Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISAM APPLIANCE (FEDERATION) ADMINISTRATION

Published byJessie Rogers Modified over 7 years ago

Similar presentations

Presentation on theme: "ISAM APPLIANCE (FEDERATION) ADMINISTRATION"— Presentation transcript:

1 ISAM APPLIANCE (FEDERATION) ADMINISTRATION
5/20/2018 ISAM APPLIANCE (FEDERATION) ADMINISTRATION Author notes: <please delete these instructions before presenting> This is the IBM Security Default Template for both internal and external use. It’s aspect ratio is 16:10 and measures 10 x 6.25”. This template was created in Microsoft PowerPoint 365 Pro Plus 2016. Template files (saved with the file extension .potx) contain slide designs and customized layouts and are stored in your Microsoft templates folder* To save your new template as your default template for future use: Click “File / Save as” and choose “PowerPoint template (.potx) from the pull down menu” Rename file to, “Blank.potx” and click “Save” (file will then be stored to the default template location) Themes provide a complete slide design that can be applied to your existing presentation, including background designs, font styles, colors, and layouts To save your new template’s theme file; click “View / Slide Master / Themes” On the Themes pull down menu, select, “Save Current Theme” This new Theme file is how you apply the new template design to your existing presentations For more information, visit: Office.com / PowerPoint / Support Copy your existing source slides in slide sorter view Paste special by right-clicking in slide sorter view of destination file or template Select “Keep source formatting” This helps to ensure your slides retain their existing styles Each slide needs to be adjusted by doing the following in “Normal view” Select body content except title and footer by (Control “A”; then select title and footers while holding shift key) Cut remaining selected body content (Control “X”) Reset slide layout using new template layouts Paste slide content back onto slide (Control “V”) Learn more about using templates, visit: Office.com / PowerPoint / Support Virag patel – ibm security support

2 Agenda Introduction Discuss REST API with demo CLI usage LMI usage
5/20/2018 Agenda Introduction  Discuss REST API with demo CLI usage LMI usage Supported federation types Configure reverse proxy instance (webseal) as poc Mapping rules Template files Troubleshooting and logs/trace analysis

3 5/20/2018 Introduction The federation module is available from ISAM appliance v9.0.0 and later The federation module provides support for federated single sign-on for users across multiple applications and different domains to avoid managing multiple userIDs and passwords.

4 Available Interfaces REST API
5/20/2018 Available Interfaces REST API The use of RESTful Web service is to manage and automate the configuration of federations and partner. Easy to deploy new configuration or update existing configuration while managing multiple environments. LMI Console (Local management interface) It is a web interface to manage the ISAM appliance CLI (Command line interface – limited functionality) It is accessible via ssh port 22

5 REST API Manage Federations Manage STS Modules and Chains
Create/delete/update federation configuration Create/delete/update partner configuration Export/Import federation and partner configuration Retrieve existing federation and partner configuration Manage STS Modules and Chains Create/delete/update STS chain Retrieve existing STS chain configuration Retrieve list of STS module instances and types Manage Alias Services Manage Attribute Sources Manage Point of contact profiles

