SlideShare une entreprise Scribd logo

GWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies

Télécharger en tant que PPT, PDF
GWAVA
GWAVA

Partner Session

Technologie
1  sur  10
KeyShield SSO SSO infrastructure for Novell technologiesVáclav Šamša & dear Novell guests: Dean Lythgoe Richard Lindstedt Kai Reichert
KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO Novell solutions Novell products?  We are talking about Filr, Vibe, GroupWise Mobility Service, GroupWise, iPrint, Messenger, Service Desk ...  All are or getting pretty standard, working with a principal – the only thing they need is to identify the user's object within a directory (eDirectory, Active Directory ...).  Btw, the vaste majority of users is still consuming Novell products service from the Windows desktop, cca 30% still with XP ...  Before, the integration point for SSO was the Novell Client for Windows, now, there is no connection in between the client and browser, web client...  So, back in 2009, the question was, how to make everything working together, on Windows, Linux, Mac and, of course, all mobile devices
KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO SSO infrastructure for Novell solutions How do KeyShield SSO do it?  SAML support  ReST API interface for easy and fast direct integrations  The integrated system needs a short and easy piece of code, which will ask KeyShield SSO for the principal (UserID). Let's see the simplified schema
KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO KeyShield SSO - authenticationKeyShield SSO - authentication Windows WorkstationWindows Workstation Browser or Native clientBrowser or Native client Integrated systemIntegrated system KeyShield SSO serverKeyShield SSO server Check user by IP of the Windows Workstation (Address of the Client) Send user ID (Principal) Valid session? No – ask KeyShield SSO server for the principal Search user profiles database for user ID provided by the KeyShield SSO server. Found – start session User is successfully authenticated by IS Run client/browser Client connect to the IS
KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO SSO infrastructure for Novell solutions How do KeyShield SSO do it?  The user is identified by the IP address which is currently used by the user's device  This is working with anything which communicates via IP from the device  This includes any browser, any WebDAV. Let's see the simplified schema for Filr and Vibe
KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO KeyShield SSO – Filr WebDAV exampleKeyShield SSO – Filr WebDAV example BrowserBrowser Web ClientWeb Client Novell Filr or VibeNovell Filr or Vibe KeyShield SSO serverKeyShield SSO server Check user by IP of the Windows Workstation (Address of the Client) Send user ID (Principal) WebDAV has no access to the browser cookie or session – ask KeyShield SSO server for the user's identity Search user profile for user ID provided by the KeyShield SSO server. Found. Session created. User can edit the file User clicks the Edit button for a particular document Windows built in Web Client gets request via WebDAV
KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO SSO infrastructure for Novell solutions How do KeyShield SSO do it?  The user can authenticate to the SSO system, but means at least 2 authentications a day – to the environment/desktop and to the SSO  The demand we clearly see is for really tight integration – once the user is authenticated to the environment/desktop (eDirectory, ActiveDirectory etc), no further authentication is necessary for any systém  Any system means everything inside the LAN/WAN and also anything hosted (clouded)  There can be a SSO solution supporting NTLM and there is the KeyShield SSO – we support both. Let's see Novell Client for Windows integration simplified schema
KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO Novell ClientNovell Client KeyShield clientKeyShield client KeyShield serverKeyShield server Authentication to eDirectory & to the workstation Authentication detected. Send user info to the KeyShield SSO server together with workstation IP address. Generates token which writes to the user's object in eDirectory. Token ID together with an authentication challenge is than sent to the KeyShield SSO client. Receive token ID and challenge eDirectory search for token ID, return value to the KeyShield client Generate response Validity check Authentication OK! KeyShield SSOKeyShield SSO
KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO SSO infrastructure for Novell solutions How do KeyShield SSO do it?  The integration mechanism is rock solid.  With this kind of integration, the whole Novell environment, can be much more efficient and convenient then Microsoft.  Together with our colleagues from Novell, we support all scenarios, user platforms, server platforms, mobile devices  If you have any home brewed system, you are lucky with us – the integration is piece of cake  Let's discuss the SSO support for Novell technologies, following slides are pretty theoretical and boring ..
KeyShield SSO SSO infrastructure for Novell technologiesvsamsa@tdp.cz www.keyshieldsso.com www.securewinbox.com

Recommandé

Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net core
Ismaeel Enjreny
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?
AboutSSL
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
Olivier Potonniée
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting Started
Ismaeel Enjreny
 
