Open Identity Summit
Federation in practice
Víctor Aké OpenAM Product Manager ForgeRock
Open Identity Summit
Applications and data within the firewall perimeter Users within the enterprise Difficult to roll out new services
OLD ACCESS CONTROL
Open Identity Summit
Hanseatic League (Hansa) Trade Confederation Centuries 13th – 17th
Trading outside the walls Secure Membership agreement Follow protocol
Open Identity Summit
Partners
Outsourcing
Suppliers
Customers
Information, services and users outside the fireWALL
Open Identity Summit
FEDERATION Federalism is a political concept in which a group of members are bound together by covenant (Latin: foedus, covenant*) with a governing representative head.
*Agreement
Open Identity Summit
SChengen Area
It is a group of 26 European countries that have abolished passport and immigration controls at their common borders.
! Present your security token at the entrance
! Travel seamlessly within the area
Open Identity Summit
Partners
Outsourcing
Suppliers
Customers
Commercial Applications
In-house dev applications
Legacy applications
Directory
Databases
Active Directory
Enterprise
FEDERATED IDENTITY
Is the means of linking a person´s electronic identity and attributes, stored across multiple distinct identity management systems
Open Identity Summit
Benefits of Federated identity Provides Single Sign On for an enhanced user experience
Share information across partners securely and privately
Promote adoption of new services
Reduces costs
Cloud friendly
Mobile friendly
Open Identity Summit
Identity Federation Standards
SAML 2.0 Ws-federation ID-FF
Open Identity Summit
Identity Provider, Asserting PARTY, IdP
Service Provider, Relaying party,
Consumer, SP
Circle of Trust
Service Provider, Relaying party,
Consumer, SP
Agreements principal
Authenticate Obtain Token
Present token Access resource
Identity Federation actors
Open Identity Summit
! Enterprise connected to Cloud SaaS, partners, suppliers, etc
! Customers using social authentication
SaaS
Private Cloud
Social
Partners Outsourcing
Suppliers
Commercial Applications
In-house dev applications
Legacy applications
Directory
Databases
Active Directory
Use cases
Open Identity Summit
! SaaS/IDaas Providing services to Enterprises
! Social authentication to SaaS and IDaaS
Multi-tenant IdP
Multi-tenant SP
IDaas
SaaS
Social
Commercial Applications
In-house dev applications
Legacy applications
Directory
Databases
Active Directory
Use cases
Open Identity Summit
Web App
Native App
Native App
Web App
Login App
RE
ST/
OA
uth2
/Ope
nID
Con
nect
Authentication
Authorization
Attribute Delivery
Federation
SSO
Token Persistence
Session Mgmt
OAuth2 Provider
OpenAM
Cloud
Enterprise
Use cases
Open Identity Summit
SP to IdP Mesh
IdP$
IdP$
IdP$
IdP$
SP$
SP$
SP$
Open Identity Summit
IdP Proxy
IdP$
IdP$
IdP$
IdP$
SP$
SP$
SP$IdP
Proxy
Open Identity Summit
Federation is more than SSO SAML 2.0
IdP, SP, IdP Proxy, Attribute Query Provider, Attribute Authority, Authentication Authority, XACML PEP, XACML PDP
WS-Federation IdP, SP
ID-FF IdP, SP
OAuth 2.0 RESTful Authorization protocol
Open Identity Summit
OpenAM + family Openam Full blown Federation OpenAM Fedlet
Lightweight SAML 2.0 SP OpenIG and Fedlet
Powerful combination of integration and SAML 2.0
Open Identity Summit
Walkthrough on how to configure OpenAM to achieve SSO to GoogleApps & SalesForce using SAML2
Open Identity Summit
IDP
SP SP
Circle of Trust
SSO to Google apps and salesforce
demo.openam.org
Q & A
Víctor Aké OpenAM Product Manager ForgeRock
Thanks !