6 List federation Scripting using Federation REST API helps to automate configuration of federations. Download REST APIs using LMI $ curl -k -u -X GET -H 'Accept: application/json‘ [{"protocol":"SAML2_0","role":"ip","templateName":"","configuration":{"pointOfContactUrl":" Time":120,"companyName":"idp company","manageNameIDService":[{"binding":"artifact","url":" t","url":" 0idp\/saml20\/mnids"},{"binding":"soap","url":" Options":{"validateAuthnRequest":false},"transformAlgorithmElements":{"includeInclusiveNamespaces":true},"signingOptions":{"signAssertion ":false,"signLogoutResponse":false,"signArtifactRequest":false,"signNameIDManagementRequest":false,"signAuthnResponse":false,"signArti factResponse":false,"signNameIDManagementResponse":false,"signLogoutRequest":false},"signingKeyIdentifier":{"keystore":"rt_profile_ke ys","label":"server"},"keyInfoElements":{"includeX509CertificateData":true,"includePublicKey":false,"includeX509IssuerDetails":false,"includeX50 9SubjectKeyIdentifier":false,"includeX509SubjectName":false}},"identityMapping":{"activeDelegateId":"default- map","properties":{"identityMappingRuleReference":"7","ruleType":"JAVASCRIPT"}},"singleLogoutService":[{"binding":"artifact","url":" p1.example.com\/isam\/sps\/saml20idp\/saml20\/slo"},{"binding":"post","url":" ding":"redirect","url":" \/saml20idp\/saml20\/soap"}],"artifactResolutionService":[{"default":true,"index":0,"binding":"soap","url":" ml20idp\/saml20\/soap"}],"assertionSettings":{"assertionValidAfter":300,"assertionValidBefore":300},"attributeMapping":{"map":[]},"singleSignOnS ervice":[{"binding":"artifact","url":" m\/isam\/sps\/saml20idp\/saml20\/login"},{"binding":"redirect","url":" ":" format: Address","supported":["urn:oasis:names:tc:SAML:2.0:nameid-format:persistent","urn:oasis:names:tc:SAML:1.1:nameid- format: Address","urn:oasis:names:tc:SAML:2.0:nameid-format:transient","urn:oasis:names:tc:SAML:1.1:nameid- format:unspecified"]},"sessionTimeout":7200,"needConsentToFederate":false,"messageValidTime":300,"encryptionSettings":{"decryptionKeyI dentifier":{"keystore":"rt_profile_keys","label":"server"}}},"name":"saml20idp","id":"uuid22baab b-9e58-ef894c5ace23"}] Author notes: Note that the contents/agenda items are written in sentence case. Initial caps are reserved for IBM-branded solution names. When referring to IBM products, use the correct full name, (e.g., IBM Rational ClearCase). Title the page “Table of contents” if the document is meant to be read or is a “leave behind.” Use “Agenda” if the document will be presented formally. This page should appear at the beginning of each section, with the highlighted section appearing in blue and bold. 6

7 CLI console Very useful when LMI console is not available
5/20/2018 CLI console Very useful when LMI console is not available Reset network configuration to restore the service Real time log monitoring while troubleshooting the error isam logs monitor Create IBM Support file and log management

8 First step… using LMI Console
5/20/2018 First step… using LMI Console Download “Activation key” from IBM Passport Advantage online Import the key in ISAM appliance using LMI console

9 Network configuration
5/20/2018 Network configuration Set IP address for ISAM federation runtime Set SSL/Non SSL port Verify ISAM federation runtime by calling one of the WS-Trust web-service ip address>/TrustServerWS/SecurityTokenService Provide default basic authentication credentials ‘easuser’ and ‘passw0rd’

10 Verify Runtime status :Standalone & Cluster
5/20/2018 Verify Runtime status :Standalone & Cluster

11 Supported federation types
5/20/2018 Supported federation types SAML 2.0 SAML 2.0 (Quick Connect) OpenID Connect

12 How to create Federations SAML2.0/OpenID Connect
5/20/2018 How to create Federations SAML2.0/OpenID Connect Navigation LMI->Secure Federation->Manage->Federations What can be done? Add SAML2.0/OpenID Connect based federation(Identity provider/Service Provider) Edit existing Federation Delete existing Federations Export the metadata configuration file in xml format Partners Add openID connect or SAML2.0 based partners Edit partner configurations, used to enable a disabled partner Delete partner Disable partner

13 Federations Screenshot to demonstrate
LMI->Secure->Manage-Federations

14 SAML 2 (Quick Connect) Connectors available for SAML 2.0:
5/20/2018 SAML 2 (Quick Connect) Connectors available for SAML 2.0: Navigate Secure Federation -> Global settings -> Partner Templates

15 5/20/2018 Mapping rules Javascript based Mapping rule for SAML and OpendID connect For SAML you can manipulate STSUU to map identities For OpenID connect you can manipulate Claims Navigation LMI->Secure Federation->Global Settings->mapping rules Appliance comes with default mapping rules

16 5/20/2018 Mapping rules

17 Configure reverse proxy as point of contact server
The webseal instance at the Identity Provider authenticates user and issues tokens The webseal instance at the Service Provider consumes token and performs single sign on to get access to protected resources Create atleast one federation before you configure webseal as poc /isam junction and required ACLs are created and configured (1) ISAM runtime details (2) Select federation name (3) ACL and Certificate reuse Author notes: Note that the contents/agenda items are written in sentence case. Initial caps are reserved for IBM-branded solution names. When referring to IBM products, use the correct full name, (e.g., IBM Rational ClearCase). Title the page “Table of contents” if the document is meant to be read or is a “leave behind.” Use “Agenda” if the document will be presented formally. This page should appear at the beginning of each section, with the highlighted section appearing in blue and bold. 17

