SlideShare une entreprise Scribd logo

Technical Case Study: McKesson - Employing the Open Identity Stack

ForgeRock
ForgeRock

Presented by Paul Messera, Principal Security Architect, McKesson & Nick Belaevski, Senior Software Developer, Exadel, Inc. Learn more about ForgeRock Access Management: https://www.forgerock.com/platform/access-management/ Learn more about ForgeRock Identity Management: https://www.forgerock.com/platform/identity-management/

1  sur  23
Télécharger pour lire hors ligne
Paul Mezzera Principal Security Architect McKesson Corporation Nick Belaevski IAM Consultant Exadel Inc. Deploying the Open Identity Stack At McKesson ForgeRock Open Identity Summit June 2013
Open Identity Summit Discussion Points §  McKesson / Exadel Partnership §  Who are we? §  Solution examples §  Corporate Active Directory SSO §  Identity Management UI §  Screenshots §  Q & A 2
Open Identity Summit Together with our customers and partners, we are creating a sustainable future for healthcare. Together we are charting a course to better health. McKesson at-a-Glance 3   America’s oldest and largest healthcare services company •  Founded in 1833 •  Ranked 14th on Fortune’s list with $122.7 billion in revenues •  Headquartered in San Francisco •  More than 37,000 employees •  Two segments: Distribution Solutions and Technology Solutions
Open Identity Summit Who is Exadel? Enterprise software development for businesses worldwide •  Founded in 1988 •  Headquartered in Silicon Valley •  Delivery centers in six countries •  More than 700 employees •  Focus areas: §  Enterprise systems and services §  Mobile applications §  Integrated front to back office applications in financial, media, and other industries 4
Open Identity Summit Active Directory SSO §  Challenges §  Allow corporate domain users to single sign-on into internal and external applications §  Both internal and external network users §  Seamlessly auto-detect if Windows Desktop SSO is properly configured §  Solution §  SPNEGO – based Kerberos with fallback to conventional form authentication §  XMLHttpRequest seamlessly delivers Kerberos token to the server in the background §  Extension over standard Windows Desktop SSO module 5
Open Identity Summit Solution Architecture
Open Identity Summit Active Directory SSO Screens 7
Open Identity Summit Identity Management Use Cases §  Initial user account creation §  Direct input §  Batch import §  User profile management §  Delegated administration §  Users are able to update their own profiles §  Self-service capabilities §  Restore forgotten user ID §  Password reset §  Security events handling §  Forced password changes 8
Open Identity Summit Solution Architecture 9
Open Identity Summit Identity Management UI §  Based on OpenIDM 2.1.0 §  Utilizes pure HTML/REST architecture §  jQuery, Mustache, Require.js, LESS §  ForgeRock OpenIDM UI served as basis for this development §  Active Directory, OpenDJ support §  OpenAM agent used for authentication and authorization 10
Open Identity Summit Solution Tiers 11
Open Identity Summit Handling Security Events §  Challenges §  Change password functionality is required both in OpenAM and OpenIDM tiers §  Change password notification logic depends on OpenIDM configuration information §  OpenAM agent doesn’t provide information about authenticated user until user fully completes authentication chain §  Solution §  Implement custom authentication module that invokes OpenIDM change password endpoint via REST §  Programmatically create and pass agent user SSO token in request 12
Open Identity Summit Security Events 13
Open Identity Summit Password Reset §  Challenges §  Active Directory does not provide standard attributes for questions & answers and schema customization is discouraged §  Both self-service and delegated password reset are to be supported §  Solution §  Store questions & answers in non-reversible encryption format as managed objects §  Protect answers from looking over the shoulder by masking input §  User is required to enter password in order to change questions & answers
Open Identity Summit Challenge Questions 1515
Open Identity Summit Self-Service Password Reset 16
Open Identity Summit Login Screen with Security Event Handling 17
Open Identity Summit Challenge Questions Screen 18
Open Identity Summit Self-Service Password Reset 19
Open Identity Summit User Dashboard Screen 20
Open Identity Summit Confirmation Screen 21
Open Identity Summit Client-Side Validation 22
Open Identity Summit Q & A Thank you for your time! Contact Paul.Mezzera@Mckesson.com or Nbelaevski@exadel.com 23

