
Single Sign OnSingle Sign On
Single Sign On
Ping Identity
 
Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net core
Ismaeel Enjreny
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
OKsystem
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
Olivier Potonniée
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public Safety
Adam Lewis
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card Authentication
Dan Usher
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Richard Bullington-McGuire
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
Falcon authentication saml
Falcon authentication samlFalcon authentication saml
Falcon authentication saml
Katsumi Yamashita
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer
 
GWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies
GWAVACon 2013: Keyshield SSO Infrastructure for Novell TechnologiesGWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies
GWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies
GWAVA
 
FirstNet ICAM
FirstNet ICAMFirstNet ICAM
FirstNet ICAM
Adam Lewis
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using Claims
Volkan Uzun
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...
Mike Schwartz
 
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft AzureUno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Giuliano Latini
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
Hai Nguyen
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
Nicholas Davis
 

What's hot (20)

Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting Started
 
Single Sign On
Single Sign OnSingle Sign On
Single Sign On
 
Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net core
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public Safety
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card Authentication
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
Falcon authentication saml
Falcon authentication samlFalcon authentication saml
Falcon authentication saml
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
 
GWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies
GWAVACon 2013: Keyshield SSO Infrastructure for Novell TechnologiesGWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies
GWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies
 
FirstNet ICAM
FirstNet ICAMFirstNet ICAM
FirstNet ICAM
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using Claims
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...
 
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft AzureUno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
 

Viewers also liked

Centrify Intellect event
Centrify Intellect eventCentrify Intellect event
Centrify Intellect event
intellectsecurity
 
What's New in Centrify Server Suite 2016
What's New in Centrify Server Suite 2016What's New in Centrify Server Suite 2016
What's New in Centrify Server Suite 2016
Centrify Support
 
CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...
CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...
CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...
CloudIDSummit
 
Centrify Identity Service Getting Started Guide
Centrify Identity Service Getting Started GuideCentrify Identity Service Getting Started Guide
Centrify Identity Service Getting Started Guide
Centrify Support
 
San Francisco Best Places to Work Roadshow | Centrify
San Francisco Best Places to Work Roadshow | CentrifySan Francisco Best Places to Work Roadshow | Centrify
San Francisco Best Places to Work Roadshow | Centrify
Glassdoor
 
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
Andris Soroka
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
Paul Madsen
 
Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity services
Sumana Mehta
 

Viewers also liked (8)

Centrify Intellect event
Centrify Intellect eventCentrify Intellect event
Centrify Intellect event
 
What's New in Centrify Server Suite 2016
What's New in Centrify Server Suite 2016What's New in Centrify Server Suite 2016
What's New in Centrify Server Suite 2016
 
CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...
CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...
CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...
 
Centrify Identity Service Getting Started Guide
Centrify Identity Service Getting Started GuideCentrify Identity Service Getting Started Guide
Centrify Identity Service Getting Started Guide
 
San Francisco Best Places to Work Roadshow | Centrify
San Francisco Best Places to Work Roadshow | CentrifySan Francisco Best Places to Work Roadshow | Centrify
San Francisco Best Places to Work Roadshow | Centrify
 
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
 
Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity services
 

Similar to SSO - Presentation

Product update sso authentication method released for orangescrum
Product update sso authentication method released for orangescrumProduct update sso authentication method released for orangescrum
Product update sso authentication method released for orangescrum
Orangescrum
 
Presentation
PresentationPresentation
Presentation
Laxman Kumar
 
SWID Tag Creation Tool
SWID Tag Creation Tool SWID Tag Creation Tool
SWID Tag Creation Tool
Dj Das
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
Manish Harsh
 
Justcloud
JustcloudJustcloud
Justcloud
Megha Sahu
 
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CloudIDSummit
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
WSO2
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
Đỗ Duy Trung
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
Anil Saldanha
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
Mike Schwartz
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
robbuddingh
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
OpenIDFoundation
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
Roger CARHUATOCTO
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best Practices
Salesforce Developers
 
Access management
Access managementAccess management
Access management
Venkatesh Jambulingam
 
Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8
Iwantha Lekamge
 
SAP Single Sign On (SAP SSO) offering for customer
SAP Single Sign On (SAP SSO) offering for customerSAP Single Sign On (SAP SSO) offering for customer
SAP Single Sign On (SAP SSO) offering for customer
Pratap69
 
Openstack identity protocols unconference
Openstack identity protocols unconferenceOpenstack identity protocols unconference
Openstack identity protocols unconference
David Waite
 
Choosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your AppChoosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your App
Logi Analytics
 
Taking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security ModelTaking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security Model
Salesforce Developers
 

Similar to SSO - Presentation (20)

Product update sso authentication method released for orangescrum
Product update sso authentication method released for orangescrumProduct update sso authentication method released for orangescrum
Product update sso authentication method released for orangescrum
 
Presentation
PresentationPresentation
Presentation
 
SWID Tag Creation Tool
SWID Tag Creation Tool SWID Tag Creation Tool
SWID Tag Creation Tool
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
Justcloud
JustcloudJustcloud
Justcloud
 
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best Practices
 
Access management
Access managementAccess management
Access management
 
Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8
 
SAP Single Sign On (SAP SSO) offering for customer
SAP Single Sign On (SAP SSO) offering for customerSAP Single Sign On (SAP SSO) offering for customer
SAP Single Sign On (SAP SSO) offering for customer
 
Openstack identity protocols unconference
Openstack identity protocols unconferenceOpenstack identity protocols unconference
Openstack identity protocols unconference
 
Choosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your AppChoosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your App
 
Taking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security ModelTaking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security Model
 

SSO - Presentation

  • 1. • Graduated from UCSY (6th batch) in 1999. • Worked in Japan, Singapore, United States. • President and CEO of Teromac Technologies Inc AND Teromac Technologies Limited. • Founder of Myanmar Youth Development Project • Worked for Introduction
  • 2. Single Sign-On • What is single sign-on? • What technologies/tools are available for SSO? • What are the steps to implement SSO integration? • Terms & definitions related to SSO integration process IdP, SP, SAML 2.0, Assertion attributes, X.509 public/private certificate • What is SAML 2.0? • Components of SAML 2.0
  • 3. Single Sign-On Who uses Single Sign-On? AND 80% OF CORPORATES
  • 4. Single Sign-On OAuth, OpenID, OpenID Connect and Facebook Connect => Single Sign-On? OAuth is an authorization protocol SSO is an authentication/authorization flow through which a user can log into multiple services using the same credentials. • Provide access, temporarily or permanently, to resources such as pictures, files .,etc • Involves mobile devices to create a form of Bearer Token • Enterprise level applications • Provide Access to partner/customer • Centralized Identity Source OAuth SAML
  • 5. Single Sign-On Microsoft Azure Active Directory Access Control Products Microsoft Active Directory Federation Services Centrify Identity Service OneLogin Ping Identity PingOne Oracle Enterprise Single Sign-On CA Single Sign-On
  • 7. Single Sign-On • Define standard SSO process between two parties – SAML 2.0 is industrial standard • Define type of user information to exchange between two parties; Service Provider & Identity Provider • Define who will initiate the SSO login process. i.e. SP Initiated or IdP Initiated • Clarity if SP provider is required to support deep linking scenario if user bookmarked the link • Clarity if SAML 2.0 data encryption is required • Exchange public key X.509 certificate between two parties. - IdP public certificate is used by SP to validate the signed SSO request - SP public certificate is used by IdP to encrypt the SAML 2.0 Assertion data OR • Provide IdP descriptive SSO URL or description SSO SAML file to SP • Ensure SSO process is over HTTPS • Define SSO user experiences in different scenarios - login, logout, session timeout, bookmarking
  • 8. Single Sign-On IdP = Identity Provider SP = Service Provider SAML 2.0 = Security Assertion Markup Language 2.0 Assertion attributes <saml:Assertion Version="2.0" ID="_8b91e13f-f67b-4a4a-9765-1eb0ee415da7" IssueInstant="2012- 06-20T17:19:37.699Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>https://domainname.idp.com/</saml:Issuer> <saml:Subject> <saml:NameID>XXXXXXXXXXXXXXXXX</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData Recipient="https://domainname.brandwizard.com/app/sso/sp_authenticate.aspx" /> </saml:SubjectConfirmation> </saml:Subject> <saml:AuthnStatement AuthnInstant="2012-06-20T17:19:37.702Z" /> <saml:AttributeStatement> <saml:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue>JOHNDOE2@domainname.com</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname- format:basic"> <saml:AttributeValue>John</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname- format:basic"> <saml:AttributeValue>Doe</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion>
  • 11. Single Sign-On Single Sign-On Technical Document SAML 2.0 components SAML 2.0 Encryption Single Sign-On Demo SSO & SSL certificates Q & A