18 Template files HTML files that are provided with the appliance and contain elements, such as fields, text, or graphics, and sometimes macros that are replaced with information that is specific to the request or to provide a response to the request. Use HTML pages for the following purposes: Displaying success and error messages to users Asking users for confirmation Sending SAML messages You can customize these HTML pages so that they display what you want. These pages contain macros and are similar to other HTML pages in Security Access Manager. A macro is text in an HTML page that is replaced with context-specific information. For example, the macro is replaced by text that describes the error that occurred. Author notes: Note that the contents/agenda items are written in sentence case. Initial caps are reserved for IBM-branded solution names. When referring to IBM products, use the correct full name, (e.g., IBM Rational ClearCase). Title the page “Table of contents” if the document is meant to be read or is a “leave behind.” Use “Agenda” if the document will be presented formally. This page should appear at the beginning of each section, with the highlighted section appearing in blue and bold. 18

19 Troubleshooting Increase tracing level Trace components Author notes:
Note that the contents/agenda items are written in sentence case. Initial caps are reserved for IBM-branded solution names. When referring to IBM products, use the correct full name, (e.g., IBM Rational ClearCase). Title the page “Table of contents” if the document is meant to be read or is a “leave behind.” Use “Agenda” if the document will be presented formally. This page should appear at the beginning of each section, with the highlighted section appearing in blue and bold. 19

20 Logs and traces You can monitor the log files using CLI, LMI Console or using REST API Author notes: Note that the contents/agenda items are written in sentence case. Initial caps are reserved for IBM-branded solution names. When referring to IBM products, use the correct full name, (e.g., IBM Rational ClearCase). Title the page “Table of contents” if the document is meant to be read or is a “leave behind.” Use “Agenda” if the document will be presented formally. This page should appear at the beginning of each section, with the highlighted section appearing in blue and bold. 20

21 Mandatory closing slide with copyright and legal disclaimers.
5/20/2018 Mandatory closing slide with copyright and legal disclaimers.

Download ppt "ISAM APPLIANCE (FEDERATION) ADMINISTRATION"

Similar presentations

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
Ch. 5 Web Page Design – Templates and Style Sheets Mr. Ursone.

Ch. 5 Web Page Design – Templates and Style Sheets Mr. Ursone.
FINAL REVIEW Carley. Contents Unit A: Understanding Essential Computer Concepts Unit B: Getting Started wit Mac OS X Leopard Unit C: Understanding File.

FINAL REVIEW Carley. Contents Unit A: Understanding Essential Computer Concepts Unit B: Getting Started wit Mac OS X Leopard Unit C: Understanding File.
Practical Computing by Lynn Hogan

Practical Computing by Lynn Hogan
FIRST COURSE Creating Web Pages with Microsoft Office 2007.

FIRST COURSE Creating Web Pages with Microsoft Office 2007.
Tutorial 3: Adding and Formatting Text. 2 Objectives Session 3.1 Type text into a page Copy text from a document and paste it into a page Check for spelling.

Tutorial 3: Adding and Formatting Text. 2 Objectives Session 3.1 Type text into a page Copy text from a document and paste it into a page Check for spelling.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Snippet Management The following screens demonstrate how to: 1. Access and view snippets 2. Create a local standard snippet, or a local class snippet 3.

Snippet Management The following screens demonstrate how to: 1. Access and view snippets 2. Create a local standard snippet, or a local class snippet 3.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
1 ADVANCED MICROSOFT WORD Lesson 15 – Creating Forms and Working with Web Documents Microsoft Office 2003: Advanced.

1 ADVANCED MICROSOFT WORD Lesson 15 – Creating Forms and Working with Web Documents Microsoft Office 2003: Advanced.
Form Builder 4.0.4 Iteration 2 User Acceptance Testing (UAT) Denise Warzel Semantic Infrastructure Operations Team Presented to caDSR Curation Team March.

Form Builder Iteration 2 User Acceptance Testing (UAT) Denise Warzel Semantic Infrastructure Operations Team Presented to caDSR Curation Team March.
Lesson 15 Getting Started with PowerPoint Essentials

Lesson 15 Getting Started with PowerPoint Essentials
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Classroom User Training June 29, 2005 Presented by:

Classroom User Training June 29, 2005 Presented by:
Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.

Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
| | Tel: 020 7920 9500 | | Computer Training & Personal Development Microsoft Office PowerPoint 2007 Expert.

| | Tel: | | Computer Training & Personal Development Microsoft Office PowerPoint 2007 Expert.
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Objective To create a professional, affordable, and easy to use website Create a user friendly interface with accessibility and effortless navigation.

Objective To create a professional, affordable, and easy to use website Create a user friendly interface with accessibility and effortless navigation.

Similar presentations

Ads by Google