Symantec SSL Explained
Symantec SSL ExplainedSymantec SSL Explained
Symantec SSL Explained
Symantec Website Security
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
Chris Ryu
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Nick Maludy
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
Akeyless
 

Recommandé

Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net core
Ismaeel Enjreny
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?
AboutSSL
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
Olivier Potonniée
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting Started
Ismaeel Enjreny
 
Symantec SSL Explained
Symantec SSL ExplainedSymantec SSL Explained
Symantec SSL Explained
Symantec Website Security
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
Chris Ryu
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Nick Maludy
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
Akeyless
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
uberbaum
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Akeyless
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
Novell
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
Anil Saldanha
 
Server to Server API Security
Server to Server API SecurityServer to Server API Security
Server to Server API Security
Ganesh Ghag
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Craig Dickson
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
OKsystem
 
Using Federation to Simplify Access to SharePoint, SaaS and Partner Applications
Using Federation to Simplify Access to SharePoint, SaaS and Partner ApplicationsUsing Federation to Simplify Access to SharePoint, SaaS and Partner Applications
Using Federation to Simplify Access to SharePoint, SaaS and Partner Applications
Novell
 
SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and Liferay
Mika Koivisto
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
John Garland
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Sylvain Maret
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
Sylvain Maret
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
Joonas Westlin
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
Swati Sinha
 
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CloudIDSummit
 
Azure B2C
Azure B2CAzure B2C
Azure B2C
Marco De Sanctis
 
Auth experience - vol 1.0
Auth experience - vol 1.0Auth experience - vol 1.0
Auth experience - vol 1.0
Haggai Philip Zagury
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
Jay Simcox
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
Oliver Mueller
 
SSL Certificate and Code Signing
SSL Certificate and Code SigningSSL Certificate and Code Signing
SSL Certificate and Code Signing
Li-Wei Yao
 
GWAVACon - SEP Sesam Backup: We care about your data (English)
GWAVACon - SEP Sesam Backup: We care about your data (English)GWAVACon - SEP Sesam Backup: We care about your data (English)
GWAVACon - SEP Sesam Backup: We care about your data (English)
GWAVA
 
Smart Backup Architectures for Big Data in Complex, Open Source Based IT Envi...
Smart Backup Architectures for Big Data in Complex, Open Source Based IT Envi...Smart Backup Architectures for Big Data in Complex, Open Source Based IT Envi...
Smart Backup Architectures for Big Data in Complex, Open Source Based IT Envi...
Hubert Schweinesbein
 

Contenu connexe

Tendances

Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
uberbaum
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
Anil Saldanha
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
OKsystem
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
John Garland
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
Oliver Mueller
 

Tendances (20)

Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
 
Server to Server API Security
Server to Server API SecurityServer to Server API Security
Server to Server API Security
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
 
Using Federation to Simplify Access to SharePoint, SaaS and Partner Applications
Using Federation to Simplify Access to SharePoint, SaaS and Partner ApplicationsUsing Federation to Simplify Access to SharePoint, SaaS and Partner Applications
Using Federation to Simplify Access to SharePoint, SaaS and Partner Applications
 
SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and Liferay
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
 
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
 
Azure B2C
Azure B2CAzure B2C
Azure B2C
 
Auth experience - vol 1.0
Auth experience - vol 1.0Auth experience - vol 1.0
Auth experience - vol 1.0
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
 
SSL Certificate and Code Signing
SSL Certificate and Code SigningSSL Certificate and Code Signing
SSL Certificate and Code Signing
 

En vedette

Smart Backup Architectures for Big Data in Complex, Open Source Based IT Envi...
Smart Backup Architectures for Big Data in Complex, Open Source Based IT Envi...Smart Backup Architectures for Big Data in Complex, Open Source Based IT Envi...
Smart Backup Architectures for Big Data in Complex, Open Source Based IT Envi...
Hubert Schweinesbein
 
GWAVACon 2013: Requirements to Backup Solutions
GWAVACon 2013: Requirements to Backup SolutionsGWAVACon 2013: Requirements to Backup Solutions
GWAVACon 2013: Requirements to Backup Solutions
GWAVA
 

En vedette (7)

GWAVACon - SEP Sesam Backup: We care about your data (English)
GWAVACon - SEP Sesam Backup: We care about your data (English)GWAVACon - SEP Sesam Backup: We care about your data (English)
GWAVACon - SEP Sesam Backup: We care about your data (English)
 
Smart Backup Architectures for Big Data in Complex, Open Source Based IT Envi...
Smart Backup Architectures for Big Data in Complex, Open Source Based IT Envi...Smart Backup Architectures for Big Data in Complex, Open Source Based IT Envi...
Smart Backup Architectures for Big Data in Complex, Open Source Based IT Envi...
 
