CESP-ID is a flexible authentication solution that provides secure authentication of users and enables Single Sign On between applications and organizations. It is based on the Security Assertion Markup Language (SAML) 2.0, which is an XML-based standard for exchanging authentication data between security domains. CESP-ID supports several different authentication mechanisms and is integrated with Trusted Security Server for providing verification of electronic ID (EID). CESP-ID is compliant with the Swedish healthcare standard “Bastjänster för Informationsförsörjning“, BIF and also conforms to SAML V2.0 IdP LITE profile.

1. CESP-ID
Cybercom Enhanced
Security Platform
CESP-ID is a flexible authentication solution that provides secure authentica-
tion of users and enables Single Sign On between applications and organi-
zations. It is based on the Security Assertion Markup Language (SAML) 2.0,
which is an XML-based standard for exchanging authentication data between
security domains. CESP-ID supports several different authentication mecha-
nisms and is integrated with Trusted Security Server for providing verifica-
tion of electronic ID (EID). CESP-ID is compliant with the Swedish healthcare
standard “Bastjänster för Informationsförsörjning“, BIF and also conforms to
SAML V2.0 IdP LITE profile.

2. #2-12-2009
Cybercom
CESP-ID
CESP-ID CESP-ID Authentication Service
CESP-ID is built up by two services, CESP-ID Authenti- CESP-ID Authentication Service is the Identity Provider
cation Service and CESP-ID Validation Service, which (IdP) that authenticates the user and issues a SAML
together form a flexible authentication solution. It is assertion that verifies the user’s identity. It ships with
possible to add new custom authentication provid- the following features:
ers as well as integration modules according to your
organization’s needs, thanks to CESP-ID’s extensible • Secure authentication with support for several
design and use of web services interface. different authentication methods through
CESP-ID Authentication Providers
The organization benefits of using CESP-ID is a more • Issuing of SAML 2.0 Assertions
secure authentication and effective administration of
• Signing of assertions by the XML Digital Signa-
user accounts at one place for all applications, and
ture standard
the possibility to provide Single Sign On for enhanced
user experience. • Support for Single Sign On through the SAML
Web Browser SSO Profile standard
• Support for Single Log Out (IdP- and SP-initiate
• Support for automatic registration of users
• Integration with legacy systems that use custom
stores for user credentials
• Logging of authentication events with customiz-
able detail level
Page 2

3. Cybercom
CESP-ID
CESP-ID Authentication Providers CESP-ID Validation Service
CESP-ID’s Authentication Providers delivers a flexible CESP-ID Validation Service is responsible for verifying
solution for integrating different authentication an issued SAML assertion and is used by the Service
methods with CESP-ID. The following Authentication Provider when validating a user’s identity. It performs
Providers are currently available: the following checks on each SAML assertion:
• XML Validation against schema definitions en-
• Username & Password in custom database
sures that the SAML assertion is well formed
• Integrated Windows Authentication through
• Valid Time Checking ensures that the assertion
Active Directory (NTLM / Kerberos)
is not expired and that the current time is within
• Verification of X.509-certificates including revo- the valid time window
cation control (CRL and OCSP)*
• Valid Signature Checking ensures that the asser-
• Verification of EID (electronic ID)* tion has not been tampered or forged
• Novell eDirectory using LDAP (SSL/TLS) • Signing Certificate Checking ensures that the
signing certificate was valid at the time of sign-
*All certificate verifications are done through Trusted ing and that it is issued by a trusted Certificate
Security Server, which is certified by “Bankernas ID- Authority
tjänst”
• Proof of Possession Checking ensures that the
user presenting the SAML assertion is in fact the
New authentication methods can be added by
user it was issued to
implementing a custom Authentication Provider for
CESP-ID.
CESP-ID Integration Modules
CESP-ID Attribute Providers CESP-ID Integration Modules ensures smooth integra-
CESP-ID ’s Attribute Providers makes it possible to use tion with existing applications and systems. These
several different attribute sources. It is also possible to integration modules enable other systems to take
configure which Service Providers that require certain advantage of the authentication functions that
attributes, so that each SAML Assertion is customized CESP-ID provides and can be used to achieve SSO
for the specific Service where it will be consumed. between applications.
The attributes can be retrieved from the following CESP-ID comes with a ready-made integration mod-
sources: ule for use together with Forms Authentication in
ASP.NET. This integration module is built on
• Database Microsoft’s Provider Model and can be used to
• LDAP catalog provide a SAML based authentication in applications,
for example SharePoint and EPiServer. The Forms
• X.509 Certificate
Authentication integration module includes the
following:
• Specialized login page which performs authen-
tication through CESP-ID Authentication Service
according to SAML Web Browser SSO Profile.
• SamlMembershipProvider, SamlRoleProvider and
SamlMembershipUser, which are used to create
the user’s identity and role based on his/her
SAML assertion
Page 3

4. Cybercom
CESP-ID
About Cybercom Contact Details
The Cybercom Group is a high-tech consultancy that For further information, please contact:
offers global sourcing for end-to-end solutions. The
Henrik Johansson, Business Unit Manager
Group established itself as a world-class supplier in
henrik.johansson@cybercomgroup.com
these segments: security, portal solutions, mobile
+46 70 825 00 80
services, and embedded systems.
or vistit our website www.cybercom.com
Thanks to its extensive industry and operations ex-
perience, Cybercom can offer strategic and techno-
logical expertise to these markets: telecom, industry,
media, public sector, retail, and banking and financial
services.
The Group employs 2,000 persons and runs projects
worldwide. Cybercom has 28 offices in 11 countries.
Since 1999, Cybercom’s share has been quoted on
the NASDAQ OMX Nordic Exchange. The company
was launched in 1995.
Page 4
Cybercom Group Europe AB (publ.)
P.O. Box 7574 · SE-103 93 Stockholm · Sweden
Phone: +46 8 578 646 00 · www.cybercom.com