SlideShare une entreprise Scribd logo

Single sign on (SSO) How does your company apply?

Đỗ Duy Trung
Đỗ Duy Trung

This document discusses Single Sign On (SSO), which allows a user to access multiple services or applications with a single set of login credentials. It describes common SSO protocols like SAML and OpenID Connect and where SSO can be implemented, such as on-premise or in the cloud. Examples of SSO use cases and product categories are provided.

1  sur  28
Télécharger pour lire hors ligne
Single Sign On (SSO) How does your company apply? Do Duy Trung
Who???
Agenda - Overview - What? Why? Where? Which? How? - Q&A
IdM, AIM (Access & Identity Management)
Computing Troika Cloud Computing Social Computing Mobile Computing
We are ... USER password P@ssw0rd account? username? IT where? where? where? PIN ID
???
What is SSO? A session/user authentication process in order to access multiple services/apps → Eliminates login prompts during a particular session. → Reduced Sign On (RSO)
Adv - uniform AaA policies - audit session - not have to understand - desk cost savings Dis-adv - single point of enterprise failure - data integrity
Diagram Sign-On Single Sign-On
User Account Manager OR SSO Product Protocol? Token?
Concepts & Protocols? SAML 2.0 OpenID Connect Others Description - Most widely adopted standard for Web SSO. - XML based. - Most promissing successor to SAML. - JSON based - A profile of OAuth 2. - Promises better support for mobile. - Earlier protocols that are still in use should be deprecated. - Cookie based (LtpaToken, LtpaToken2,...) Relavant jargon - Identity Provider (IdP) - Service Provider (SP) - Attributes - SP Metadata - OpenID Provider (OP) - Relying Party (RP) - User claims - Client Claims Kerberos, RADIUS, LDAP, WS-*, OpenID 2, CAS
Perform where? SP initiated SSO IdP initiated SSO
Examples
Code where?
Store where? - AD - OpenLDAP - Realm - Database
Classification - ESSO (Enterprise SSO) - WSSO (Web SSO) - Cloud SSO - Federated SSO
Classification (cont…) - Cookie based SSO - Token based SSO (XML, JSON) - MVF (multi value factor) authentication
Which products? SaaS Okta, OneLogin, Stormpath, Symplified - No root access to the server. If there's a security breach, it affects everyone - Per user or per application pricing can become costly Open Source Gluu, ForgeRock, CAS, Indepedent integrators and consulting shops - Expensive to design and build - High cost of care and feeding - Hard to support new app integrations Enterprise Software Oracle Access Manager, CA SiteMinder, IBM Tivoli Access Manager, RSA Cleartrust, Microsoft ADFS, Ping Federate,... - Expensive license fees - Vendor lock-in
How to do? - Ask yourself? - Ask your organisation? - Ask your customer? - Ask your partner? - Ask your producer?
Steps for Effective SSO Deployments Step 1. Get power users and executive sponsorship Step 2. Establish deployment goals and priorities Step 3. Understand end user resistance to change Step 4. Include the right people and resources in the project Step 5. Train people at all phases Step 6. Test thoroughly Step 7. Market the solution
Scenarios
Q&A
Thank you very much!
References - http://en.wikipedia.org/wiki/Single_sign-on - http://www.opengroup.org/security/sso/sso_intro.htm - http://searchsecurity.techtarget.com/definition/single-sign-on - http://www.authenticationworld.com/Single-Sign-On-Authentication/ - http://www.giac.org/paper/gsec/3618/single-sign-concepts-protocols/105876 - http://www.slideshare.net/gluu/sso-101 - http://qualtrics.com/wp-content/uploads/2013/05/SSO-Single-Sign-On-Specification.pdf - http://mauriziostorani.wordpress.com/2008/07/21/single-sign-on-sso-concepts-methods-and-frameworks/ - https://www.imprivata.com/customer-success/best-practices/7-steps-for-effective-sso-deployments - http://www.juniper.net/techpubs/en_US/sa8.0/topics/example/example-simple/secure-access-saml-cloud-googleapps.html - http://www.authenticationworld.com/Single-Sign-On-Authentication/101ThingsToKnowAboutSingleSignOn.pdf - http://www.timberlinetechnologies.com/products/sso.html
References - http://www.giac.org/paper/gsec/3618/single-sign-concepts-protocols/105876 - http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO - http://technet.microsoft.com/en-us/library/cc727987(v=ws.10).aspx - http://mauriziostorani.wordpress.com/2008/07/21/single-sign-on-sso-concepts-methods-and-frameworks/ - https://wiki.developerforce.com/page/Implementing_Single_Sign-On_Across_Multiple_Organizations - http://www.juniper.net/techpubs/en_US/sa8.0/topics/example/example-simple/secure-access-saml-cloud-googleapps.html - http://blog.empowerid.com/top-5-federated-single-sign-on-sso-scenarios?&__hssc=&__hstc&hsCtaTracking=a388cefe- 1353-4d80-8702-15118a0712c2%7C55b814cc-7c33-4574-baa4-978c98fc8485