GWAVACon 2013: Requirements to Backup Solutions
GWAVACon 2013: Requirements to Backup SolutionsGWAVACon 2013: Requirements to Backup Solutions
GWAVACon 2013: Requirements to Backup Solutions
 
2012 10-sep-gwava-vibe-sharepoint-more
2012 10-sep-gwava-vibe-sharepoint-more2012 10-sep-gwava-vibe-sharepoint-more
2012 10-sep-gwava-vibe-sharepoint-more
 
GWAVACon - How to efficiently manage Novell GroupWise Security, Backup, Mail...
GWAVACon - How to efficiently manage Novell GroupWise Security, Backup, Mail...GWAVACon - How to efficiently manage Novell GroupWise Security, Backup, Mail...
GWAVACon - How to efficiently manage Novell GroupWise Security, Backup, Mail...
 
Slides: Archivierung und Security – Für weniger mehr bekommen
Slides: Archivierung und Security – Für weniger mehr bekommen Slides: Archivierung und Security – Für weniger mehr bekommen
Slides: Archivierung und Security – Für weniger mehr bekommen
 
Open Horizons - GroupWise Monitor Deutsch
Open Horizons - GroupWise Monitor DeutschOpen Horizons - GroupWise Monitor Deutsch
Open Horizons - GroupWise Monitor Deutsch
 

Similaire à GWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies

Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
webhostingguy
 
VMware Horizon Customer Presentation EN
VMware Horizon Customer Presentation ENVMware Horizon Customer Presentation EN
VMware Horizon Customer Presentation EN
Daron Walker
 
Evident.io corp overview
Evident.io corp overviewEvident.io corp overview
Evident.io corp overview
Mark Marquiss
 
Cloud computing bpos & windows azure oss
Cloud computing bpos & windows azure ossCloud computing bpos & windows azure oss
Cloud computing bpos & windows azure oss
Avni Gupta
 

Similaire à GWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies (20)

Top 10 Security Concerns of Windows Mobile (and how to Overcome them)
Top 10 Security Concerns of Windows Mobile (and how to Overcome them)Top 10 Security Concerns of Windows Mobile (and how to Overcome them)
Top 10 Security Concerns of Windows Mobile (and how to Overcome them)
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
 
AzureAAD
AzureAADAzureAAD
AzureAAD
 
vDesk.works vs Microsoft Cloud 365 (VDI)
vDesk.works vs Microsoft Cloud 365 (VDI)vDesk.works vs Microsoft Cloud 365 (VDI)
vDesk.works vs Microsoft Cloud 365 (VDI)
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 
Evernym May 2021 Product Update
Evernym May 2021 Product UpdateEvernym May 2021 Product Update
Evernym May 2021 Product Update
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 
InduSoft Water Wastewater Webinar 2012
InduSoft Water Wastewater Webinar 2012InduSoft Water Wastewater Webinar 2012
InduSoft Water Wastewater Webinar 2012
 
SphereShield for Skype for Business - Compliance and Security
SphereShield for Skype for Business - Compliance and SecuritySphereShield for Skype for Business - Compliance and Security
SphereShield for Skype for Business - Compliance and Security
 
SphereShield For Skype - Presentation
SphereShield For Skype - PresentationSphereShield For Skype - Presentation
SphereShield For Skype - Presentation
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...
 
Can we build an Azure IoT controlled device in less than 40 minutes that cost...
Can we build an Azure IoT controlled device in less than 40 minutes that cost...Can we build an Azure IoT controlled device in less than 40 minutes that cost...
Can we build an Azure IoT controlled device in less than 40 minutes that cost...
 
VMware Horizon Customer Presentation EN
VMware Horizon Customer Presentation ENVMware Horizon Customer Presentation EN
VMware Horizon Customer Presentation EN
 
Evident.io corp overview
Evident.io corp overviewEvident.io corp overview
Evident.io corp overview
 
Mobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaMobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen Sinha
 
Cloud computing bpos & windows azure oss
Cloud computing bpos & windows azure ossCloud computing bpos & windows azure oss
Cloud computing bpos & windows azure oss
 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data Sheet
 

