The 7th National Conference on Computing and Information Technology. A Web-based Single Sign-on (SSO) using SAML 2.0
|
|
- ป้อง บุตโต
- 8 years ago
- Views:
Transcription
1 ก ก ก SAML 2.0 A Web-based Single Sign-on (SSO) using SAML 2.0 (Tatchai Russameroj) 1 (Pornchai Mongkolnam) 2 ก ก ก (Kriengkrai Porkaew) 3 1, 2, 3 ก tum010@hotmail.com 1, pornchai@sit.kmutt.ac.th 2, porkaew@sit.kmutt.ac.th 3 ก ก ก ก (Web-based Applications) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก Security Assertion Markup Language 2.0 (SAML 2.0) ก ก ก ก ก (Single Signon) :,,, ก, Abstract At present, the Information System (IS) is a vital component to sharing information with users of Webbased applications. When exchanging information between a user and some services, the system has to go through raw data and transfer them into essential information. This information must be secure. Hence, authentication becomes the main concern when there are many users. Working from one system to another, users tend to have difficulties with recognizing their own account names and passwords, Even though they use the same account name in different environments, they still need to reenter the password each time. This paper introduces the theory of Security Assertion Markup Language 2.0 (SAML 2.0) to help describe and develop the system of authentication that will maintain the security of identification through the Single Sign-on (SSO) authentication. Keyword: Security, SAML, SSO, Authentication, Web 1. ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Logon) ก ก ก ก ก ก ก ก ก, ก ก ก ก ก ก ก ก ก ก ก ก Single Sign-on (SSO) ก ก ก ก Security Assertion Markup Language 2.0 (SAML 2.0) ก -818-
2 2. ก 2.1 Single Sign-on ก SSO ก ก กก ก ก ก ก ก ก [1] ก ก ก (Shared Authentication Schemes) SSO ก ก ก SSO [1] OpenID [2] ก ก ก ก ก ก 2.2 Security Assertion Markup Language (SAML) SAML 2.0 ก ก OASIS ก ก XML ก ก ก ก ก (Security Domain) SAML ก ก XML Signature/Encryption ก SSL/TLS ก ก [3] ก 4 ก [4] SAML Assertions, SAML Protocols, SAML Bindings SAML Profiles SAML ก XML ก ก ก (Subject) ก ก ก ก ก ก ก (Assertion) 1 ก ก ก ก (Authentication Authority) ก ก (Authentication Authority) ก ก (Authentication Assertion) Attribute Authority ก ก ก ก ก ก ก ก (Authorization Authority) ก ก ก ก ก SAML Token ก PEP (Policy Enforcement Point) ก PEP ก ก ก SAML Token ก ก ก Token ก ก ก 1: SAML 2.3 ก G. Zhao, D. Zheng K. Chen [5] ก ก ก ก SSO ก ก ก ก ก ก ก Client/Server ก ก IP ก Client ก Server ก ก ก ก ก ก ก Clients Main Server R. Oppliger [6] ก ก Microsoft Passport ก Web SSO ก SSL/TLS ก ก D. P. Kormann A. D. Rubin [7] ก Microsoft Passport ก ก ก Kerberos ก ก ก ก C. Shiflett [8] Microsoft Passport -819-
3 A. Myllyniemi [9] ก ก ก Identity Management ก 3 ก Federated Identity Systems, Small-scale Identity Systems Proprietary Systems SAML ก ก Federated Identity Systems ก ก ก ก ก ก Trust Circles ก Identity Provider Service Provider ก ก ก S. H. Hussein [10] ก ก Single Sign-on ก Double SSO Identity-Based Signature (IBS) B. Pfitzmann M. Waidner [11] ก ก ก SSO ก The Liberty Alliance ก Token-based ก ก ก SSO [12] ก ก Internet/Intranet ก ก ก ก ก ก ก ก ก SSO ก ก ก ก ก ก ก ก ก ก SAML ก ก ก 3. ก ก ก ก ก SSO ก 3 ก User/User Agent (Web Browser) ก ก ก Transaction ก, Identity Provider (IdP) ก ก ก ก, Service Provider (SP) ก ก SP IdP ก ก SAML 2.0 ก [4] SAML Protocols 2 Authentication Request Protocol Single Logout Protocol SAML Bindings HTTP Redirect Binding (HTTP GET) HTTP POST Binding (HTTP POST) SAML Profiles Web Browser SSO Profile Single Logout Profile 3.1 ก ก ก [12] ก ก ก ก ก ก ก Authentication ก (Identity Provider) ก ก (Authorization) (Service Provider) ก ก Accounting ก ก ก ก ก ก 2 2: ก ก ก 3.2 Circle of Trust (COT) ก ก SP IdP ก SAML ก ก ก ก Metadata [13] Metadata ก ก ก ก X.509 Digital Signature 3.3 ก ก Single Sign-on (SSO) ก Web SSO ก SP (SP-Initiated) 3 {1} -820-
