Publicidad

Design Pattern for Federated Single Sign-On Access

Mike Reams
Strategic Thinker, Problem Solver and Leader in Architecture en Cox Enterprises
2 de Dec de 2015
Design Pattern for Federated Single Sign-On Access

Check these out next

How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
rlsoft
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
Corey Roth
Enterprise Security Requirements
Enterprise Security Requirements
WSO2
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Phuong Nguyen
EA Diagrams
EA Diagrams
Laurence White
Oim Poc1.0
Oim Poc1.0
Mohamed Atef
End-to-End Identity Management
End-to-End Identity Management
WSO2
Cloud design patterns - Federated Identity & Gatekeeper
Cloud design patterns - Federated Identity & Gatekeeper
Roger Chien
1 de 1

Design Pattern for Federated Single Sign-On Access

2 de Dec de 2015
Tecnología

A Design Pattern provides a scheme for refining the subsystems or components of a software system, or the relationships between them

Mike Reams
Strategic Thinker, Problem Solver and Leader in Architecture en Cox Enterprises
Publicidad
Publicidad
Publicidad

Recomendados

Design Pattern for Oracle Identity ProvisioningDesign Pattern for Oracle Identity Provisioning
Design Pattern for Oracle Identity ProvisioningMike Reams770 vistas1 diapositiva
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer4.6K vistas21 diapositivas
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana9.4K vistas23 diapositivas
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best PracticesSalesforce Developers11.1K vistas29 diapositivas
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha22K vistas32 diapositivas
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver9.3K vistas24 diapositivas

Más contenido relacionado

Presentaciones para ti(18)

How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
rlsoft18.7K vistas
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
Corey Roth1.4K vistas
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
WSO2917 vistas
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners Guide
Phuong Nguyen3.7K vistas
EA DiagramsEA Diagrams
EA Diagrams
Laurence White209 vistas
Oim Poc1.0Oim Poc1.0
Oim Poc1.0
Mohamed Atef3.7K vistas
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity Management
WSO2933 vistas
Cloud design patterns - Federated Identity & GatekeeperCloud design patterns - Federated Identity & Gatekeeper
Cloud design patterns - Federated Identity & Gatekeeper
Roger Chien2K vistas
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff1.1K vistas
Fine Grained Authorization: Technical Insights for Using Oracle Entitlements ...Fine Grained Authorization: Technical Insights for Using Oracle Entitlements ...
Fine Grained Authorization: Technical Insights for Using Oracle Entitlements ...
Subbu Devulapalli2.1K vistas
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESB
WSO216.7K vistas
3 Building Blocks For Managing Cloud Applications Webinar3 Building Blocks For Managing Cloud Applications Webinar
3 Building Blocks For Managing Cloud Applications Webinar
Todd Clayton737 vistas
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
Roger CARHUATOCTO1K vistas
IamIam
Iam
Microsoft Norge AS541 vistas
Reverse password synchronization with ibm tivoli identity manager redp4299Reverse password synchronization with ibm tivoli identity manager redp4299
Reverse password synchronization with ibm tivoli identity manager redp4299
Banking at Ho Chi Minh city3.9K vistas
SAML Executive OverviewSAML Executive Overview
SAML Executive Overview
PortalGuard653 vistas
IDM ReconciliationIDM Reconciliation
IDM Reconciliation
Aidy Tificate6.2K vistas
Sim-webcast-part1-1aaSim-webcast-part1-1aa
Sim-webcast-part1-1aa
OracleIDM932 vistas

Similar a Design Pattern for Federated Single Sign-On Access(20)