Recommandé

Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensForgeRock
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible IdentityForgeRock
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeForgeRock
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?ForgeRock
 
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?ForgeRock
 
The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management ForgeRock
 

Recommandé

Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensForgeRock
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible IdentityForgeRock
 
Digital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeDigital Trust: How Identity Tackles the Privacy, Security and IoT Challenge
Digital Trust: How Identity Tackles the Privacy, Security and IoT ChallengeForgeRock
 
Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?Directory Services with the ForgeRock Identity Platform - So What’s New?
Directory Services with the ForgeRock Identity Platform - So What’s New?ForgeRock
 
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?ForgeRock
 
The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management ForgeRock
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock
 
Conformidade & Muito mais - Uma Demo da solução WSO2 Open Banking
Conformidade & Muito mais - Uma Demo da solução WSO2 Open BankingConformidade & Muito mais - Uma Demo da solução WSO2 Open Banking
Conformidade & Muito mais - Uma Demo da solução WSO2 Open BankingWSO2
 
The Future is Now: The ForgeRock Identity Platform, Early 2017 Release
The Future is Now: The ForgeRock Identity Platform, Early 2017 ReleaseThe Future is Now: The ForgeRock Identity Platform, Early 2017 Release
The Future is Now: The ForgeRock Identity Platform, Early 2017 ReleaseForgeRock
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...ForgeRock
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in PracticeForgeRock
 
The Future is Now: What’s New in ForgeRock Identity Gateway
The Future is Now: What’s New in ForgeRock Identity GatewayThe Future is Now: What’s New in ForgeRock Identity Gateway
The Future is Now: What’s New in ForgeRock Identity GatewayForgeRock
 
Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!ForgeRock
 
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...Profesia Srl, Lynx Group
 
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...ForgeRock
 
The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management ForgeRock
 
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2
 
Sydney Identity Unconference Introduction and Highlights
Sydney Identity Unconference Introduction and HighlightsSydney Identity Unconference Introduction and Highlights
Sydney Identity Unconference Introduction and HighlightsForgeRock
 
Open Identity Stack Roadmap
Open Identity Stack RoadmapOpen Identity Stack Roadmap
Open Identity Stack RoadmapForgeRock
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Identity Live London 2017 | Daniel Raskin
Identity Live London 2017 | Daniel RaskinIdentity Live London 2017 | Daniel Raskin
Identity Live London 2017 | Daniel RaskinForgeRock
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
WSO2 Telco MCX
WSO2 Telco MCXWSO2 Telco MCX
WSO2 Telco MCXEdgar Silva
 
WSO2 Identity Server
WSO2 Identity Server WSO2 Identity Server
WSO2 Identity Server WSO2
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureWSO2
 
CIS 2017 - So you want to use standards to secure your APIs?
CIS 2017 - So you want to use standards to secure your APIs?CIS 2017 - So you want to use standards to secure your APIs?
CIS 2017 - So you want to use standards to secure your APIs?Bertrand Carlier
 
Amrit_resume
Amrit_resumeAmrit_resume
Amrit_resumeamritdarshanpanda
 
Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point SARCCOM
 

Contenu connexe

Tendances

ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock
 
Conformidade & Muito mais - Uma Demo da solução WSO2 Open Banking
Conformidade & Muito mais - Uma Demo da solução WSO2 Open BankingConformidade & Muito mais - Uma Demo da solução WSO2 Open Banking
Conformidade & Muito mais - Uma Demo da solução WSO2 Open BankingWSO2
 
The Future is Now: The ForgeRock Identity Platform, Early 2017 Release
The Future is Now: The ForgeRock Identity Platform, Early 2017 ReleaseThe Future is Now: The ForgeRock Identity Platform, Early 2017 Release
The Future is Now: The ForgeRock Identity Platform, Early 2017 ReleaseForgeRock
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...ForgeRock
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in PracticeForgeRock
 