4 ก ก (SP) ก ก WebBrowser {2} {3} SP HTTP Redirect Binding ก Web Browser (HTTP Status [14] = 302) ก HTTP Header ก (URI) ( = SSO) SSO Service ก IdP Metadata ก ก 2 SAMLRequest RelayState RelayState ก SP ก Redirect ก กก ก SSO SAMLRequest ก กก DEFLATE Base64 ก ก ก ก ก XML <AuthnRequest> ( = AuthnReq) Query String ก URL-Encoding ก {4} IdP ก SP Web Browser ก Query String ก ก (Inflating) ก ก ก ก {5} {6} ก ก SP XHTML Form HTTP POST Binding Web Browser (HTTP Status [14] = 303) IdP ก ก (SAML Assertion) ก XML <Response> ( = Res) ก ก XHTML Form ก 2 SAMLResponse กก Base64 SAML Assertion RelayState ก ก XHTML Form ก Submit Assertion Consumer Service ( = ACS) ก SP Metadata SP XHTML Form ก ก ก ก ก {7} ก Redirect Relaystate ก ก ก Session ก ก ก ก ก SP Security Domain ก SP ก IdP ก ก ก SAML Assertion ก SP ก ก User Web Browser Service Provider Identity Provider {1} Attempt to Access Resource {2} Redirect (SSO, AuthnReq) {3} Request SSO Service {4} Identify the User (User Login) Receive at SSO {5} POST With XHTML Form (ACS, Res) {6} Request Assertion Consumer Service {7} Respond with Requested Resource Attempt to Access Resource Respond with Requested Resource SAML Protocol Messages Messages Outside Protocol Scope SSL/TLS Service Provider n 3: SP-Initiated Web SSO with Redirect/POST Binding 3.4 ก ก Single Log-out (SLO) ก ก ก SLO ก SP (SP-Initiated) 4 {1} ก IdP ก ก ก SP ก ก ก Session ก ก ก SLO SP SP1 SP1 ก Session {2} {3} SP1 HTTP Redirect Binding Web Browser HTTP Header ก URI ( =SLO) SLOService ก IdP Metadata ก ก 2 SAMLRequest RelayState SAMLRequest ก ก ก SSO 3.3 ก ก ก ก XML -821-
5 <LogoutRequest> ( = LogoutReq) Query String ก URL-Encoding ก {4} {5} IdP ก ก ก SP IdP ก ก ก ก SP SP2 ก ก {2} {3} SP2 ก ก ก IdP {6} {7} HTTP Redirect Binding URI ( = SLS) SLO Service ก IdP Metadata ก ก ก 2 SAMLReponse RelayState SAMLResponse ก ก XML <LogoutResponse> ( = LogoutRes) ก {8} {9} IdP ก ก SLO SP1 ก {6} {7} ก ก SP IdP ก ก ก SP ก ก (Local Host) 5: กก SSL Transaction ก ก SSO ก SSL (HTTPS) ก ก ก (HTTP) ก 3 {2} {3} SSL ก ก 5 (SSL) กก SSL ก 6: HTTP Redirect/POST Binding 4: SP-Initiated Single Log-out with Multiple SP 4. ก ก ก ก Web Browser HTTP กก ก ก SSO SLO HTTP HTTP Redirect Binding 3 {2} {3} HTTP 302 GET Query String ก SAMLRequest RelayState HTTP POST Binding
6 {5} {6} HTTP 303 POST ก ก ก Single Sign-on ก ก ก ก Web SSO ก SAML 2.0 ก ก ก ก ก ก ก SAML ก ก SSO ก ก ก Service Provider ก ก Identity Provider ก ก ก ก ก ก ก ก ก ก ก / ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก Local Logout ก ก SP IdP ก ก ก Discovery Service ก Data Source ก ก ก ก ก Twitter Facebook ก ก SAML 2.0 ก ก ก ก ก ก ก ก ก ก ก ก ก [1] Single Sign-on [2] OpenID [3] F. Hirsch et al., Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) [4] N. Ragouzis et al., Security Assertion Markup Language (SAML) V2.0 Technical Overview [5] G. Zhao, D. Zheng and K. Chen, Design of Single Sign- On E-Commerce Technology for Dynamic E-Business, pp , [6] R. Oppliger, Microsoft.Net Passport: A Security Analysis IEEE Computer Society, Computer, vol. 36, pp , [7] D. P. Kormann and A. D. Rubin, Risks of the Passport Single Signon Protocol The 9th