Embed Size (px)
Citation preview
World®’16
WAMandFederation:TwoGreatTastesThatTasteGreatTogetherAaronBerman– WWVP,SingleSign-on&DirectorySolutionsCATechnologies
SCT44T
SECURITY
1 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
WAM&Federation:TwoGreatTastesthatTasteGreatTogether
Choosingtherightapproachtomeetyourneedsiscritical.Choosingthe
wrongapproachcancauseproblemslikeincreasedintegrationcostsand
projectdelays.Learnaboutthedifferencesbetweenfederatedmodels
andPEP/PDPaccessmanagementmodelsforsessionsecurityand
userexperience.
AaronBermanCATechnologiesWWVP,SingleSign-On&DirectorySolutions
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SingleSign-onCanMeanManyDifferentThings
§ Gettinganidentity fromoneapplicationtoanother§ Maintainingasecuresessionacrossmultipleapplications§ Onlyallowingthecorrect usersaccess§ Security controlsforthesession§ Knowingwhatactions usersaredoing§ URLfilteringtokeepbadrequestsout
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TwoApproachestoMeetDifferentNeeds
§ Policyenforcementpointstointerceptandexamineeachrequest
§ Sharedsessionacrossmultipleapplications
WEBACCESSMANAGEMENT
§ Identitypassedfromidentityprovidertoapplications
§ ClaimsapproachtoSSO
§ Applicationremainsincontrolofownsecuritypolicies
OPENSTANDARDS
TIGHTLYCOUPLED LOOSELYCOUPLED
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ChoosingtheWrongApproachCanCauseProblems
§ Increasedintegrationcosts
§ Useofworkaroundstomeetrequirements
§ Customization
§ ProjectDelays
Imagetakenfromhttps://hikingartist.com/thrive/nail-screw/
Choosingtherightapproach tomeetyourneedsiscritical
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
DecisionGuidelines
§ OnPremiseorPaaSapplications
§ Simplecrossapplicationlinking
§ Enforcementofuserauthorization
§ Audit/Timeout/SessionSecurity
WEBACCESSMANAGEMENT
§ ThirdPartysites
§ Applicationshaveanativeintegration
§ Remotelocations
§ Onlyconcernedwithpassingidentity
OPENSTANDARDS
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SAML
SSOApproachesCanbeCombined…SAMLtoanInternalApplicationWhileMaintainingURLFiltering
EndUser SSOGateway
SSOSession Applicationsession
Application
SessionLinker
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
OAUTH
…andIntegratedInboundSocialSign-onDataPassedtoApplicationsWithoutAccountCreation
EndUser SSOGateway
SocialMedia
Application2
Application1SSO
CADirectorySessionStore
SSOPolicyServer
IdentityData
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CASingleSign-onOffersBothOptions
Unlimitedwebserveragents
Unlimitedgateways
UnlimitedstandardsbasedSSOforalllicensedusers
CASingleSign-OnFeatures
DeployingasinglesolutionforallSSOneedsreducesITspendandIntegrationcosts
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Summary
Choose therightapproachtomeetyourbusiness
needs
WAMandOpenStandardsdonotcontradict theycompliment
CombineWAM andOpenstandardstogether
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
RecommendedSessions
SESSION# TITLE DATE/TIME
SCT915 DataBreachDigest,JohnGrimm 11/16/2016at12:45pm
SCT45T HowFastIsYourDirectory? 11/16/2016at4:30pm
SCX205 CASSO,AARoadmap 11/18/2016at1:45pm
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Don’tMissOurINTERACTIVESecurityDemoExperience!
SNEAKPEEK!
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
@CAWORLD#CAWORLD ©2016CA.AllRIGHTSRESERVED.13 @CAWORLD#CAWORLD
Security
FormoreinformationonSecurity,pleasevisit:http://cainc.to/EtfYyw
