Christopher Thant, profile picture
Uploaded byChristopher Thant
PPTX, PDF181 views

SSO - Presentation

- The document discusses single sign-on (SSO) integration and implementation. It defines key terms like identity provider (IdP), service provider (SP), and Security Assertion Markup Language (SAML) 2.0. - It outlines the typical steps to set up SSO between an IdP and SP, such as defining the user information to exchange and establishing an encrypted connection. - SAML 2.0 is presented as the industry standard for SSO, with descriptions of its components like assertions and attributes that specify user details.

Embed presentation

Download to read offline
• Graduated from UCSY (6th batch) in 1999. • Worked in Japan, Singapore, United States. • President and CEO of Teromac Technologies Inc AND Teromac Technologies Limited. • Founder of Myanmar Youth Development Project • Worked for Introduction
Single Sign-On • What is single sign-on? • What technologies/tools are available for SSO? • What are the steps to implement SSO integration? • Terms & definitions related to SSO integration process IdP, SP, SAML 2.0, Assertion attributes, X.509 public/private certificate • What is SAML 2.0? • Components of SAML 2.0
Single Sign-On Who uses Single Sign-On? AND 80% OF CORPORATES
Single Sign-On OAuth, OpenID, OpenID Connect and Facebook Connect => Single Sign-On? OAuth is an authorization protocol SSO is an authentication/authorization flow through which a user can log into multiple services using the same credentials. • Provide access, temporarily or permanently, to resources such as pictures, files .,etc • Involves mobile devices to create a form of Bearer Token • Enterprise level applications • Provide Access to partner/customer • Centralized Identity Source OAuth SAML
Single Sign-On Microsoft Azure Active Directory Access Control Products Microsoft Active Directory Federation Services Centrify Identity Service OneLogin Ping Identity PingOne Oracle Enterprise Single Sign-On CA Single Sign-On
Single Sign-On Tools
Single Sign-On • Define standard SSO process between two parties – SAML 2.0 is industrial standard • Define type of user information to exchange between two parties; Service Provider & Identity Provider • Define who will initiate the SSO login process. i.e. SP Initiated or IdP Initiated • Clarity if SP provider is required to support deep linking scenario if user bookmarked the link • Clarity if SAML 2.0 data encryption is required • Exchange public key X.509 certificate between two parties. - IdP public certificate is used by SP to validate the signed SSO request - SP public certificate is used by IdP to encrypt the SAML 2.0 Assertion data OR • Provide IdP descriptive SSO URL or description SSO SAML file to SP • Ensure SSO process is over HTTPS • Define SSO user experiences in different scenarios - login, logout, session timeout, bookmarking
Single Sign-On IdP = Identity Provider SP = Service Provider SAML 2.0 = Security Assertion Markup Language 2.0 Assertion attributes <saml:Assertion Version="2.0" ID="_8b91e13f-f67b-4a4a-9765-1eb0ee415da7" IssueInstant="2012- 06-20T17:19:37.699Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>https://domainname.idp.com/</saml:Issuer> <saml:Subject> <saml:NameID>XXXXXXXXXXXXXXXXX</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData Recipient="https://domainname.brandwizard.com/app/sso/sp_authenticate.aspx" /> </saml:SubjectConfirmation> </saml:Subject> <saml:AuthnStatement AuthnInstant="2012-06-20T17:19:37.702Z" /> <saml:AttributeStatement> <saml:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue>JOHNDOE2@domainname.com</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname- format:basic"> <saml:AttributeValue>John</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname- format:basic"> <saml:AttributeValue>Doe</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion>
Single Sign-On IdP Initiated
SP Initiated Single Sign-On
Single Sign-On Single Sign-On Technical Document SAML 2.0 components SAML 2.0 Encryption Single Sign-On Demo SSO & SSL certificates Q & A

More Related Content

PDF
Single Sign On - The Basics
byIshan A B Ambanwela
 
PPTX
SINGLE SIGN-ON
byShambhavi Sahay
 
PPTX
Single sign on
byguest64ab8e
 
PDF
Auth-Shield
byChetan Kapila
 
PPT
Single Sign On - Case Study
byEbizon
 
PPTX
Single sign on - SSO
byAjit Dadresa
 
PPTX
Single sign on - benefits, challenges and case study : iFour consultancy
byDevam Shah
 
PDF
Secure Elements in Web Applications
byOlivier Potonniée
 
Single Sign On - The Basics
byIshan A B Ambanwela
 
SINGLE SIGN-ON
byShambhavi Sahay
 
Single sign on
byguest64ab8e
 
Auth-Shield
byChetan Kapila
 
Single Sign On - Case Study
byEbizon
 
Single sign on - SSO
byAjit Dadresa
 
Single sign on - benefits, challenges and case study : iFour consultancy
byDevam Shah
 