international World Wide Web conference on Computer networks, [8] C. Shiflett, Passport Hacking [9] A. Myllyniemi, Identity Management Systems: A Comparison of Current Solutions [10] S. H. Hussein, Double SSO A Prudent and Lightweight SSO Scheme [11] B. Pfitzmann and M. Waidner, Analysis of Liberty Single-sign-on with Enabled Clients Internet Computing, IEEE, vol. 7, pp , [12], ก ก internet/intranet service ก ก 17 3 ก [13] S. Cantor et al., Metadata for the OASIS Security Assertion Markup Language (SAML) V [14] HTTP Status Codes
Lecture Notes for Advanced Web Security 2015
Lecture Notes for Advanced Web Security 2015 Part 6 Web Based Single Sign-On and Access Control Martin Hell 1 Introduction Letting users use information from one website on another website can in many
More informationHow to create a SP and a IDP which are visible across tenant space via Config files in IS
How to create a SP and a IDP which are visible across tenant space via Config files in IS This Documentation is explaining the way to create a SP and IDP which works are visible to all the tenant domains.
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationก ก API Two-factor Authentication by Web Application API and J2ME. Software ก ก. : Two-factor Authentication, One Time Password, Packet Sniffer
ก ก API J2ME Two-factor Authentication by Web Application API and J2ME Software 1 2 ก ก ก 41/20 ก 44150 : 0-4375-4322 2414 1 2 E-mail: c.pratchaya@msu.ac.th E-mail: somnuk.p@msu.ac.th ก ก ก Username/Password
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More information2015-11-30. Web Based Single Sign-On and Access Control
0--0 Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationSecuring Web Services With SAML
Carl A. Foster CS-5260 Research Project Securing Web Services With SAML Contents 1.0 Introduction... 2 2.0 What is SAML?... 2 3.0 History of SAML... 3 4.0 The Anatomy of SAML 2.0... 3 4.0.1- Assertion
More informationAnalysis of Liberty Single-Sign-on with Enabled Clients
Analysis of Liberty Single-Sign-on with Enabled Clients Channel-based enabled-client protocols, such as the Libertyenabled client and proxy profile, offer Web single-sign-on service; however, several security
More informationWeb Single Sign-On Systems
1 of 6 12/19/2007 5:15 PM Web Single Sign-On Systems Shakir James, scj1@cse.wustl.edu Abstract: Currently, many web applications require users to register for a new account. With the proliferation of web
More informationUsing SAML for Single Sign-On in the SOA Software Platform
Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software
More informationPARTNER INTEGRATION GUIDE. Edition 1.0
PARTNER INTEGRATION GUIDE Edition 1.0 Last Revised December 11, 2014 Overview This document provides standards and guidance for USAA partners when considering integration with USAA. It is an overview of
More information000-575. IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>>
000-575 IBM Tivoli Federated Identity Manager V6.2.2 Implementation Version: Demo Page 1.What is the default file name of the IBM Tivoli Directory Integrator log? A. tdi.log B. ibmdi.log C. ibmdisrv.log
More informationSoftware Design Document SAMLv2 IDP Proxying
Software Design Document SAMLv2 IDP Proxying Federation Manager 7.5 Version 0.2 Please send comments to: dev@opensso.dev.java.net This document is subject to the following license: COMMON DEVELOPMENT AND
More informationGet Success in Passing Your Certification Exam at first attempt!