SharePoint Connector – Setup and ConfigurationSharePoint Connector – Setup and Configuration
SharePoint Connector – Setup and Configuration
Adobe5.1K vistas
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
Dan Brinkmann14.2K vistas
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Canada338 vistas
Taking a Pragmatic Look at the Salesforce Security ModelTaking a Pragmatic Look at the Salesforce Security Model
Taking a Pragmatic Look at the Salesforce Security Model
Salesforce Developers2.8K vistas
O2 Presentation Sdp EventO2 Presentation Sdp Event
O2 Presentation Sdp Event
jameskenney651 vistas
Tech UG - Newcastle 09-17 - logic appsTech UG - Newcastle 09-17 - logic apps
Tech UG - Newcastle 09-17 - logic apps
Michael Stephenson525 vistas
Architecting Multi-Org SolutionsArchitecting Multi-Org Solutions
Architecting Multi-Org Solutions
Salesforce Developers6.8K vistas
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
Programming Talents2.1K vistas
Saas securitySaas security
Saas security
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW1.3K vistas
Cisco SocialMiner Tools for Social Media Customer CareCisco SocialMiner Tools for Social Media Customer Care
Cisco SocialMiner Tools for Social Media Customer Care
Natasha Kelly2.3K vistas
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTIONIAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
ForgeRock1K vistas
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Canada1.3K vistas
Sindhumathi VellaiduraiSindhumathi Vellaidurai
Sindhumathi Vellaidurai
Sindhumathi Vellaidurai216 vistas
Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...
Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...
MongoDB2.1K vistas
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App Fabric
Spiffy1.5K vistas
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
DevOps for Enterprise Systems2.4K vistas
Sharksim OverviewSharksim Overview
Sharksim Overview
tcoyle72502 vistas
Impact 2013 2971 - Fundamental integration and service patternsImpact 2013 2971 - Fundamental integration and service patterns
Impact 2013 2971 - Fundamental integration and service patterns
Brian Petrini540 vistas
Syllabus for Technical coursesSyllabus for Technical courses
Syllabus for Technical courses
Montek1Learning212 vistas
Lead Allocation System - Attribute Driven Design (ADD)Lead Allocation System - Attribute Driven Design (ADD)
Lead Allocation System - Attribute Driven Design (ADD)
Amin Bandeali1K vistas
Publicidad

Más de Mike Reams(16)

Design Pattern Logical ModelDesign Pattern Logical Model
Design Pattern Logical Model
Mike Reams401 vistas
Knowledge Transfer Training Presentation for Identity Lifecycle ManagerKnowledge Transfer Training Presentation for Identity Lifecycle Manager
Knowledge Transfer Training Presentation for Identity Lifecycle Manager
Mike Reams1.3K vistas
Mobile user single sign on flowMobile user single sign on flow
Mobile user single sign on flow
Mike Reams276 vistas
Solution Delivery CalendarSolution Delivery Calendar
Solution Delivery Calendar
Mike Reams376 vistas
Environment Gap Analysis for ApplicationsEnvironment Gap Analysis for Applications
Environment Gap Analysis for Applications
Mike Reams292 vistas
Perimeter Protected Access Design PatternPerimeter Protected Access Design Pattern
Perimeter Protected Access Design Pattern
Mike Reams1K vistas
Retiree Data Flow DiagramRetiree Data Flow Diagram
Retiree Data Flow Diagram
Mike Reams272 vistas
Series of Visual Flow DiagramsSeries of Visual Flow Diagrams
Series of Visual Flow Diagrams
Mike Reams617 vistas
High-level Architecture viewpoint of a Troux InfrastructureHigh-level Architecture viewpoint of a Troux Infrastructure
High-level Architecture viewpoint of a Troux Infrastructure
Mike Reams375 vistas
Visio Diagram of a user SSO FlowVisio Diagram of a user SSO Flow
Visio Diagram of a user SSO Flow
Mike Reams1.5K vistas
Visio Diagram Scripting and Server Management flowVisio Diagram Scripting and Server Management flow
Visio Diagram Scripting and Server Management flow
Mike Reams397 vistas
Visio Diagram for Configuration ManagementVisio Diagram for Configuration Management
Visio Diagram for Configuration Management
Mike Reams532 vistas
User Flow swim-lane Diagram for New Hire User Flow swim-lane Diagram for New Hire
User Flow swim-lane Diagram for New Hire
Mike Reams4.9K vistas
Architecture Design Presentation for OIMArchitecture Design Presentation for OIM
Architecture Design Presentation for OIM
Mike Reams895 vistas
Sample Template for Single Sign-On (SSO)Sample Template for Single Sign-On (SSO)
Sample Template for Single Sign-On (SSO)
Mike Reams1.6K vistas
Visual representation as an architectural artifactVisual representation as an architectural artifact
Visual representation as an architectural artifact
Mike Reams239 vistas

Último(20)