The Future is Now: What’s New in ForgeRock Identity Gateway
The Future is Now: What’s New in ForgeRock Identity GatewayThe Future is Now: What’s New in ForgeRock Identity Gateway
The Future is Now: What’s New in ForgeRock Identity GatewayForgeRock
 
Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!ForgeRock
 
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...Profesia Srl, Lynx Group
 
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...ForgeRock
 
The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management ForgeRock
 
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2
 
Sydney Identity Unconference Introduction and Highlights
Sydney Identity Unconference Introduction and HighlightsSydney Identity Unconference Introduction and Highlights
Sydney Identity Unconference Introduction and HighlightsForgeRock
 
Open Identity Stack Roadmap
Open Identity Stack RoadmapOpen Identity Stack Roadmap
Open Identity Stack RoadmapForgeRock
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Identity Live London 2017 | Daniel Raskin
Identity Live London 2017 | Daniel RaskinIdentity Live London 2017 | Daniel Raskin
Identity Live London 2017 | Daniel RaskinForgeRock
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
WSO2 Identity Server
WSO2 Identity Server WSO2 Identity Server
WSO2 Identity Server WSO2
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureWSO2
 
CIS 2017 - So you want to use standards to secure your APIs?
CIS 2017 - So you want to use standards to secure your APIs?CIS 2017 - So you want to use standards to secure your APIs?
CIS 2017 - So you want to use standards to secure your APIs?Bertrand Carlier
 

Tendances (20)

ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
 
Conformidade & Muito mais - Uma Demo da solução WSO2 Open Banking
Conformidade & Muito mais - Uma Demo da solução WSO2 Open BankingConformidade & Muito mais - Uma Demo da solução WSO2 Open Banking
Conformidade & Muito mais - Uma Demo da solução WSO2 Open Banking
 
The Future is Now: The ForgeRock Identity Platform, Early 2017 Release
The Future is Now: The ForgeRock Identity Platform, Early 2017 ReleaseThe Future is Now: The ForgeRock Identity Platform, Early 2017 Release
The Future is Now: The ForgeRock Identity Platform, Early 2017 Release
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in Practice
 
The Future is Now: What’s New in ForgeRock Identity Gateway
The Future is Now: What’s New in ForgeRock Identity GatewayThe Future is Now: What’s New in ForgeRock Identity Gateway
The Future is Now: What’s New in ForgeRock Identity Gateway
 
Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!Provisioning IoT...Oh Baby You Know Meeee!
Provisioning IoT...Oh Baby You Know Meeee!
 
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
wso2 masterclass italia #13 - Open Healthcare: interoperabilità e sicurezza ...
 
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...
 
The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management The Future is Now: What’s New in ForgeRock Identity Management
The Future is Now: What’s New in ForgeRock Identity Management
 
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
 
Sydney Identity Unconference Introduction and Highlights
Sydney Identity Unconference Introduction and HighlightsSydney Identity Unconference Introduction and Highlights
Sydney Identity Unconference Introduction and Highlights
 
Open Identity Stack Roadmap
Open Identity Stack RoadmapOpen Identity Stack Roadmap
Open Identity Stack Roadmap
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Identity Live London 2017 | Daniel Raskin
Identity Live London 2017 | Daniel RaskinIdentity Live London 2017 | Daniel Raskin
Identity Live London 2017 | Daniel Raskin
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 Provider
 
WSO2 Telco MCX
WSO2 Telco MCXWSO2 Telco MCX
WSO2 Telco MCX
 
WSO2 Identity Server
WSO2 Identity Server WSO2 Identity Server
WSO2 Identity Server
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking Architecture
 
CIS 2017 - So you want to use standards to secure your APIs?
CIS 2017 - So you want to use standards to secure your APIs?CIS 2017 - So you want to use standards to secure your APIs?
CIS 2017 - So you want to use standards to secure your APIs?
 