Get Success in Passing Your Certification Exam at first attempt! Exam : C2150-575 Title : IBM Tivoli Federated Identity Manager V6.2.2 Implementation Version : Demo 1.What is the default file name of the
More informationLogout in Single Sign-on Systems
Logout in Single Sign-on Systems Sanna Suoranta, Asko Tontti, Joonas Ruuskanen, Tuomas Aura IFIP IDMAN, London, UK, 8-9.4.2013 Logout in Single Sign-on Systems Motivation Single sign-on (SSO) systems SSO
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationSecurity Assertion Markup Language (SAML) 2.0 Technical Overview
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Security Assertion Markup Language (SAML) 2.0 Technical Overview Working Draft 03, 20 February 2005 Document identifier:
More informationEnabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management
More informationINTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE
INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by
More informationExtending DigiD to the Private Sector (DigiD-2)
TECHNISCHE UNIVERSITEIT EINDHOVEN Department of Mathematics and Computer Science MASTER S THESIS Extending DigiD to the Private Sector (DigiD-2) By Giorgi Moniava Supervisors: Eric Verheul (RU, PwC) L.A.M.
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationIdentity Management im Liberty Alliance Project
Rheinisch-Westfälische Technische Hochschule Aachen Lehrstuhl für Informatik IV Prof. Dr. rer. nat. Otto Spaniol Identity Management im Liberty Alliance Project Seminar: Datenkommunikation und verteilte
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationFlexible Identity Federation
Flexible Identity Federation Administration guide version 1.0.1 Publication history Date Description Revision 2015.09.24 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationAuthentication and Single Sign On
Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication
More informationOpenID and identity management in consumer services on the Internet
OpenID and identity management in consumer services on the Internet Kari Helenius Helsinki University of Technology kheleniu@cc.hut.fi Abstract With new services emerging on the Internet daily, users need
More informationComputer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt
Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to ServiceNow
Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to ServiceNow Table of Contents
More informationMicrosoft Office 365 Using SAML Integration Guide
Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationFederated Identity Management Solutions
Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single
More informationSalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy
SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House
More informationAlfresco Share SAML. 2. Assert user is an IDP user (solution for the Security concern mentioned in v1.0)
Alfresco Share SAML Version 1.1 Revisions 1.1 1.1.1 IDP & Alfresco user logs in using saml login page (Added info about saving the username and IDP login date as a solution for the Security concern mentioned
More informationแนวปฏ บ ตท ด ส าหร บการควบค มความเส ยงของระบบงานเทคโนโลย สารสนเทศท สน บสน นธ รก จหล ก (IT Best Practices)
แนวปฏ บ ต ท ด ส าหร บการควบค มความเส ยงของระบบงานเทคโนโลย สารสนเทศท สน บสน นธ รก จหล ก (IT Best Practices) ISO 27001 COSO COBIT แนวปฏ บ ตท ด ส าหร บการควบค มความเส ยงของระบบงานเทคโนโลย สารสนเทศท สน บสน
More informationSingle Sign-On: Reviewing the Field
Outline Michael Grundmann Erhard Pointl Johannes Kepler University Linz January 16, 2009 Outline 1 Why Single Sign-On? 2 3 Criteria Categorization 4 Overview shibboleth 5 Outline Why Single Sign-On? Why
More informationDeploying RSA ClearTrust with the FirePass controller
Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you
More informationZendesk SSO with Cloud Secure using MobileIron MDM Server and Okta
Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta Configuration Guide Product Release Document Revisions Published Date 1.0 1.0 May 2016 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San
More informationFairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG-201406--R001.
