SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

Slides:

Advertisements

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Advertisements

22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.

SearchSearch User Profiles SearchSearchExcelExcelUserProfilesUserProfiles Managed Metadata.

FI-WARE Testbed Access Control temporary solution.

Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.

Prabath Siriwardena | Johann Nallathamby.

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

WSO2 Identity Server Road Map

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Single Sign-On for Java Web Start Applications Using MyProxy Terry Fleury, Jim Basney, and Von Welch November 3, 2006.

Architecting a Complete Solution for the Cloud Economy Delivering Standards-Based Access Control Marc Chanliau Oracle Identity Management Bernard Diwakar.

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Fraser Technical Solutions, LLC

SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.

SharePoint Design Tools Office Applications.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

TAM STE Series 2008 © 2008 IBM Corporation WebSEAL SSO, Session 108/2008 TAM STE Series WebSEAL SSO, Session 1 Presented by: Andrew Quap.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

Copyright ©2012 Ping Identity Corporation. All rights reserved.1.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Identity on Force.com & Benefits of SSO Nick Simha.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.

Module 11: Securing a Microsoft ASP.NET Web Application.

SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.

All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October

Cloud Identity & Access Control Services Cloud Computing Soup to Nuts Mike Benkovich Microsoft Corporation btlod-74.

Satisfy Your Technical Curiosity 27, 28 & 29 March 2007 International Convention Center (ICC) Ghent, Belgium.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Web Services Security Patterns Alex Mackman CM Group Ltd

Securing Angular Apps Brian Noyes

Esri UC 2014 | Demo Theater | Using ArcGIS Online App Logins in Node.js James Tedrick.

Designing a Secure Extranet with Sharepoint Russ Basiura Principal Consultant RJB Technical Consulting

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

Secure Mobile Development with NetIQ Access Manager

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

#SummitNow Consuming OAuth Services in Alfresco Share Alfresco Summit 2013 Will Abson

Bob German Principal Architect Future-Proof your SharePoint Customizations: Build 2010 Solutions that become 2013 Apps.

AZURE AD Haishi DX, Agenda Basic concepts Exercise 1: Creating a new Azure AD tenant and a new user Exercise 2: Enable web app Azure AD authentication.

Azure Active Directory is becoming one of, if not the, primary user identity management services for cloud applications. One of Azure Active Directory's.

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

Web Application Security + OAuth2 NWEN 304: Advanced Network Applications.

Ask the Experts – Building Login-Based Sites in AEM

Azure Active Directory - Business 2 Consumer

Consuming OAuth Services in Alfresco Share

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

Introduction to Windows Azure AppFabric

Migrating SharePoint Add-ins from Azure ACS to Azure AD

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Azure AD Line Of Business Application Integration

Agenda OAuth Concepts Programming OAuth.

SharePoint Online Authentication Patterns

Kim Chen Faculty Mentors: Dr. Pamela Wisniewski and Dr. Damla Turgut

Office 365 Development.

Presentation transcript:

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com

2 The Scenario Outlook Browser Mobile

3 Key Considerations  Must be Seamless  No Impacts to the intended Functionality  Focus on Usability  Comply with Security Standards –User credentials cannot be stored in any applications  Reusability wherever possible  Allow for Scalability

4 SSO Mechanisms  DA –SF Legacy way to accomplish SSO –Customers have to build a Web Service that will authenticate requests that are delegated by SF –User Profiles need to be enabled for SSO –Delegated Authentication configuration to point to the Delegated Authentication Web Service hosted by the customer  SAML –SAML is a technology that enables SSO between two disparate systems (Web and Desktop) –SF supports SAML 1.1 and SAML 2.0 Support since Summer ’08 –Supports browser post profiles –Cannot be used to accomplish SSO for desktop/ outlook/ mobile clients (DA/ OAuth2 is a better alternative)  OAuth –Open standard for authorization (OAuth!) –Stop the password anti-pattern –Explicit grant of permission by user The Valet key concept –Credential is per-service-provider Revokable without changing password –Browser based authentication for rich clients Make it possible to participate in SSO

5 The Browser Scenario Browser Identity Provider (Corporate Portal) 3. Post SAML 4. User Session 1. User Request 2. Validate and Generate SAML Token

6 The Outlook Scenario Outlook Identity Provider User Session Intermediary Service SAML Token DA Service True/ False User Credentials (context based) SAML Token (Login API) DA Redirect

7 The Mobile Scenario Mobile NT Authentication Services NT Login Credentials DA Service True/ False DA Redirect User Session

8 Summary  Been in production for 2 years  Supports 20 K users