Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

OpenAM - An Introduction

37.833 Aufrufe

Veröffentlicht am

An IAM for Beginner's session presented by Dr. Matthias Tristl, ForgeRock Senior Instructor

Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/

Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/

Veröffentlicht in: Technologie

OpenAM - An Introduction

  1. 1. OpenAM for Beginners EMEA Summit 2013
  2. 2. Agenda ■ ForgeRock Stack overview ■ OpenAM Overview ■ Authentication ■ Authorization ■ Federation 2
  3. 3. ForgeRock Stack Overview 3
  4. 4. Pillars of IAM 4
  5. 5. Classic scenario I User wants to use an application... which does not require any of ForgeRock's products, but ... Application User 5
  6. 6. Classic scenario II Centralization of Authentication … and ... Application OpenDJ User 6
  7. 7. Classic scenario III Central Authorization OpenAM OpenDJ Application User 7
  8. 8. Classic scenario IV Federation Application OpenAM OpenAM OpenDJ Application OpenDJ User 8
  9. 9. Classic scenario V Identity Management OpenAM Application HR DB OpenIDM OpenDJ User 9
  10. 10. OpenAM Overview 10
  11. 11. OpenAM Vision and Scope External Parties PaaS Governments SaaS Authenti cate Perform ance JAAS SOAP & REST WSTrust High Availabi lity SSO Partners Outsourcing OpenAM OpenAM SAML External Parties XACML Entitle ments Suppliers OAuth In-house developed applications Federat e Cloud Commercial applications Authentication methods PKI RADIUS Directory Services 3rd party Data Bases Active Directory SecurID 11
  12. 12. OpenAM Evolution 2008 2009 2010 2011 OpenAM 9.0 2012 OpenAM 9.5 2013 OpenAM 10.0 OpenAM 10.1 OpenAM 11.0 One single product for AAA+Federation OpenSSO Build 7 OpenSSO Build 8 OpenSSO Build 6 OpenSSO Ent 8.0 Some Patch development but no new functionalities Open Source Closed Source 12
  13. 13. OpenAM Key Functionality  Provides single sign-on to web resources and create a sign on once, access everywhere environment  Centralized policy based authentication and authorization  Enables policy enforcement  Tracks all user authentication related events  Extends access beyond organizational boundaries     Authentication Authorization Single Sign-On Federation     Entitlements Web Services Security Auditing/Logging Adaptive AuthN
  14. 14. Key: Single Sign On 14
  15. 15. Key: Protecting Resources 15
  16. 16. Key: Partner Interaction and Integration 16
  17. 17. OpenAM Integration Paths 17
  18. 18. Authentication 18
  19. 19. Authentication: Who are you? 19
  20. 20. Authentication Flow 20
  21. 21. Authentication: Where does the request come from? ■ Common use case: User requests access to a web page ■ Other Use Cases: Applications can request authentication programatically through REST or SOAP web services and OpenAM SDK 21
  22. 22. Authentication: Which Credentials? ■ OpenAM works with most authentication methods without customization ■ 21 out of the box Authentication modules ■ Custom modules can be created easily 22
  23. 23. Authentication: ID Token 23
  24. 24. Authorization 24
  25. 25. Authorization ■ Authentication is not enough ■ Authorization determines: – WHO can do – what ACTIONS – with what RESOURCES – under which CONDITIONS? ■ Uses Policies to define those rights 25
  26. 26. Authorization Flow 26
  27. 27. Federation 27
  28. 28. Federation ■ Federation is the process of linking identities across heterogeneous Access Management products ■ It is a trust relationship whereby a Service Provider (SP) trusts that an Identity Provider (IDP) has successfully authenticated a user ■ It is Standard Based 28
  29. 29. The Goals of Federation ■ Federation enables Single Sign On and Single Logout between partners ■ Federation allows rapid integration – during company acquisitions – between heterogeneous systems ■ Federation allows basic Identity Data Sharing ■ Helps to keep multiple internet accounts under control 29
  30. 30. Federation Standard Protocols OpenID Connect OAUTH 1.0 REST/JSON OAUTH 2.0 Liberty IDFF 1.1/1.2 Shibboleth 1.0/1.1 SAML 1.0 SAML 1.x Shibboleth 2 (SAML2) SAML 2.0 OpenAM ADFS2 WSFederation 1.0 SOAP 2002 WSFederation 1.1 ADFS Today 30
  31. 31. Federation Terminology 31
  32. 32. OpenAM Federation ■ OpenAM provides first class federation support ■ Federation Protocol support – SAML2, WS-Federation, ID-FF, OAuth2 ■ Federated Web Services ■ Multi-Protocol Hub – Allows OpenAM to act as a broker between different federation protocols ■ Plug-in points allow for easy customization ■ Fedlet for applications that do not support standard protocols 32
  33. 33. Forgerock University 33

×