Recommandé

Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
Mike Schwartz
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
 
SSO introduction
SSO introductionSSO introduction
SSO introduction
Aidy Tificate
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
Oliver Mueller
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
ForgeRock
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
Marco Morana
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
Mika Koivisto
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Ajit Dadresa
 

Recommandé

Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
Mike Schwartz
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
 
SSO introduction
SSO introductionSSO introduction
SSO introduction
Aidy Tificate
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
Oliver Mueller
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
ForgeRock
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
Marco Morana
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
Mika Koivisto
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Ajit Dadresa
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)
Prof. Jacques Folon (Ph.D)
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ON
Shambhavi Sahay
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
ForgeRock
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
Amazon Web Services
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Jack Forbes
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol Overview
Mike Schwartz
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
Jerod Brennen
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
OneLogin
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
Government Technology Exhibition and Conference
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best Practices
Salesforce Developers
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
Piyush Jain
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
Amazon Web Services
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
Ajit Dadresa
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Craig Dickson
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
Venkat Gattamaneni
 

Contenu connexe

Tendances

Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
OneLogin
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
Amazon Web Services
 

Tendances (20)

Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ON
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol Overview
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best Practices
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
 

En vedette

Sso cases Experience
Sso cases ExperienceSso cases Experience
Sso cases Experience
Vu Tran 14
 
Build Secure IoT Solutions Using... Blockchain - Geeta Chauhan
Build Secure IoT Solutions Using... Blockchain - Geeta ChauhanBuild Secure IoT Solutions Using... Blockchain - Geeta Chauhan
Build Secure IoT Solutions Using... Blockchain - Geeta Chauhan
WithTheBest
 
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security WebinarData-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data Blueprint
 
Afterwork Blockchain : la prochaine technologie disruptive ?
Afterwork Blockchain : la prochaine technologie disruptive ?Afterwork Blockchain : la prochaine technologie disruptive ?
Afterwork Blockchain : la prochaine technologie disruptive ?
OCTO Technology Suisse
 
Company and Market Overview
Company and Market OverviewCompany and Market Overview
Company and Market Overview
Okta-Inc
 

En vedette (19)

Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
 
Single Sign-On (SSO) for Cloud Based Applications
Single Sign-On (SSO) for Cloud Based ApplicationsSingle Sign-On (SSO) for Cloud Based Applications
Single Sign-On (SSO) for Cloud Based Applications
 
Sso cases Experience
Sso cases ExperienceSso cases Experience
Sso cases Experience
 
Single Sign on e OpenID
Single Sign on e OpenIDSingle Sign on e OpenID
Single Sign on e OpenID
 
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
Smart Gateways, Blockchain and the Internet of Things (Charalampos Doukas-Cre...
 
Build Secure IoT Solutions Using... Blockchain - Geeta Chauhan
Build Secure IoT Solutions Using... Blockchain - Geeta ChauhanBuild Secure IoT Solutions Using... Blockchain - Geeta Chauhan
Build Secure IoT Solutions Using... Blockchain - Geeta Chauhan
 
CIO Executive breakfast session - box - okta
CIO Executive breakfast session - box - oktaCIO Executive breakfast session - box - okta
CIO Executive breakfast session - box - okta
 
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security WebinarData-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security Webinar
 
Single sign on
Single sign onSingle sign on
Single sign on
 
SSO - SIngle Sign On
SSO - SIngle Sign OnSSO - SIngle Sign On
SSO - SIngle Sign On
 
Secure IoT with Blockchain: Fad or Reality? [BOF5490]
Secure IoT with Blockchain: Fad or Reality? [BOF5490]Secure IoT with Blockchain: Fad or Reality? [BOF5490]
Secure IoT with Blockchain: Fad or Reality? [BOF5490]
 
Afterwork Blockchain : la prochaine technologie disruptive ?
Afterwork Blockchain : la prochaine technologie disruptive ?Afterwork Blockchain : la prochaine technologie disruptive ?
Afterwork Blockchain : la prochaine technologie disruptive ?
 