Similaire à Technical Case Study: McKesson - Employing the Open Identity Stack

Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point SARCCOM
 
Student Debt Solutions
Student Debt SolutionsStudent Debt Solutions
Student Debt SolutionsTodd Meyers
 
7. oracle iam11g+strategyodrom
7. oracle iam11g+strategyodrom7. oracle iam11g+strategyodrom
7. oracle iam11g+strategyodromDoina Draganescu
 
Subhajit das resume_2015
Subhajit das resume_2015Subhajit das resume_2015
Subhajit das resume_2015Subhajit Das
 
Subhajit_Das_Resume_2015
Subhajit_Das_Resume_2015Subhajit_Das_Resume_2015
Subhajit_Das_Resume_2015Subhajit Das
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ KiranKiran Kumar
 
Ranjeet Mishra_JAVA_3+year exp
Ranjeet Mishra_JAVA_3+year expRanjeet Mishra_JAVA_3+year exp
Ranjeet Mishra_JAVA_3+year expRanjeet Mishra
 
Saravanan-SoftwareProfessional
Saravanan-SoftwareProfessionalSaravanan-SoftwareProfessional
Saravanan-SoftwareProfessionalSaravanan MohanRaj
 
Satheesh.G_IDM
Satheesh.G_IDMSatheesh.G_IDM
Satheesh.G_IDMsatheesh64
 
(SK BASHA(3+y))
(SK BASHA(3+y))(SK BASHA(3+y))
(SK BASHA(3+y))Basha Sk
 
Yusuf Rahaman Resume
Yusuf Rahaman ResumeYusuf Rahaman Resume
Yusuf Rahaman Resumeyusuf rahaman
 

Similaire à Technical Case Study: McKesson - Employing the Open Identity Stack (20)

Amrit_resume
Amrit_resumeAmrit_resume
Amrit_resume
 
Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point Blibli Web Application Security Policy Enforcement Point
Blibli Web Application Security Policy Enforcement Point
 
Student Debt Solutions
Student Debt SolutionsStudent Debt Solutions
Student Debt Solutions
 
7. oracle iam11g+strategyodrom
7. oracle iam11g+strategyodrom7. oracle iam11g+strategyodrom
7. oracle iam11g+strategyodrom
 
Subhajit das resume_2015
Subhajit das resume_2015Subhajit das resume_2015
Subhajit das resume_2015
 
Subhajit_Das_Resume_2015
Subhajit_Das_Resume_2015Subhajit_Das_Resume_2015
Subhajit_Das_Resume_2015
 
Rajesh Kumar
Rajesh KumarRajesh Kumar
Rajesh Kumar
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ Kiran
 
Ranjeet Mishra_JAVA_3+year exp
Ranjeet Mishra_JAVA_3+year expRanjeet Mishra_JAVA_3+year exp
Ranjeet Mishra_JAVA_3+year exp
 
Acc Updated Resume
Acc Updated ResumeAcc Updated Resume
Acc Updated Resume
 
Saravanan-SoftwareProfessional
Saravanan-SoftwareProfessionalSaravanan-SoftwareProfessional
Saravanan-SoftwareProfessional
 
Satheesh.G_IDM
Satheesh.G_IDMSatheesh.G_IDM
Satheesh.G_IDM
 
Resume
ResumeResume
Resume
 
Resume
ResumeResume
Resume
 
Resume
ResumeResume
Resume
 
(SK BASHA(3+y))
(SK BASHA(3+y))(SK BASHA(3+y))
(SK BASHA(3+y))
 
Yusuf Rahaman Resume
Yusuf Rahaman ResumeYusuf Rahaman Resume
Yusuf Rahaman Resume
 
Mohammad_Aftab_Alam_Resume
Mohammad_Aftab_Alam_ResumeMohammad_Aftab_Alam_Resume
Mohammad_Aftab_Alam_Resume
 
Saravanan rajalingam
Saravanan rajalingamSaravanan rajalingam
Saravanan rajalingam
 
Saravanan Rajalingam
Saravanan RajalingamSaravanan Rajalingam
Saravanan Rajalingam
 

