An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.

Slides:



Advertisements
Similar presentations
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Advertisements

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Secure Lync mobile Authentication
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
DT211/3 Internet Application Development Active Server Pages & IIS Web server.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Week 2 IBS 685. Static Page Architecture The user requests the page by typing a URL in a browser The Browser requests the page from the Web Server The.
NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Session 11: Security with ASP.NET
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Microsoft Office Communicator A General Introduction.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.
Integrating with UCSF’s Shibboleth system
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
ACCESSING BusinessPLUS SOFTWARE LINK. Accessing Business Software (Bi-Tech) Link Click: Directory Select: Department Directory ACCESSING BUSINESS SOFTWARE.
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
Computer Emergency Notification System (CENS)
Shibboleth at the U of M Christopher A. Bongaarts code-people June 2, 2011.
Single Sign-On
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Module 11: Securing a Microsoft ASP.NET Web Application.
Integrating and Troubleshooting Citrix Access Gateway.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.
Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
1 ACTIVATION OF THE ST ScI ELECTRONIC GRANTS MANAGEMENT SYSTEM BY INSTITUTIONAL AUTHORIZING OFFICIALS January, 2001.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Welcome to the 5 Simple Steps…
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
TOPIC: AUTHENTICITY CREATED BY SWAPNIL SAHOO AuthenticityAuthorisation Access Control Basic Authentication Apache BASIC AUTHENTICATIONDIGEST ACCESS AUTHENTICATIONDHCP.
MassHealth Medicaid Management Information System (MMIS) Provider Online Service Center (POSC) Technical Upgrade January 13, 2016.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH.
CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,
Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.
© 2014 IBM Corporation Mobile Customization & Administration IBM Connections 5.0 Workshop Author: Paul Godby IBM Ecosystem Development Duration: 30 minutes.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
IT Services Shibboleth Single Sign-On overview. Overview What/where/why? The UK-Federation/Registration Terminology Configuration Protecting Content Benefits.
Using Your Own Authentication System with ArcGIS Online
INFORMATION TECHNOLOGY NEW USER ORIENTATION
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
CAS and Web Single Sign-on at UConn
Data and Applications Security Developments and Directions
Database Driven Websites
Configuring Internet-related services
INFORMATION TECHNOLOGY NEW USER ORIENTATION
INFORMATION TECHNOLOGY NEW USER ORIENTATION
Presentation transcript:

An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications

Welcome to abc.nih.gov Please Log In Username Password Welcome to ghi.nih.gov Please Log In Username Password GHI’s DB ABC’s DB Welcome to def.nih.gov Please Log In Username Password DEF’s DB

 Under a non-SSO enabled architecture, users must log in to each application or website each time they visit. Logging in to one site does not provide access to others. Welcome to xyz.nih.gov Please Log In Username Password XYZ’s DB Welcome to abc.nih.gov Please Log In Username Password ABC’s DB

 NIH Login ◦ NIH AD and NIH External user name password ◦ HHS issued Personal Identification Verification (PIV) smart card ◦ eRA Commons OID user name password  Federation ◦ InCommon federation credentials  ◦ OpenID Foundation 

 Using NIH Login, users can login once to be granted access to any SSO-enabled application within NIH.

 Applications are no longer required to perform authentication procedures  Users are authenticated by NIH AD, NIH Ext, and eRA Commons.  Login information is passed to the application from NIH Login via HTTP headers Welcome Please Log In Username Password XYZ’s DB Homepage Welcome, Authenticated User!

 As long as the visitor continues using the browser window through which he or she logged in (or a child window), all SSO-enabled applications for which the user is authorized may be accessed. Welcome Please Log In Userna me Passw ord XY Z’s DB App. #1 Welcome Please Log In Userna me Passw ord XY Z’s DB App. #2 Welcome Please Log In Userna me Passw ord XY Z’s DB App. #3 Welcome Please Log In Userna me Passw ord DB App. #4 Welcome

 NIH Login uses CA SiteMinder software  Upon receiving a request, the client web server invokes the web agent.  The web agent checks with the policy server to see whether the site is protected by NIH Login or federation.  If the site is protected and the user is not yet authenticated, the NIH Login or federation screen is shown and login is required Webserver Web Agent Policy Server AD Client SideNIH Login AD

 Using the federation components of NIH Login, external users can be granted access to web applications within NIH using their “home” credentials.

 Applications are no longer required to authenticate and provision external users locally.  Users are authenticated using standards-based assertions/tokens (SAML, OpenID, WS-Federation, etc).  User authentication attributes are passed to the application via HTTP headers Welcome Please Log In Username Password XYZ’s DB Homepage Welcome, Authenticated User!

 Federation also uses CA SiteMinder software  Upon receiving a request, the client web server invokes the web agent.  The web agent checks with the policy server to see whether the site is protected by federation.  If the site is protected and the user is not yet authenticated, the federation screen is shown and the user chooses their “home” organization.  After the user authenticates at their “home” organization, they are returned to their requested NIH application. Web Server Web Agent Policy Server Client Side NIH Login w/ Federation Home Org Home Org Selector Identity Provider

 NIH Login will perform the necessary authentication procedures to verify the credentials of the user  NIH Login can also perform basic authorization ◦ Authorization is based on active directory groups ◦ Groups must exist or be created in the NIH AD for NIH Login and LDAP_ALL for federation

 Your part: In order to use NIH Login, the application’s web server must run an executable known as a web agent. The web agent is available for various operating systems including Windows, Solaris and Linux. The simple installation/configuration process may be performed by your team or by a member of the NIH Login team if granted access to the server.  Our part: The NIH Login team must first configure the NIH Login policy server to expect connections from the web agent. We will then send you technical information to allow you to connect your web agent to the policy server.  Application owners or technical contacts should provide operating system and web server information to the NIH Login team via the NIH Login Request Form (see contact information below for requests).

 Applications integrating with NIH Login will need to remove their existing login procedures. This includes: ◦ Altering HTML to remove login screen ◦ Changing code (e.g. ASP, JSP, ColdFusion) to receive HTTP header information from NIH Login  Values include username, full name, , etc.  These values can be used to populate data that is needed by the application ◦ Using the information received to proceed with your application’s tasks  Code change requirements are usually minimal

 For more information, please contact: ◦ Jeff Erickson – ◦ NIH Login support group –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.