Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Similar presentations


Presentation on theme: "Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)"— Presentation transcript:

1 Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)

2 Dispatcher Conditional Expression Static Request Filter Extract Filter MediaWiki ,3, 3,3, DNS Media Wiki Hosted Sample (Gateway) 7 7

3 Gateway Gateway OpenAM OpenAM Agent WordPress

4 Simple SSSO with WordPress and MediaWiki 1. Browse to MediaWiki Browser Gateway WordPress MediaWiki 3. MediaWiki login page returned 5. WordPress login page 9. POST MediaWiki login form with stored credentials 2. Pass through request 10. MediaWiki home page 4. Redirect to WordPress login 6. User submits credentials 7. Pass through and record 8. WordPress home page

5 HR Application Gateway Flat File Flat File Browser Pass request through 4. Intercepts App redirect, fetches credentials 3. No session, redirect to login 5. POST App login form 6. Validate login, redirect to HR 7. Password replay sample hr application and flat file db (sso1) Figure 1

6 Hello User Gateway Browser HelloUser Sample Application Flow DNS

7 Password replay with Access Management integration (sso2) Agent Redirects User to AM Login Browser Access Manager Access Manager Agent Gateway HR App 3. AM Logs in user, redirects back to HR App 5. No App session 6. POST App login form 7. Redirect to HR 4. Pass through request 8. Figure 2

8 SP initiated SAML2 Post Profile SSO-2 (ssoFedSP) Alternative style 1. Browser IDP Gateway HR App 3. No session, redirect to login 4. Intercepts login request, send SAML2 AuthN Request 2. Pass through request 9. Figure 2 7. POST App login form 8. Redirect to HR App 6. SAML2 POST AuthN Statement

9 IDP initiated SAML2 Post Profile SSO (ssoFedIDP) 1. Authenticate User Browser IDP Gateway HR App 2. SAML2 POST AuthN 8. Figure 4 7. Redirect to HR App 3. Post App login form

10 Standards Based AM Plugin/Agent (ssoFedAgent) 1. Browser Access Manager Access Manager Gateway HR App 4. No session, redirect to login 5. Intercepts login request, send SAML2 AuthN request 3. Pass through request 6. SAML2 POST Profile AuthN 8. Figure 5 7. POST App login form 7. Redirect to HR App 7. Authenticate user

11 Identity Gateway Identity Gateway Agent LegacyUnsupported Custom Agent OpenAM OpenAM Payroll HR

12 Agent OpenAM OpenAM LegacyUnsupported Custom HR Payroll Limited SSO

13 Identity Gateway Identity Gateway Agent LegacyUnsupported Custom Agent OpenAM OpenAM Payroll HR SSO

14 Identity Provider SAML2 Ringtones Federation Gateway Apps Federation Gateway Accessories Federation Gateway

15 How SSO Works Traffic to Legacy Application is routed through the Gateway. Gateway is deployed as a web app protected by the OpenAM agent. OpenAM agent is configured to pass user identifying headers to the Gateway. Gateway filters are configured to intercept the Legacy application login pages. When a login or timeout page is processed, the user is logged in with credentials passed from the OpenAM agent or by looking them up in an external database or vault. Gateway optionally manages, filters, or transforms, cookies, headers, and general application content. OpenAM Legacy Identity Gateway Agent

16 How Federation Works Traffic to Legacy Application is routed through the Gateway. Gateway is deployed as a web app or standalone java application. Gateway is configured as a SAML2 endpoint in a Circle of Trust with the WAM. Gateway filters are configured to recognize Legacy application login pages. When the Gateway sees a login or timeout page, an SP initiated SAML2 AuthN request is sent to the WAM. Upon receiving and processing the assertion, the Gateway logs the user in with credentials from the assertion or by looking them up in an external database or vault. Gateway optionally manages, filters, or transforms, cookies, headers, and general application content. Web Access Management SAML2 Web Access Management SAML2 Legacy Federation Identity Gateway Federation Identity Gateway

17 Proxy Agent Payroll Agent Portal OpenAM Services HR Identity Gateway Legacy Custom OpenAM Single Sign-on Authentication Session Authorization Auditing

18 Agent Portal Fedlet CRM.com OpenAM Federated SSO OpenAM Services Liberty ID-FF SAML2 SAML1 WS-Fed Identity Gateway Wiki.co m Federation Enabled 3 rd Party Access Manager


Download ppt "Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)"

Similar presentations


Ads by Google