Fairsail Implementer Microsoft Active Directory Federation Services 2.0 Version 1.92 FS-SSO-XXX-IG-201406--R001.92 Fairsail 2014. All rights reserved. This document contains information proprietary to
More informationPingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1
PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity
More informationSafewhere*Identify 3.4. Release Notes
Safewhere*Identify 3.4 Release Notes Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations.
More informationImplementation Guide SAP NetWeaver Identity Management Identity Provider
Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before
More informationHP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationThis section includes troubleshooting topics about single sign-on (SSO) issues.
This section includes troubleshooting topics about single sign-on (SSO) issues. SSO Fails After Completing Disaster Recovery Operation, page 1 SSO Protocol Error, page 1 SSO Redirection Has Failed, page
More informationSingle Log-Out. Andreas Åkre Solberg Malaga, June 2009
Single Log-Out Andreas Åkre Solberg Malaga, June 2009 Sessions On Web HTTP originally stateless Using Cookies to keep state Cookies in RFC2965 Set a session ID first time user visits, sent back to site
More informationFederation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015
Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding
More informationOpenLogin: PTA, SAML, and OAuth/OpenID
OpenLogin: PTA, SAML, and OAuth/OpenID Ernie Turner Chris Fellows RightNow Technologies, Inc. Why should you care about these features? Why should you care about these features? Because users hate creating
More informationSAML and OAUTH comparison
SAML and OAUTH comparison DevConf 2014, Brno JBoss by Red Hat Peter Škopek, pskopek@redhat.com, twitter: @pskopek Feb 7, 2014 Abstract SAML and OAuth are one of the most used protocols/standards for single
More informationDisclaimer. SAP 2008 / SAP TechEd 08 / SIM202 / Page 2
SIM202 SAML 2.0 and Identity Federation Yonko Yonchev, NW PM Security SAP AG Dimitar Mihaylov, NW Security and Identity Management SAP Labs Bulgaria Tsvetomir Tsvetanov, Active Global Support SAP America
More informationMobile Security. Policies, Standards, Frameworks, Guidelines
Mobile Security Policies, Standards, Frameworks, Guidelines Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP 800-124 Rev. 1) http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationConnected Data. Connected Data requirements for SSO
Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated
More informationMLSListings Single Sign On Implementation Guide. Compatible with MLSListings Applications
MLSListings Single Sign On Implementation Guide Compatible with MLSListings Applications February 2010 2010 MLSListings Inc. All rights reserved. MLSListings Inc. reserves the right to change details in
More informationLogout Support on SP and Application
Logout Support on SP and application Logout Support on SP and Application Possibilities and and Limitations SWITCHaai Team aai@switch.ch Single Logout: Is it possible? Single Logout will work only in some
More informationT his feature is add-on service available to Enterprise accounts.
SAML Single Sign-On T his feature is add-on service available to Enterprise accounts. Are you already using an Identity Provider (IdP) to manage logins and access to the various systems your users need
More information[MS-SAMLPR]: Security Assertion Markup Language (SAML) Proxy Request Signing Protocol
[MS-SAMLPR]: Security Assertion Markup Language (SAML) Proxy Request Signing Protocol Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes
More informationSetup Corporate (Microsoft Exchange) Email. This tutorial will walk you through the steps of setting up your corporate email account.
Setup Corporate (Microsoft Exchange) Email This tutorial will walk you through the steps of setting up your corporate email account. Microsoft Exchange Email Support Exchange Server Information You will
More informationDEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity
DEPLOYMENT GUIDE SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity Table of Contents SAML Overview...3 Integration Topology...3 Deployment Requirements...4 Configuration Steps...4 Step
More informationFederated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications
Federated Identity Management and Shibboleth Noreen Hogan Asst. Director Enterprise Admin. Applications Federated Identity Management Management of digital identity/credentials (username/password) Access
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationSAML Authentication Quick Start Guide
SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.
More informationINUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE
INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user
More informationSTUDY ON IMPROVING WEB SECURITY USING SAML TOKEN
STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN 1 Venkadesh.M M.tech, Dr.A.Chandra Sekar M.E., Ph.d MISTE 2 1 ResearchScholar, Bharath University, Chennai 73, India. venkadeshkumaresan@yahoo.co.in 2 Professor-CSC
More informationTrend of Federated Identity Management for Web Services
30 Trend of Federated Identity Management for Web Services Chulung Kim, Sangyong Han Abstract While Web service providers offer different approaches to implementing security, users of Web services demand
More informationSAML single sign-on configuration overview
Chapter 46 Configurin uring Drupal Configure the Drupal Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with a Drupal-based web application. Configuration also specifies
More informationSAM Context-Based Authentication Using Juniper SA Integration Guide
SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete
More informationIdentity Server Guide Access Manager 4.0
Identity Server Guide Access Manager 4.0 June 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF
More informationSingle Sign-On Implementation Guide
Salesforce.com: Salesforce Winter '09 Single Sign-On Implementation Guide Copyright 2000-2008 salesforce.com, inc. All rights reserved. Salesforce.com and the no software logo are registered trademarks,
More informationDualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.
DualShield Integration Guide Copyright 2011 Deepnet Security Limited Copyright 2011, Deepnet Security. All Rights Reserved. Page 1 Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID,
More informationMicrosoft.NET Passport, a solution of single sign on
Microsoft.NET Passport, a solution of single sign on Zheng Liu Department of Computer Science University of Auckland zliu025@ec.auckland.ac.nz Abstract: As the World Wide Web grows rapidly, accessing web-based
More informationIVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0
International Virtual Observatory Alliance IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 IVOA Proposed Recommendation 20151029 Working group http://www.ivoa.net/twiki/bin/view/ivoa/ivoagridandwebservices
More information) "**!ก ก )$+$,ก,ก.-.2550 ก +ก,ก 1!&1!& 2!ก34&#+)ก&ก5) ก ก )$+ )ก!26&
1 ก ก () กก กก!.#.2550 1. ) "**!ก ก )$+$,ก,ก.-.2550 ก# +ก,ก 1!&1!& 2!ก34&#+)ก&ก5) ก ก )$+ )ก!26& ) "**!ก ก )$+$,ก,ก.-.2550 ก #+ก,ก 1!&17 1. ก!34& ) 6" ( 5) " ก 2"!6 ก 6! +% &+!,,2"!%ก %ก!12 ) &+!7 611!
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More informationFederated Authentication Mechanism with Efficient ID management
Federated Authentication Mechanism with Efficient ID management Ryu Watanabe and Toshiaki Tanaka KDDI R&D Laboratories, Inc. Ohara 2-1-15 Fujimino Saitama, Japan Email: ryu@kddilabs.jp, toshi@kddilabs.jp
More informationFederal Identity, Credentialing, and Access Management Security Assertion Markup Language (SAML) 2.0 Web Browser Single Sign-on (SSO) Profile
Federal Identity, Credentialing, and Access Management Security Assertion Markup Language (SAML) 2.0 Web Browser Single Sign-on (SSO) Profile Version 1.0.2 December 16, 2011 Document History Status Release
More informationIdentity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect
Identity Federation: Bridging the Identity Gap Michael Koyfman, Senior Global Security Solutions Architect The Need for Federation 5 key patterns that drive Federation evolution - Mary E. Ruddy, Gartner
More informationTest Plan for Liberty Alliance SAML Test Event Test Criteria SAML 2.0
1 2 3 4 5 6 7 8 9 10 11 Test Plan for Liberty Alliance SAML Test Event Test Criteria SAML 2.0 Version 3.2.2 Editor: Kyle Meadors, Drummond Group Inc. Abstract: This document describes the test steps to
More informationOIOSAML Rich Client to Browser Scenario Version 1.0
> OIOSAML Rich Client to Browser Scenario Version 1.0 Danish Agency for Digitization December 2011 Contents > 1 Introduction 4 1.1 Purpose 1.2 Background 4 4 2 Goals and Assumptions 5 3 Scenario Details
More informationKeeping access control while moving to the cloud. Presented by Zdenek Nejedly Computing & Communications Services University of Guelph
