Download presentation
Presentation is loading. Please wait.
1
Prabath Siriwardena Senior Software Architect
2
An open source Identity & Entitlement management server
3
Authentication ADLDAP JDBC
5
An open source Identity & Entitlement management server Authentication Single Sign On SAML2Kerberos WS-Fed Passive
6
Decentralized Single Sign On Single user profile Widely used for community & collaboration aspects Multifactor Authentication [Infocard, XMPP] OpenID relying party components
![ Decentralized Single Sign On Single user profile Widely used for community & collaboration aspects Multifactor Authentication [Infocard, XMPP] OpenID relying party components](http://images.slideplayer.com/20/5996363/slides/slide_6.jpg " Decentralized Single Sign On Single user profile Widely used for community & collaboration aspects Multifactor Authentication [Infocard, XMPP] OpenID relying party components")
7
Single Sign On / Single Logout Widely used *aaS providers [Google Apps, Salesforce] SAML2 Web SSO Profile SAML2 Attribute Profile Distributed Federated SAML2 IdPs Used in WSO2 StratosLive
![ Single Sign On / Single Logout Widely used *aaS providers [Google Apps, Salesforce] SAML2 Web SSO Profile SAML2 Attribute Profile Distributed Federated SAML2 IdPs Used in WSO2 StratosLive](http://images.slideplayer.com/20/5996363/slides/slide_7.jpg " Single Sign On / Single Logout Widely used *aaS providers [Google Apps, Salesforce] SAML2 Web SSO Profile SAML2 Attribute Profile Distributed Federated SAML2 IdPs Used in WSO2 StratosLive")
8
SharePoint WS-Fed Passive
9
An open source Identity & Entitlement management server Authentication Single Sign On Provisioning SCIMSPML
12
2001 : OASIS PS TC 2003 : SPML 1.0 2003 : WS-Provisioning 2006 : SPML 2.0 2010 : SCIM community 2011 : SCIM 1.0 2012 : SCIM 1.1 2011 : RESTPML
14
SCIM Service Provider /Users /Groups SCIM Consumer
15
{ "schemas":[], "name":{"familyName":”siriwardena","givenName":”prabath"}, "userName":”prabath","password":”prabath123", "emails":[{"primary":true,"value":”prabath@yahoo.com","type":"home"}, {"value":”prabath@wso2.com","type":"work"}] } curl -v -k --user admin:admin -d @add-user.json --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users add-user.json curl command
![{ schemas :[], name :{ familyName : siriwardena , givenName : prabath }, userName : prabath , password : prabath123 , s :[{ primary :true, value : , type : home }, { value : , type : work }] } curl -v -k --user admin:admin --header Content-Type:application/json add-user.json curl command](http://images.slideplayer.com/20/5996363/slides/slide_15.jpg "{ schemas :[], name :{ familyName : siriwardena , givenName : prabath }, userName : prabath , password : prabath123 , s :[{ primary :true, value : , type : home }, { value : , type : work }] } curl -v -k --user admin:admin --header Content-Type:application/json add-user.json curl command")
16
{ "schemas": ["urn:scim:schemas:core:1.0"], "id": "idnext", "displayName": "IdentityNext", } curl -v -k --user admin:admin -d @add-group.json --header "Content- Type:application/json" https://localhost:9443/wso2/scim/Groups add-group.json curl command
![{ schemas : [ urn:scim:schemas:core:1.0 ], id : idnext , displayName : IdentityNext , } curl -v -k --user admin:admin --header Content- Type:application/json add-group.json curl command](http://images.slideplayer.com/20/5996363/slides/slide_16.jpg "{ schemas : [ urn:scim:schemas:core:1.0 ], id : idnext , displayName : IdentityNext , } curl -v -k --user admin:admin --header Content- Type:application/json add-group.json curl command")
18
Provisioning Service Provider Domain A Domain B One way provisioning Provisioning Service Provider Domain C SCIM Consumer
19
Provisioning Service Provider Domain A Domain B One way provisioning with broker mode Provisioning Service Provider Domain C SCIM Consumer
20
Provisioning Service Provider Domain A Domain B Bi-directional provisioning Provisioning Service Provider Domain C SCIM Consumer
21
Provisioning Service Provider Domain A Domain B Multi-directional provisioning with a centralized PSP Provisioning Service Provider Domain C SCIM Consumer Provisioning Service Provider
22
Domain A Domain B Just-in-time provisioning with SAML2 SAML2 IdP 1 2 3 4
23
Provisioning Service Provider Domain A Domain B Just-in-time provisioning with SAML2 SAML2 IdP 1 2 3 5 4
24
Provisioning Service Provider SCIM Consumer (facilelogin.com) SCIM Consumer (wso2.com) wso2.com facilelogin.com
26
An open source Identity & Entitlement management server Authentication Single Sign On Provisioning Auditing XDAS
28
An open source Identity & Entitlement management server Authentication Single Sign On Provisioning AuditingDelegation WS-TRUST
34
Identity Delegation Securing RESTful services 2-legged & 3-legged OAuth 1.01 XACML integration with OAuth OAuth 2.0 support with Authorization Code, Implicit, Resource Owner Credentials, Client Credentials
35
An open source Identity & Entitlement management server Authentication Single Sign On Provisioning AuditingDelegation Federation WS-TRUSTSAML2
36
Federation
37
Supports WS-Trust 1.3/1.4 SAML 1.0/1.1/2.0 token profiles Claim management
38
Security Token Service Consumer App Resource Domain A Domain B Cross Domain Authentication with WS-Trust
39
Cross Domain Authentication with Kerberos and WS-Trust
40
Decentralized Federated SAML2 IdPs
43
An open source Identity & Entitlement management server Role Based Access Control
44
An open source Identity & Entitlement management server Role Based Access Control Attribute Based Access Control
45
An open source Identity & Entitlement management server Role Based Access Control Attribute Based Access Control Policy Based Access Control XACML
46
An open source Identity & Entitlement management server Role Based Access Control Attribute Based Access Control Policy Based Access Control SOAP XACML / WS-XACML
47
An open source Identity & Entitlement management server Role Based Access Control Attribute Based Access Control Policy Based Access Control SOAP REST XACML
48
The de-facto standard for authorization XACML 3.0 Support for multiple PIPs Policy distribution Decision / Attribute caching UI wizard for defining policies Notifications on policy updates TryIt tool
49
EntitlementService EntitlementPolicyAdminService Policy Decision Point Policy Cache Decision Cache XACML Engine Extensions Policy Administration Point Attribute Finder Extensions Default Finder LDAP Attribute Cache SOAP/Thrift/WS- XACML SOAP
54
User stores with LDAP/AD/JDBC Multiple user stores OpenID SAML2 Kerberos Integrated Windows Authentication Information Cards XACML 2.0/3.0 OAuth 1.0a/2.0 Security Token Service with WS-Trust SCIM 1.1 WS-XACML WS-Fed Passive
Similar presentations
