1 / 18

Dispatcher

Hello User Sample. (Gateway). Dispatcher. Conditional Expression. 10. 3,6. Attribute Filter. 2. 1. Static Request Filter. 4. 8. 7. DNS. Portal. 5. 9. Media Wiki Hosted Sample. (Gateway). Dispatcher. Conditional Expression. 3,. 10. Extract Filter. 6. 1.

kuame-wong
Download Presentation

Dispatcher

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hello User Sample (Gateway) Dispatcher Conditional Expression 10 3,6 • Attribute Filter 2 1 Static Request Filter 4 8 7 DNS Portal 5 9

  2. Media Wiki Hosted Sample (Gateway) Dispatcher Conditional Expression 3, 10 • Extract Filter 6 1 Static Request Filter 7 4 8 2 DNS MediaWiki 9 5

  3. 1 2 Gateway OpenAM Agent OpenAM 9 4 3 5 7 WordPress 8 6

  4. Simple SSSO with WordPress and MediaWiki Browser Gateway WordPress MediaWiki 1. Browse to MediaWiki 2. Pass through request 3. MediaWiki login page returned 4. Redirect to WordPress login 5. WordPress login page 6. User submits credentials 7. Pass through and record 8. WordPress home page 9. POST MediaWiki login form with stored credentials 10. MediaWiki home page

  5. Password replay sample hr application and flat file db (sso1) Browser Gateway HR Application Flat File 1. http://hr.company.com 2. Pass request through 3. No session, redirect to login 4. Intercepts App redirect, fetches credentials 5. POST App login form 6. Validate login, redirect to HR 7. http://hr.company.com Figure 1

  6. HelloUser Sample Application Flow Browser Hello User Gateway DNS 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12.

  7. Password replay with Access Management integration (sso2) Browser Access Manager Agent Gateway HR App 2. Agent Redirects User to AM Login 1. http://hr.company.com 3. AM Logs in user, redirects back to HR App 4. Pass through request 5. No App session 6. POST App login form 7. Redirect to HR 8. http://hr.company.com Figure 2

  8. SP initiated SAML2 Post Profile SSO-2 (ssoFedSP) Alternative style HR App Gateway IDP Browser 1. http://hr.company.com 2. Pass through request 3. No session, redirect to login 4. Intercepts login request, send SAML2 AuthN Request 6. SAML2 POST AuthN Statement 7. POST App login form 8. Redirect to HR App Figure 2 9. http://hr.company.com

  9. IDP initiated SAML2 Post Profile SSO (ssoFedIDP) Browser IDP Gateway HR App 1. Authenticate User 2. SAML2 POST AuthN 8. http://hr.company.com Figure 4 3. Post App login form 7. Redirect to HR App

  10. Standards Based AM Plugin/Agent (ssoFedAgent) Access Manager Browser Gateway HR App 1. http://hr.company.com 3. Pass through request 4. No session, redirect to login 5. Intercepts login request, send SAML2 AuthN request 6. SAML2 POST Profile AuthN 7. POST App login form 7. Authenticate user 7. Redirect to HR App 8. http://hr.company.com Figure 5

  11. Agent Agent Agent Identity Gateway HR Payroll OpenAM Legacy Unsupported Custom

  12. Limited SSO Agent Agent HR Payroll OpenAM Legacy Unsupported Custom

  13. SSO Agent Agent Agent Identity Gateway HR Payroll OpenAM Legacy Unsupported Custom

  14. Federation Gateway Ringtones Identity Provider SAML2 Federation Gateway Apps Federation Gateway Accessories

  15. How SSO Works • Traffic to Legacy Application is routed through the Gateway. • Gateway is deployed as a web app protected by the OpenAM agent. • OpenAM agent is configured to pass user identifying headers to the Gateway. • Gateway filters are configured to intercept the Legacy application login pages. • When a login or timeout page is processed, the user is logged in with credentials passed from the OpenAM agent or by looking them up in an external database or vault. • Gateway optionally manages, filters, or transforms, cookies, headers, and general application content. OpenAM Agent Identity Gateway Legacy

  16. How Federation Works • Traffic to Legacy Application is routed through the Gateway. • Gateway is deployed as a web app or standalone java application. • Gateway is configured as a SAML2 endpoint in a Circle of Trust with the WAM. • Gateway filters are configured to recognize Legacy application login pages. • When the Gateway sees a login or timeout page, an SP initiated SAML2 AuthN request is sent to the WAM. • Upon receiving and processing the assertion, the Gateway logs the user in with credentials from the assertion or by looking them up in an external database or vault. • Gateway optionally manages, filters, or transforms, cookies, headers, and general application content. Federation Identity Gateway Web Access Management SAML2 Legacy

  17. OpenAM Single Sign-on Proxy Agent Identity Gateway Agent Portal Payroll HR Custom Legacy OpenAM Services Authentication Session Authorization Auditing

  18. OpenAM Federated SSO Fedlet Agent Identity Gateway Portal CRM.com Wiki.com Federation Enabled 3rd Party Access Manager OpenAM Services Liberty ID-FF SAML2 SAML1 WS-Fed

More Related