Federation in Practice

Open Identity Summit

Federation in practice

Víctor Aké OpenAM Product Manager ForgeRock


Applications and data within the firewall perimeter Users within the enterprise Difficult to roll out new services

OLD ACCESS CONTROL


Hanseatic League (Hansa) Trade Confederation Centuries 13th – 17th

Trading outside the walls Secure Membership agreement Follow protocol


Partners

Outsourcing

Suppliers

Customers

Information, services and users outside the fireWALL


FEDERATION Federalism is a political concept in which a group of members are bound together by covenant (Latin: foedus, covenant*) with a governing representative head.

*Agreement


SChengen Area

It is a group of 26 European countries that have abolished passport and immigration controls at their common borders.

!  Present your security token at the entrance

!  Travel seamlessly within the area


Partners

Outsourcing

Suppliers

Customers

Commercial Applications

In-house dev applications

Legacy applications

Directory

Databases

Active Directory

Enterprise

FEDERATED IDENTITY

Is the means of linking a person´s electronic identity and attributes, stored across multiple distinct identity management systems


Benefits of Federated identity Provides Single Sign On for an enhanced user experience

Share information across partners securely and privately

Promote adoption of new services

Reduces costs

Cloud friendly

Mobile friendly


Identity Federation Standards

SAML 2.0 Ws-federation ID-FF


Identity Provider, Asserting PARTY, IdP

Service Provider, Relaying party,

Consumer, SP

Circle of Trust

Service Provider, Relaying party,

Consumer, SP

Agreements principal

Authenticate Obtain Token

Present token Access resource

Identity Federation actors


! Enterprise connected to Cloud SaaS, partners, suppliers, etc

! Customers using social authentication

SaaS

Private Cloud

Social

Partners Outsourcing

Suppliers



Legacy applications

Directory

Databases

Active Directory

Use cases


! SaaS/IDaas Providing services to Enterprises

! Social authentication to SaaS and IDaaS

Multi-tenant IdP

Multi-tenant SP

IDaas

SaaS

Social



Legacy applications

Directory

Databases

Active Directory

Use cases


Web App

Native App

Native App

Web App

Login App

RE

ST/

OA

uth2

/Ope

nID

Con

nect

Authentication

Authorization

Attribute Delivery

Federation

SSO

Token Persistence

Session Mgmt

OAuth2 Provider

OpenAM

Cloud

Enterprise

Use cases


SP to IdP Mesh

IdP$

IdP$

IdP$

IdP$

SP$

SP$

SP$


IdP Proxy

IdP$

IdP$

IdP$

IdP$

SP$

SP$

SP$IdP

Proxy


Federation is more than SSO SAML 2.0

IdP, SP, IdP Proxy, Attribute Query Provider, Attribute Authority, Authentication Authority, XACML PEP, XACML PDP

WS-Federation IdP, SP

ID-FF IdP, SP

OAuth 2.0 RESTful Authorization protocol


OpenAM + family Openam Full blown Federation OpenAM Fedlet

Lightweight SAML 2.0 SP OpenIG and Fedlet

Powerful combination of integration and SAML 2.0


Walkthrough on how to configure OpenAM to achieve SSO to GoogleApps & SalesForce using SAML2


IDP

SP SP

Circle of Trust

SSO to Google apps and salesforce

demo.openam.org

Q & A

Víctor Aké OpenAM Product Manager ForgeRock

Thanks !

Technology

Federation in Practice