Secure Elements in Web Applications
byOlivier Potonniée
 

What's hot

PPTX
Web Single sign on system
bySwati Sinha
 
PPTX
WSO2 Identity Server - Getting Started
byIsmaeel Enjreny
 
PDF
Single Sign On
byPing Identity
 
PPTX
Wso2 is integration with .net core
byIsmaeel Enjreny
 
PDF
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
byOKsystem
 
PPTX
Securing online services by combining smart cards and web-based applications
byOlivier Potonniée
 
PPTX
Identity as a Matter of Public Safety
byAdam Lewis
 
PPTX
Smart Card Authentication
byDan Usher
 
PPTX
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
byRichard Bullington-McGuire
 
PDF
JDD2015: Security in the era of modern applications and services - Bolesław D...
byPROIDEA
 
PDF
Falcon authentication saml
byKatsumi Yamashita
 
PDF
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
byTrustBearer
 
PPT
GWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies
byGWAVA
 
PPTX
FirstNet ICAM
byAdam Lewis
 
PPTX
Single SignOn with Federation using Claims
byVolkan Uzun
 
PDF
Hitachi ID Password Manager
byHitachi ID Systems, Inc.
 
PPTX
The Client is not always right! How to secure OAuth authentication from your...
byMike Schwartz
 
PPTX
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
byGiuliano Latini
 
PDF
Multiple credentials-in-the-enterprise
byHai Nguyen
 
PPT
Authentication Technologies
byNicholas Davis
 
Web Single sign on system
bySwati Sinha
 
WSO2 Identity Server - Getting Started
byIsmaeel Enjreny
 
Single Sign On
byPing Identity
 
Wso2 is integration with .net core
byIsmaeel Enjreny
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
byOKsystem
 
Securing online services by combining smart cards and web-based applications
byOlivier Potonniée
 
Identity as a Matter of Public Safety
byAdam Lewis
 
Smart Card Authentication
byDan Usher
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
byRichard Bullington-McGuire
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
byPROIDEA
 
Falcon authentication saml
byKatsumi Yamashita
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
byTrustBearer
 
GWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies
byGWAVA
 
FirstNet ICAM
byAdam Lewis
 
Single SignOn with Federation using Claims
byVolkan Uzun
 
Hitachi ID Password Manager
byHitachi ID Systems, Inc.
 
The Client is not always right! How to secure OAuth authentication from your...
byMike Schwartz
 
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
byGiuliano Latini
 
Multiple credentials-in-the-enterprise
byHai Nguyen
 
Authentication Technologies
byNicholas Davis
 

Viewers also liked

PPTX
Centrify Intellect event
byintellectsecurity
 
PDF
What's New in Centrify Server Suite 2016
byCentrify Support
 
PDF
CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...
byCloudIDSummit
 
PPTX
Centrify Identity Service Getting Started Guide
byCentrify Support
 
PDF
San Francisco Best Places to Work Roadshow | Centrify
byGlassdoor
 
PDF
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
byAndris Soroka
 
PPTX
Onboarding in the IoT
byPaul Madsen
 
PPTX
Mobilize your workforce with secure identity services
bySumana Mehta
 
Centrify Intellect event
byintellectsecurity
 
What's New in Centrify Server Suite 2016
byCentrify Support
 
CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...
byCloudIDSummit
 
Centrify Identity Service Getting Started Guide
byCentrify Support
 
San Francisco Best Places to Work Roadshow | Centrify
byGlassdoor
 
DSS - ITSEC conf - Centrify - Identity Control and Access Management - Riga N...
byAndris Soroka
 
Onboarding in the IoT
byPaul Madsen
 
Mobilize your workforce with secure identity services
bySumana Mehta
 

Similar to SSO - Presentation

PPTX
Understanding SAML 2.0: Enhancing Secure Authentication
byNarendra Kadali
 
PDF
Single Sign On Across Drupal 8 - DrupalCon Global 2020
byIwantha Lekamge
 
PDF
Single sign on across drupal 8
byIwantha Lekamge
 
PDF
ISBG The 3 S's a guide to single sign on
byGabriella Davis
 
PDF
Single sign on using SAML
byProgramming Talents
 
PDF
Open sso fisl9.0
byStartup Cursos
 
PDF
Introducing SAML 2.0 Protocol: Security and Performance
byAmin Saqi
 
PPTX
Solving Single-Sign-On
byAaron King
 
PDF
Single sign on (SSO) How does your company apply?
byĐỗ Duy Trung
 
PPTX
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
byMysoreMuleSoftMeetup
 
PDF
Simplifying The S's: Single Sign-On, SPNEGO and SAML
byGabriella Davis
 
PPTX
Single Sign On 101
byMike Schwartz
 
PPTX
IBM Single Sign-On
byVan Staub, MBA
 
PPTX
Presentation
byLaxman Kumar
 
PPTX
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
bySaloni Shah
 
PPTX
Saml sso by Tamil on nullblrmeet 21st July 2015
byn|u - The Open Security Community
 
