Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Logicalis Group Single signon possibilities for iSeries Mandy Shaw, Logicalis (with many thanks to Pat Botz of IBM Rochester)

Published byCameron Garrett Modified over 8 years ago

Similar presentations

Presentation on theme: "© Logicalis Group Single signon possibilities for iSeries Mandy Shaw, Logicalis (with many thanks to Pat Botz of IBM Rochester)"— Presentation transcript:

1 © Logicalis Group Single signon possibilities for iSeries Mandy Shaw, Logicalis (with many thanks to Pat Botz of IBM Rochester)

2 Simplify your infrastructure: single level signon What Every Enterprise Wants Protect access to enterprise resources at lowest possible cost What Every User Wants Highest possible convenience and productivity Not to have to remember or change passwords

3 SSO Definition What we mean by SSO The ability of an end user to sign in to the enterprise network and run multi- tier applications without being prompted again for authentication data, and without requiring the end user to have the same user ID and/or password on every system. What we don’t mean by SSO Same user id everywhere Same password everywhere Centralized storing/caching of passwords LDAP Authentication

4 Kerberos and Enterprise Identity Mapping Kerberos involves the acceptance of a single authentication by ‘Kerberised’ applications, avoiding the need for passwords EIM links user ids for different servers, at individual or group level EIM can be used without Kerberos; Kerberos can be used without EIM

5 John Smith's user ID: u:JSimth p:myonepwd z/OS RACF iSeries WebSphere NetServer intranet User AIX Windows 2000/NT Linux NDS Nirvana Extranet / Internet

6 John Smith's user IDs: z/OS RACF iSeries WebSphere NetServer intranet User AIX Windows 2000/2003 Server Linux NDS Windows NT/98/95 u:JohnSmith p:myonepwd u:simthj p:*NONE u:John p:*NONE u:Smith1 p:*NONE u:JoSm05 p:*NONE etc.. John Smith's user IDs: u:John Smith u:JSimth u:John u:Smith1 u:JoSm05 etc.. OS/400 approach gets you here

7 OS/400 implementation elements LDAP directory used purely to store EIM data EIM Identifiers for individuals Maps identifiers to user ids in registries Kerberos OS/400 can store KDC and do Kerberos authentication Typically, it won’t Network Authentication Service Identifies where the Kerberos authentication is done, and for which apps Applications NetServer, iSeries Navigator, Management Central, PC5250, QFileSvr.400, …

8 Benefits Whatever the user profile password is set to, it is not used for authentication, therefore can be set to *NONE No need to store/cache passwords Exploits signon technology that the significant majority of end users use when they sign on Comparatively small overhead to implement and manage over time Use within application development

9 Things to consider EIM doesn’t create or delete users: it just maps them and saves management time Use with V5R2 requires appropriate PTFs Kerberos authentication doesn’t yet cover all possible OS/400 applications (e.g. FTP) Domino and WebSphere currently require special treatment Domino: consider Active Directory integration WebSphere: consider identity tokens or Domino integration

Download ppt "© Logicalis Group Single signon possibilities for iSeries Mandy Shaw, Logicalis (with many thanks to Pat Botz of IBM Rochester)"

Similar presentations

Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Introduction to z/OS Security Lesson 4: There’s more to it than RACF

Introduction to z/OS Security Lesson 4: There’s more to it than RACF
Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,

Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,
Single Sign-On in a Single Day

Single Sign-On in a Single Day
SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.

SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.
Using Kerberos the fundamentals. Computer/Network Security needs: Authentication Who is requesting access Authorization What user is allowed to do Auditing.

Using Kerberos the fundamentals. Computer/Network Security needs: Authentication Who is requesting access Authorization What user is allowed to do Auditing.
Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.

Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Identity and Access Management

Identity and Access Management
Enterprise Single Sign On Identity management for web applications.

Enterprise Single Sign On Identity management for web applications.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group

Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group
Single Sign-on Integration (SSI) MSIT 458 – Information Security Project Part 2 Prepared for Professor Yan Chen Prepared by Team Triad Radu Bulgaru Moniza.

Single Sign-on Integration (SSI) MSIT 458 – Information Security Project Part 2 Prepared for Professor Yan Chen Prepared by Team Triad Radu Bulgaru Moniza.
Active Directory Lecture 3 – Domain Services Primer.

Active Directory Lecture 3 – Domain Services Primer.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Similar presentations

Ads by Google