Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I.

Slides:

Advertisements

Similar presentations

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.

Advertisements

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.

SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Lecture 23 Internet Authentication Applications

Grid Security. Typical Grid Scenario Users Resources.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

© 2004 Mobile VCE June 2004 Security – Requirements and approaches to securing future mobile services Malcolm K Payne BT.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Authentication via campus single sign-on 2012 VIVO Implementation Fest.

Web services security I

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Identity on Force.com & Benefits of SSO Nick Simha.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Identity Management 20/01/2005 Abhai Chaudhary. Facts Today, many organizations routinely create and manage user identities and access privileges in 25.

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.

Module 9: Fundamentals of Securing Network Communication.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Shibboleth: An Introduction

Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.

1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell.

Qaforum Security Structure. What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.

ITI-510 Computer Networks ITI 510 – Computer Networks Meeting 6 Rutgers University Center for Applied Computer Technologies Instructor: Chris Uriarte.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

- A. Celesti et al University of Messina, Italy Enhanced Cloud Architectures to Enable Cross-Federation Presented by Sanketh Beerabbi University of Central.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.

Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

F5 APM & Security Assertion Markup Language ‘sam-el’

Project Moonshot Daniel Kouřil EGI Technical Forum

General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.

Access Policy - Federation March 23, 2016

Secure Connected Infrastructure

Secure Single Sign-On Across Security Domains

Stop Those Prying Eyes Getting to Your Data

Data and Applications Security Developments and Directions

Computer Data Security & Privacy

Jim Fawcett CSE686 – Internet Programming Summer 2005

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Introduction to Networking

Server-to-Client Remote Access and DirectAccess

Enterprise Service Bus (ESB) (Chapter 9)

NAAS 2.0 Features and Enhancements

Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.

Computer Network Information Center, Chinese Academy of Sciences

Presentation transcript:

Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I

Contents:  Introduction  Working Structure  Features  Applications

3 Why do we need SSO ? Current Situation: Network users interact with multiple service providers.

SSO:  A mechanism that allows users to authenticate themselves only once, and then log into multiple service providers, without necessarily having to re-authenticate.  Authentication Service Provider (ASP).  Service providers are aware of the ASP:  establish explicit trust relations, policies, contracts and supporting security infrastructure (e.g. PKI).  ASP is either a trusted third party or part of the user system (requires tamper-resistant hardware, e.g. smartcard, TPM).

5 General SSO Protocol Typical Information Flow } Repeated as necessary

Types of SSO:  Password Synchronization SecurePassSAM, Pass Synch  Legacy SSO Novell’s Secure Login & Microsoft Windows Server  Web Access Management (WAM) RSA  Cross Domain SSO OpenSSO, CAS  Federated SSO Facebook Connect, Google

Novell SecureLogin

Oblix (Oracle)

SAML:  1.The service provider received the client request, and it sent the request to Identity provider to do the client authentication.  2.Identity provider authenticate the client, create the assertion, and pass it back to the service provider. SAML assertions can be add a SOAP Header blocks, and pass by the HTTP protocol

Request from the Service provider  Here, a sample SAML-compliant request is sent from a service provider requesting password authentication by the identity provider.

Response from the Identity provider  In response, the issuing authority asserts that the subject (S) was authenticated by means (M) at time (T).

Advantages  Reduced operational cost  Reduced time to access data  Improved user experience, no password lists to carry  Advanced security to systems  Strong authentication  One Time Password devices  Smartcards  Ease burden on developers  Centralized management of users, roles  Fine grained auditing  Effective compliance (SOX, HIPPA)

References: 1) “OWASP, SanAntonio SingleSignOn” , Vijay Kumar, CISSP. 2) “Using EMV cards for Single Sign-On” 1 st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell 3) 4) 5) 6) 7) 8) Microsoft.Net Passport Review Guide 9) Telling Humans and Computers Apart Automatically 10) XADM: How Secure Sockets Layer Works Microsoft.com