Company and Market Overview
Company and Market OverviewCompany and Market Overview
Company and Market Overview
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
A Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnA Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign On
 
How Okta Created a Customer Community To Drive Engagement and Manage Support ...
How Okta Created a Customer Community To Drive Engagement and Manage Support ...How Okta Created a Customer Community To Drive Engagement and Manage Support ...
How Okta Created a Customer Community To Drive Engagement and Manage Support ...
 
Ahp calculations
Ahp calculationsAhp calculations
Ahp calculations
 
Radiografía de un bibliotecario innovador
Radiografía de un bibliotecario innovadorRadiografía de un bibliotecario innovador
Radiografía de un bibliotecario innovador
 

Similaire à Single sign on (SSO) How does your company apply?

Oracle 4월 20일
Oracle 4월 20일Oracle 4월 20일
Oracle 4월 20일
Cana Ko
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
Kai Wähner
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
Roger CARHUATOCTO
 
Concurrency Technology Roadmap
Concurrency Technology Roadmap Concurrency Technology Roadmap
Concurrency Technology Roadmap
Concurrency, Inc.
 

Similaire à Single sign on (SSO) How does your company apply? (20)

Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
 
Path Maker Security Presentation
Path Maker Security PresentationPath Maker Security Presentation
Path Maker Security Presentation
 
What is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign OnWhat is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign On
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
The Ball Launch on 2013 Microsoft TechDays Part 1/2
The Ball Launch on 2013 Microsoft TechDays Part 1/2The Ball Launch on 2013 Microsoft TechDays Part 1/2
The Ball Launch on 2013 Microsoft TechDays Part 1/2
 
Oracle 4월 20일
Oracle 4월 20일Oracle 4월 20일
Oracle 4월 20일
 
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONIAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
 
Exploiting Critical Attack Vectors to Gain Control of SAP Systems
Exploiting Critical Attack Vectors to Gain Control of SAP SystemsExploiting Critical Attack Vectors to Gain Control of SAP Systems
Exploiting Critical Attack Vectors to Gain Control of SAP Systems
 
Resume somnath sinha
Resume somnath sinhaResume somnath sinha
Resume somnath sinha
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public Safety
 
SalesLogix Roadmap 2008 11 01
SalesLogix Roadmap 2008 11 01SalesLogix Roadmap 2008 11 01
SalesLogix Roadmap 2008 11 01
 
How Oracle Digital Assistants / ChatBots can revolutionize your Oracle Legacy...
How Oracle Digital Assistants / ChatBots can revolutionize your Oracle Legacy...How Oracle Digital Assistants / ChatBots can revolutionize your Oracle Legacy...
How Oracle Digital Assistants / ChatBots can revolutionize your Oracle Legacy...
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
ALTITUDE 2019 | Enabling Productivity with Agile Security
ALTITUDE 2019 | Enabling Productivity with Agile SecurityALTITUDE 2019 | Enabling Productivity with Agile Security
ALTITUDE 2019 | Enabling Productivity with Agile Security
 
Concurrency Technology Roadmap
Concurrency Technology Roadmap Concurrency Technology Roadmap
Concurrency Technology Roadmap
 
Achieve quick wins in your organization with Power Automate
Achieve quick wins in your organization with Power AutomateAchieve quick wins in your organization with Power Automate
Achieve quick wins in your organization with Power Automate
 
BA Resume
BA ResumeBA Resume
BA Resume
 
Keynote Speaker James Staten, Microsoft
Keynote Speaker James Staten, Microsoft Keynote Speaker James Staten, Microsoft
Keynote Speaker James Staten, Microsoft
 

Single sign on (SSO) How does your company apply?