Plus de ForgeRock

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondForgeRock
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityForgeRock
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityForgeRock
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationForgeRock
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationForgeRock
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmForgeRock
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyForgeRock
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication ForgeRock
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyForgeRock
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewForgeRock
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)ForgeRock
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...ForgeRock
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)ForgeRock
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...ForgeRock
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...ForgeRock
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...ForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)ForgeRock
 

Plus de ForgeRock (20)

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityIdentity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic Opportunity
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity Capability
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote Presentation
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote Presentation
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected Society
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyIdentity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected Society
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - Overview
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 

Technical Case Study: McKesson - Employing the Open Identity Stack

  • 1. Paul Mezzera Principal Security Architect McKesson Corporation Nick Belaevski IAM Consultant Exadel Inc. Deploying the Open Identity Stack At McKesson ForgeRock Open Identity Summit June 2013
  • 2. Open Identity Summit Discussion Points §  McKesson / Exadel Partnership §  Who are we? §  Solution examples §  Corporate Active Directory SSO §  Identity Management UI §  Screenshots §  Q & A 2
  • 3. Open Identity Summit Together with our customers and partners, we are creating a sustainable future for healthcare. Together we are charting a course to better health. McKesson at-a-Glance 3   America’s oldest and largest healthcare services company •  Founded in 1833 •  Ranked 14th on Fortune’s list with $122.7 billion in revenues •  Headquartered in San Francisco •  More than 37,000 employees •  Two segments: Distribution Solutions and Technology Solutions
  • 4. Open Identity Summit Who is Exadel? Enterprise software development for businesses worldwide •  Founded in 1988 •  Headquartered in Silicon Valley •  Delivery centers in six countries •  More than 700 employees •  Focus areas: §  Enterprise systems and services §  Mobile applications §  Integrated front to back office applications in financial, media, and other industries 4
  • 5. Open Identity Summit Active Directory SSO §  Challenges §  Allow corporate domain users to single sign-on into internal and external applications §  Both internal and external network users §  Seamlessly auto-detect if Windows Desktop SSO is properly configured §  Solution §  SPNEGO – based Kerberos with fallback to conventional form authentication §  XMLHttpRequest seamlessly delivers Kerberos token to the server in the background §  Extension over standard Windows Desktop SSO module 5
  • 7. Open Identity Summit Active Directory SSO Screens 7
  • 8. Open Identity Summit Identity Management Use Cases §  Initial user account creation §  Direct input §  Batch import §  User profile management §  Delegated administration §  Users are able to update their own profiles §  Self-service capabilities §  Restore forgotten user ID §  Password reset §  Security events handling §  Forced password changes 8
  • 10. Open Identity Summit Identity Management UI §  Based on OpenIDM 2.1.0 §  Utilizes pure HTML/REST architecture §  jQuery, Mustache, Require.js, LESS §  ForgeRock OpenIDM UI served as basis for this development §  Active Directory, OpenDJ support §  OpenAM agent used for authentication and authorization 10
  • 12. Open Identity Summit Handling Security Events §  Challenges §  Change password functionality is required both in OpenAM and OpenIDM tiers §  Change password notification logic depends on OpenIDM configuration information §  OpenAM agent doesn’t provide information about authenticated user until user fully completes authentication chain §  Solution §  Implement custom authentication module that invokes OpenIDM change password endpoint via REST §  Programmatically create and pass agent user SSO token in request 12
  • 14. Open Identity Summit Password Reset §  Challenges §  Active Directory does not provide standard attributes for questions & answers and schema customization is discouraged §  Both self-service and delegated password reset are to be supported §  Solution §  Store questions & answers in non-reversible encryption format as managed objects §  Protect answers from looking over the shoulder by masking input §  User is required to enter password in order to change questions & answers
  • 17. Open Identity Summit Login Screen with Security Event Handling 17
  • 18. Open Identity Summit Challenge Questions Screen 18
  • 20. Open Identity Summit User Dashboard Screen 20
  • 23. Open Identity Summit Q & A Thank you for your time! Contact Paul.Mezzera@Mckesson.com or Nbelaevski@exadel.com 23