Technology & Innovations.pptxTechnology & Innovations.pptx
Technology & Innovations.pptx
AhmedReda4583355 vistas
LeedsSharp May 2023 - Azure Integration ServicesLeedsSharp May 2023 - Azure Integration Services
LeedsSharp May 2023 - Azure Integration Services
Michael Stephenson0 vistas
Ufone IT Report.pdfUfone IT Report.pdf
Ufone IT Report.pdf
Malik Kashif0 vistas
Chapter 1.pptxChapter 1.pptx
Chapter 1.pptx
Habtamu Yetwale0 vistas
Voice-over-LTE-Optimization.docx.pdfVoice-over-LTE-Optimization.docx.pdf
Voice-over-LTE-Optimization.docx.pdf
AhmadEmara12 vistas
INT 1010 09-2.pdfINT 1010 09-2.pdf
INT 1010 09-2.pdf
Luis R Castellanos0 vistas
INT 1010 08-4.pdfINT 1010 08-4.pdf
INT 1010 08-4.pdf
Luis R Castellanos0 vistas
Biodiesel From waste frying oilBiodiesel From waste frying oil
Biodiesel From waste frying oil
akhileshtiwari8467430 vistas
COMPUTER PPT.pptxCOMPUTER PPT.pptx
COMPUTER PPT.pptx
ishaanshehrawat0 vistas
INT 1010 02.pdfINT 1010 02.pdf
INT 1010 02.pdf
Luis R Castellanos0 vistas
pdfcoffee.com_project-work-plan-and-budget-matrix-for-aip-2020-reviseddocx-pd...pdfcoffee.com_project-work-plan-and-budget-matrix-for-aip-2020-reviseddocx-pd...
pdfcoffee.com_project-work-plan-and-budget-matrix-for-aip-2020-reviseddocx-pd...
GioJoKyffer1 vista
INT 1010 03.pdfINT 1010 03.pdf
INT 1010 03.pdf
Luis R Castellanos0 vistas
Discover the power of Smart TVs with powerful sound in 2023.docxDiscover the power of Smart TVs with powerful sound in 2023.docx
Discover the power of Smart TVs with powerful sound in 2023.docx
TechOrc2 vistas
AusCERT 2023 - Non-linear, decentralised and multi-stakeholder incident respo...AusCERT 2023 - Non-linear, decentralised and multi-stakeholder incident respo...
AusCERT 2023 - Non-linear, decentralised and multi-stakeholder incident respo...
Pukhraj Singh0 vistas
INT 1010 04-5.pdfINT 1010 04-5.pdf
INT 1010 04-5.pdf
Luis R Castellanos0 vistas
us-19-Shortridge-Forsgren-Controlled-Chaos-the-Inevitable-Marriage-of-DevOps-...us-19-Shortridge-Forsgren-Controlled-Chaos-the-Inevitable-Marriage-of-DevOps-...
us-19-Shortridge-Forsgren-Controlled-Chaos-the-Inevitable-Marriage-of-DevOps-...
CynthiaRothrock0 vistas
Transmission Medium.pptxTransmission Medium.pptx
Transmission Medium.pptx
AhmadAbba62 vistas
ppt 2.pptxppt 2.pptx
ppt 2.pptx
ishaanshehrawat0 vistas
Japan VPS Server Japan VPS Server
Japan VPS Server
JapanCloudServers0 vistas
LISA EVO-X Pitch DeckLISA EVO-X Pitch Deck
LISA EVO-X Pitch Deck
LEX101Labs0 vistas
Publicidad

Design Pattern for Federated Single Sign-On Access

  1. Federated Enterprise Single Sign-On Architecture Design Pattern – Tier 1 Solution Building Block Version: 1.0 Author: Mike Reams Last Modified: Design Pattern Federated Single Sign-On (SSO) A Design Pattern provides a scheme for refining the subsystems or components of a software system, or the relationships between them. It describes commonly recurring structure of communicating components that solves a general design problem within a particular context . Architectural patterns are similar to software design patterns but have a broader scope. The architectural patterns address various issues in software engineering, such as computer hardware performance limitations, high availability and minimization of a business risk. Federated SSO The Industry Standard is SAML 2.0 with Organizational Standard of assertions use SAML 2.0 Post Bindings. Supported use cases are (1) IdP Initiated; (2) SP Initiated; (3)IdP Trusted; (4) SP Real-Time Registration; Preference is to Sign both the SAML Assertion Request & Response. With PII data, entire xml must be encrypted end-to-end over the SOAP channel. SP=Service Provider | IdP=Identity Provider Architecture Domain(s) Identity Management | Security | Middleware Web Server (SP) Access Manager Access Policy General Architecture Assertion Consumer Service (ACS) Service Provider Service Provider Initiated (SP) Web Service Metadata Exchange Invokes IdPInvokes SP Identity Provider 4. IdP posts SAML Response with 10 digit ID SP Trusted User IdP Trusted User Guest User Service Provider B. Certificate & URI exchange (Build Trust) 1. User invokes a Service Provider (SP) protected URL 2. SP sends user to IdP with SAML Redirect Post Request 3. User enters credentials on IdP Login page 1. User invokes IdP protected application A. Identity Exchange 6. SP grants authorization Application 5b. SP trusted user is redirected with an IdM SAML assertion to access SP 3. User enters credentials on IdP Login page 2. IdP sends guest user to Login page (challenge URL) Assertion Consumer Service (ACS) 4. IdP posts SAML Request with a valid 10 digit ID Application 6. IdP user is authorized w/ token to access SP 5a. SP trusted user is registered real-time if not found 5. IdP Creates token for On-Prem Access
Publicidad