PPTX
SAP Single Sign On (SAP SSO) offering for customer
byPratap69
 
PDF
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
byFwdays
 
PDF
Open Source Identity Integration with OpenSSO
byelliando dias
 
PPTX
Making Sense of API Access Control
byCA API Management
 
Understanding SAML 2.0: Enhancing Secure Authentication
byNarendra Kadali
 
Single Sign On Across Drupal 8 - DrupalCon Global 2020
byIwantha Lekamge
 
Single sign on across drupal 8
byIwantha Lekamge
 
ISBG The 3 S's a guide to single sign on
byGabriella Davis
 
Single sign on using SAML
byProgramming Talents
 
Open sso fisl9.0
byStartup Cursos
 
Introducing SAML 2.0 Protocol: Security and Performance
byAmin Saqi
 
Solving Single-Sign-On
byAaron King
 
Single sign on (SSO) How does your company apply?
byĐỗ Duy Trung
 
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
byMysoreMuleSoftMeetup
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
byGabriella Davis
 
Single Sign On 101
byMike Schwartz
 
IBM Single Sign-On
byVan Staub, MBA
 
Presentation
byLaxman Kumar
 
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
bySaloni Shah
 
Saml sso by Tamil on nullblrmeet 21st July 2015
byn|u - The Open Security Community
 
SAP Single Sign On (SAP SSO) offering for customer
byPratap69
 
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
byFwdays
 
Open Source Identity Integration with OpenSSO
byelliando dias
 
Making Sense of API Access Control
byCA API Management
 

SSO - Presentation

  • 1.
    • Graduated fromUCSY (6th batch) in 1999. • Worked in Japan, Singapore, United States. • President and CEO of Teromac Technologies Inc AND Teromac Technologies Limited. • Founder of Myanmar Youth Development Project • Worked for Introduction
  • 2.
    Single Sign-On • Whatis single sign-on? • What technologies/tools are available for SSO? • What are the steps to implement SSO integration? • Terms & definitions related to SSO integration process IdP, SP, SAML 2.0, Assertion attributes, X.509 public/private certificate • What is SAML 2.0? • Components of SAML 2.0
  • 3.
    Single Sign-On Who usesSingle Sign-On? AND 80% OF CORPORATES
  • 4.
    Single Sign-On OAuth, OpenID,OpenID Connect and Facebook Connect => Single Sign-On? OAuth is an authorization protocol SSO is an authentication/authorization flow through which a user can log into multiple services using the same credentials. • Provide access, temporarily or permanently, to resources such as pictures, files .,etc • Involves mobile devices to create a form of Bearer Token • Enterprise level applications • Provide Access to partner/customer • Centralized Identity Source OAuth SAML
  • 5.
    Single Sign-On Microsoft AzureActive Directory Access Control Products Microsoft Active Directory Federation Services Centrify Identity Service OneLogin Ping Identity PingOne Oracle Enterprise Single Sign-On CA Single Sign-On
  • 6.
  • 7.
    Single Sign-On • Definestandard SSO process between two parties – SAML 2.0 is industrial standard • Define type of user information to exchange between two parties; Service Provider & Identity Provider • Define who will initiate the SSO login process. i.e. SP Initiated or IdP Initiated • Clarity if SP provider is required to support deep linking scenario if user bookmarked the link • Clarity if SAML 2.0 data encryption is required • Exchange public key X.509 certificate between two parties. - IdP public certificate is used by SP to validate the signed SSO request - SP public certificate is used by IdP to encrypt the SAML 2.0 Assertion data OR • Provide IdP descriptive SSO URL or description SSO SAML file to SP • Ensure SSO process is over HTTPS • Define SSO user experiences in different scenarios - login, logout, session timeout, bookmarking
  • 8.
    Single Sign-On IdP =Identity Provider SP = Service Provider SAML 2.0 = Security Assertion Markup Language 2.0 Assertion attributes <saml:Assertion Version="2.0" ID="_8b91e13f-f67b-4a4a-9765-1eb0ee415da7" IssueInstant="2012- 06-20T17:19:37.699Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>https://domainname.idp.com/</saml:Issuer> <saml:Subject> <saml:NameID>XXXXXXXXXXXXXXXXX</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData Recipient="https://domainname.brandwizard.com/app/sso/sp_authenticate.aspx" /> </saml:SubjectConfirmation> </saml:Subject> <saml:AuthnStatement AuthnInstant="2012-06-20T17:19:37.702Z" /> <saml:AttributeStatement> <saml:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue>JOHNDOE2@domainname.com</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname- format:basic"> <saml:AttributeValue>John</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname- format:basic"> <saml:AttributeValue>Doe</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion>
  • 9.
  • 10.
  • 11.
    Single Sign-On Single Sign-OnTechnical Document SAML 2.0 components SAML 2.0 Encryption Single Sign-On Demo SSO & SSL certificates Q & A