Plus de GWAVA

RETAIN FOR BLACKBERRY AUDIT AND ARCHIVING SERVICE (BAAS)
RETAIN FOR BLACKBERRY AUDIT AND ARCHIVING SERVICE (BAAS)RETAIN FOR BLACKBERRY AUDIT AND ARCHIVING SERVICE (BAAS)
RETAIN FOR BLACKBERRY AUDIT AND ARCHIVING SERVICE (BAAS)
GWAVA
 
Retain richtig nutzen: Archivierung aus der Sicht eines Anwenders
Retain richtig nutzen: Archivierung aus der Sicht eines AnwendersRetain richtig nutzen: Archivierung aus der Sicht eines Anwenders
Retain richtig nutzen: Archivierung aus der Sicht eines Anwenders
GWAVA
 

Plus de GWAVA (20)

Open Horizons - Vibe: Run, Rabbit Run
Open Horizons - Vibe: Run, Rabbit RunOpen Horizons - Vibe: Run, Rabbit Run
Open Horizons - Vibe: Run, Rabbit Run
 
Open Horizons - GroupWise Monitor English
Open Horizons - GroupWise Monitor EnglishOpen Horizons - GroupWise Monitor English
Open Horizons - GroupWise Monitor English
 
Micro Focus iPrint
Micro Focus iPrintMicro Focus iPrint
Micro Focus iPrint
 
GroupWise Mobility Service 14.2.1
GroupWise Mobility Service 14.2.1GroupWise Mobility Service 14.2.1
GroupWise Mobility Service 14.2.1
 
Micro Focus Keynote: Vision 2020: The Future of Infrastructure Software and M...
Micro Focus Keynote: Vision 2020: The Future of Infrastructure Software and M...Micro Focus Keynote: Vision 2020: The Future of Infrastructure Software and M...
Micro Focus Keynote: Vision 2020: The Future of Infrastructure Software and M...
 
Desktop Containers 12: Next Generation of ZENworks Application Virtualization
Desktop Containers 12: Next Generation of ZENworks Application VirtualizationDesktop Containers 12: Next Generation of ZENworks Application Virtualization
Desktop Containers 12: Next Generation of ZENworks Application Virtualization
 
Open Enterprise Server - in a Windows world
Open Enterprise Server - in a Windows worldOpen Enterprise Server - in a Windows world
Open Enterprise Server - in a Windows world
 
ZENworks 2017 - Overview
ZENworks 2017 - OverviewZENworks 2017 - Overview
ZENworks 2017 - Overview
 
Vibe Custom Development
Vibe Custom DevelopmentVibe Custom Development
Vibe Custom Development
 
Third Party Client Access to GroupWise
Third Party Client Access to GroupWiseThird Party Client Access to GroupWise
Third Party Client Access to GroupWise
 
Gwava Cloud Offering
Gwava Cloud OfferingGwava Cloud Offering
Gwava Cloud Offering
 
Let’s talk Retain – Requirements, Setup and Features
Let’s talk Retain – Requirements, Setup and FeaturesLet’s talk Retain – Requirements, Setup and Features
Let’s talk Retain – Requirements, Setup and Features
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the Cloud
 
Exchange 2016 Cloud Migration
Exchange 2016 Cloud MigrationExchange 2016 Cloud Migration
Exchange 2016 Cloud Migration
 
Large Scale GWAVA 7
Large Scale GWAVA 7Large Scale GWAVA 7
Large Scale GWAVA 7
 
GWAVA: WHAT THE ANALYSTS ARE SAYING
GWAVA: WHAT THE ANALYSTS ARE SAYINGGWAVA: WHAT THE ANALYSTS ARE SAYING
GWAVA: WHAT THE ANALYSTS ARE SAYING
 
RETAIN FOR BLACKBERRY AUDIT AND ARCHIVING SERVICE (BAAS)
RETAIN FOR BLACKBERRY AUDIT AND ARCHIVING SERVICE (BAAS)RETAIN FOR BLACKBERRY AUDIT AND ARCHIVING SERVICE (BAAS)
RETAIN FOR BLACKBERRY AUDIT AND ARCHIVING SERVICE (BAAS)
 
Retain richtig nutzen: Archivierung aus der Sicht eines Anwenders
Retain richtig nutzen: Archivierung aus der Sicht eines AnwendersRetain richtig nutzen: Archivierung aus der Sicht eines Anwenders
Retain richtig nutzen: Archivierung aus der Sicht eines Anwenders
 
Mobile Auditing and Archiving with Retain
Mobile Auditing and Archiving with RetainMobile Auditing and Archiving with Retain
Mobile Auditing and Archiving with Retain
 