  • 1. Single Sign On (SSO) How does your company apply? Do Duy Trung
  • 3. Agenda - Overview - What? Why? Where? Which? How? - Q&A
  • 4. IdM, AIM (Access & Identity Management)
  • 5. Computing Troika Cloud Computing Social Computing Mobile Computing
  • 7. ???
  • 8. What is SSO? A session/user authentication process in order to access multiple services/apps → Eliminates login prompts during a particular session. → Reduced Sign On (RSO)
  • 9. Adv - uniform AaA policies - audit session - not have to understand - desk cost savings Dis-adv - single point of enterprise failure - data integrity
  • 11. User Account Manager OR SSO Product Protocol? Token?
  • 12. Concepts & Protocols? SAML 2.0 OpenID Connect Others Description - Most widely adopted standard for Web SSO. - XML based. - Most promissing successor to SAML. - JSON based - A profile of OAuth 2. - Promises better support for mobile. - Earlier protocols that are still in use should be deprecated. - Cookie based (LtpaToken, LtpaToken2,...) Relavant jargon - Identity Provider (IdP) - Service Provider (SP) - Attributes - SP Metadata - OpenID Provider (OP) - Relying Party (RP) - User claims - Client Claims Kerberos, RADIUS, LDAP, WS-*, OpenID 2, CAS
  • 13. Perform where? SP initiated SSO IdP initiated SSO
  • 16. Store where? - AD - OpenLDAP - Realm - Database
  • 17. Classification - ESSO (Enterprise SSO) - WSSO (Web SSO) - Cloud SSO - Federated SSO
  • 18. Classification (cont…) - Cookie based SSO - Token based SSO (XML, JSON) - MVF (multi value factor) authentication
  • 19. Which products? SaaS Okta, OneLogin, Stormpath, Symplified - No root access to the server. If there's a security breach, it affects everyone - Per user or per application pricing can become costly Open Source Gluu, ForgeRock, CAS, Indepedent integrators and consulting shops - Expensive to design and build - High cost of care and feeding - Hard to support new app integrations Enterprise Software Oracle Access Manager, CA SiteMinder, IBM Tivoli Access Manager, RSA Cleartrust, Microsoft ADFS, Ping Federate,... - Expensive license fees - Vendor lock-in
  • 20.
  • 21. How to do? - Ask yourself? - Ask your organisation? - Ask your customer? - Ask your partner? - Ask your producer?
  • 22. Steps for Effective SSO Deployments Step 1. Get power users and executive sponsorship Step 2. Establish deployment goals and priorities Step 3. Understand end user resistance to change Step 4. Include the right people and resources in the project Step 5. Train people at all phases Step 6. Test thoroughly Step 7. Market the solution
  • 24.
  • 25. Q&A
  • 26. Thank you very much!
  • 27. References - http://en.wikipedia.org/wiki/Single_sign-on - http://www.opengroup.org/security/sso/sso_intro.htm - http://searchsecurity.techtarget.com/definition/single-sign-on - http://www.authenticationworld.com/Single-Sign-On-Authentication/ - http://www.giac.org/paper/gsec/3618/single-sign-concepts-protocols/105876 - http://www.slideshare.net/gluu/sso-101 - http://qualtrics.com/wp-content/uploads/2013/05/SSO-Single-Sign-On-Specification.pdf - http://mauriziostorani.wordpress.com/2008/07/21/single-sign-on-sso-concepts-methods-and-frameworks/ - https://www.imprivata.com/customer-success/best-practices/7-steps-for-effective-sso-deployments - http://www.juniper.net/techpubs/en_US/sa8.0/topics/example/example-simple/secure-access-saml-cloud-googleapps.html - http://www.authenticationworld.com/Single-Sign-On-Authentication/101ThingsToKnowAboutSingleSignOn.pdf - http://www.timberlinetechnologies.com/products/sso.html
  • 28. References - http://www.giac.org/paper/gsec/3618/single-sign-concepts-protocols/105876 - http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO - http://technet.microsoft.com/en-us/library/cc727987(v=ws.10).aspx - http://mauriziostorani.wordpress.com/2008/07/21/single-sign-on-sso-concepts-methods-and-frameworks/ - https://wiki.developerforce.com/page/Implementing_Single_Sign-On_Across_Multiple_Organizations - http://www.juniper.net/techpubs/en_US/sa8.0/topics/example/example-simple/secure-access-saml-cloud-googleapps.html - http://blog.empowerid.com/top-5-federated-single-sign-on-sso-scenarios?&__hssc=&__hstc&hsCtaTracking=a388cefe- 1353-4d80-8702-15118a0712c2%7C55b814cc-7c33-4574-baa4-978c98fc8485