Keeping access control while moving to the cloud Presented by Zdenek Nejedly Computing & Communications Services University of Guelph 1 Keeping access control while moving to the cloud Presented by Zdenek
More informationAn SAML Based SSO Architecture for Secure Data Exchange between User and OSS
An SAML Based SSO Architecture for Secure Data Exchange between User and OSS Myungsoo Kang 1, Choong Seon Hong 1,Hee Jung Koo 1, Gil Haeng Lee 2 1 Department of Computer Engineering, Kyung Hee University
More informationOIO Web SSO Profile V2.0.5
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
More informationIAM Application Integration Guide
IAM Application Integration Guide Date 03/02/2015 Version 0.1 DOCUMENT INFORMATIE Document Title IAM Application Integration Guide File Name IAM_Application_Integration_Guide_v0.1_SBO.docx Subject Document
More informationSecurity Assertion Markup Language (SAML) Site Manager Setup
Security Assertion Markup Language (SAML) Site Manager Setup Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and
More informationAuthentication and Authorization for Mobile Devices
Authentication and Authorization for Mobile Devices Bachelor of Science Thesis in Software Engineering and Management NAVID RANJBAR MAHDI ABDINEJADI The Author grants to Chalmers University of Technology
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to WebEx
Configuring Single Sign-on from the VMware Identity Manager Service to WebEx VMware Identity Manager SEPTEMBER 2015 V 2 Configuring Single Sign-On from VMware Identity Manager to WebEx Table of Contents
More informationSAML Authentication with BlackShield Cloud
SAML Authentication with BlackShield Cloud Powerful Authentication Management for Service Providers and Enterprises Version 3.1 Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCARD
More informationAbout Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack
Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer
More informationSingle Sign-On Toolkit. The National Association of REALTORS Center for REALTOR Technology
2 3 4 5 6 7 8 9 10 Single Sign-On Toolkit sponsored by The National Association of REALTORS Center for REALTOR Technology Clareity Security Single Sign-On Toolkit 1 11 12 13 Revision 1 29 May 2007 Clareity
More informationConfiguring ADFS 3.0 to Communicate with WhosOnLocation SAML
Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML --------------------------------------------------------------------------------------------------------------------------- Contents Overview...
More informationA Data Synchronization based Single Sign-on Schema Supporting Heterogeneous Systems and Multi-Management Mode
A Data Synchronization based Single Sign-on Schema Supporting Heterogeneous Systems and Multi-Management Mode Haojiang Gao 1 Beijing Northking Technology Co.,Ltd Zhongguancun Haidian Science Park Postdoctoral
More informationGetting Started with AD/LDAP SSO
Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories
More informationSAML Artifact Information Flow Revisited
SAML Artifact Information Flow Revisited Thomas Groß IBM Zurich Research Lab Rüschlikon, Switzerland tgr@zurich.ibm.com Birgit Pfitzmann IBM Zurich Research Lab Rüschlikon, Switzerland bpf@zurich.ibm.com
More informationSecuring Splunk with Single Sign On & SAML
Copyright 2015 Splunk Inc. Securing Splunk with Single Sign On & SAML Nachiket Mistry Sr. So=ware Engineer, Splunk Rama Gopalan Sr. So=ware Engineer, Splunk Disclaimer During the course of this presentajon,
More informationA Standards-based Mobile Application IdM Architecture
A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted
More informationSAML Single-Sign-On (SSO)
C O L A B O R A T I V E I N N O V A T I O N M A N A G E M E N T Complete Feature Guide SAML Single-Sign-On (SSO) 1. Features This feature allows administrators to setup Single Sign-on (SSO) integration
More informationIt is I, SAML. Ana Mandić Development Lead @ Five Minutes Ltd
It is I, SAML Ana Mandić Development Lead @ Five Minutes Ltd About Five Minutes We design and develop top notch mobile apps for leading mobile platforms 50 full-time employees Offices in Zagreb, Osijek
More informationE-Authentication Federation Adopted Schemes
E-Authentication Federation Adopted Schemes Version 1.0.0 Final May 4, 2007 Document History Status Release Date Comment Audience Template 0.0.0 1/18/06 Outline PMO Draft 0.0.1 1/19/07 Initial draft Internal
More information