Archiving 2.0 - Retain Business Value
Archiving 2.0 - Retain Business ValueArchiving 2.0 - Retain Business Value
Archiving 2.0 - Retain Business Value
 

Dernier

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Dernier (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 

GWAVACon 2013: Keyshield SSO Infrastructure for Novell Technologies

  • 1. KeyShield SSO SSO infrastructure for Novell technologiesVáclav Šamša & dear Novell guests: Dean Lythgoe Richard Lindstedt Kai Reichert
  • 2. KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO Novell solutions Novell products?  We are talking about Filr, Vibe, GroupWise Mobility Service, GroupWise, iPrint, Messenger, Service Desk ...  All are or getting pretty standard, working with a principal – the only thing they need is to identify the user's object within a directory (eDirectory, Active Directory ...).  Btw, the vaste majority of users is still consuming Novell products service from the Windows desktop, cca 30% still with XP ...  Before, the integration point for SSO was the Novell Client for Windows, now, there is no connection in between the client and browser, web client...  So, back in 2009, the question was, how to make everything working together, on Windows, Linux, Mac and, of course, all mobile devices
  • 3. KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO SSO infrastructure for Novell solutions How do KeyShield SSO do it?  SAML support  ReST API interface for easy and fast direct integrations  The integrated system needs a short and easy piece of code, which will ask KeyShield SSO for the principal (UserID). Let's see the simplified schema
  • 4. KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO KeyShield SSO - authenticationKeyShield SSO - authentication Windows WorkstationWindows Workstation Browser or Native clientBrowser or Native client Integrated systemIntegrated system KeyShield SSO serverKeyShield SSO server Check user by IP of the Windows Workstation (Address of the Client) Send user ID (Principal) Valid session? No – ask KeyShield SSO server for the principal Search user profiles database for user ID provided by the KeyShield SSO server. Found – start session User is successfully authenticated by IS Run client/browser Client connect to the IS
  • 5. KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO SSO infrastructure for Novell solutions How do KeyShield SSO do it?  The user is identified by the IP address which is currently used by the user's device  This is working with anything which communicates via IP from the device  This includes any browser, any WebDAV. Let's see the simplified schema for Filr and Vibe
  • 6. KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO KeyShield SSO – Filr WebDAV exampleKeyShield SSO – Filr WebDAV example BrowserBrowser Web ClientWeb Client Novell Filr or VibeNovell Filr or Vibe KeyShield SSO serverKeyShield SSO server Check user by IP of the Windows Workstation (Address of the Client) Send user ID (Principal) WebDAV has no access to the browser cookie or session – ask KeyShield SSO server for the user's identity Search user profile for user ID provided by the KeyShield SSO server. Found. Session created. User can edit the file User clicks the Edit button for a particular document Windows built in Web Client gets request via WebDAV
  • 7. KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO SSO infrastructure for Novell solutions How do KeyShield SSO do it?  The user can authenticate to the SSO system, but means at least 2 authentications a day – to the environment/desktop and to the SSO  The demand we clearly see is for really tight integration – once the user is authenticated to the environment/desktop (eDirectory, ActiveDirectory etc), no further authentication is necessary for any systém  Any system means everything inside the LAN/WAN and also anything hosted (clouded)  There can be a SSO solution supporting NTLM and there is the KeyShield SSO – we support both. Let's see Novell Client for Windows integration simplified schema
  • 8. KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO Novell ClientNovell Client KeyShield clientKeyShield client KeyShield serverKeyShield server Authentication to eDirectory & to the workstation Authentication detected. Send user info to the KeyShield SSO server together with workstation IP address. Generates token which writes to the user's object in eDirectory. Token ID together with an authentication challenge is than sent to the KeyShield SSO client. Receive token ID and challenge eDirectory search for token ID, return value to the KeyShield client Generate response Validity check Authentication OK! KeyShield SSOKeyShield SSO
  • 9. KeyShield SSO Connects eDir/AD desktop login and mobile devices with SSO SSO infrastructure for Novell solutions How do KeyShield SSO do it?  The integration mechanism is rock solid.  With this kind of integration, the whole Novell environment, can be much more efficient and convenient then Microsoft.  Together with our colleagues from Novell, we support all scenarios, user platforms, server platforms, mobile devices  If you have any home brewed system, you are lucky with us – the integration is piece of cake  Let's discuss the SSO support for Novell technologies, following slides are pretty theoretical and boring ..
  • 10. KeyShield SSO SSO infrastructure for Novell technologiesvsamsa@tdp.cz www.keyshieldsso.com www.securewinbox.com