OpenAM: An Introduction
-
Upload
forgerock -
Category
Technology
-
view
22.192 -
download
2
description
Transcript of OpenAM: An Introduction
2IRM Summit 2014
Agenda
■ ForgeRock Stack overview
■ OpenAM Overview
■ Authentication
■ Authorization
■ Federation
5IRM Summit 2014
Classic scenario IUser wants to use an application...
User
Application
which does not require any of ForgeRock's products, but ...
Provides single sign-on to web resources and create a sign on once, access everywhere environment
Centralized policy based authentication and authorization
Enables policy enforcement Tracks all user authentication related events Extends access beyond organizational boundaries
OpenAM Key Functionality
Authentication Authorization Single Sign-On Federation
Entitlements Web Services Security Auditing/Logging Adaptive AuthN
18IRM Summit 2014
■ Common use case: User requests access to a web page
■ Other Use Cases: Applications can request authentication programatically through REST or SOAP web services and OpenAM SDK
Where does the request come from?
19IRM Summit 2014
■ OpenAM works with most authentication methods without customization
■ 21 out of the box Authentication modules
■ Custom modules can be created easily
Which Credentials?
20IRM Summit 2014
Active Directory Adaptive Risk Anonymous Certificate Data Store Device Print Federation HOTP
HTTP Basic JDBC LDAP Membership MSISDN OATH OAuth 2.0 RADIUS
SAE SecurID Windows
Desktop SSO Windows NT WSSAuth
FR-420 OpenAM 11 Deployment Copyright 2014 ForgeRock AS All Rights Reserved. Revision A.
Authentication Modules
23IRM Summit 2014
Authorization■ Authentication is not enough
■ Authorization determines:
– WHO can do
– what ACTIONS
– with what RESOURCES
– under which CONDITIONS?
■ Uses Policies to define those rights
26IRM Summit 2014
Federation■ Federation is the process of linking identities across
heterogeneous Access Management products
■ It is a trust relationship whereby a Service Provider (SP) trusts that an Identity Provider (IDP) has successfully authenticated a user
■ It is Standard Based
27IRM Summit 2014
Goals of Federation■ Federation enables Single Sign On and Single
Logout between partners
■ Federation allows rapid integration
– during company acquisitions
– between heterogeneous systems
■ Federation allows basic Identity Data Sharing
■ Helps to keep multiple internet accounts under control
28IRM Summit 2014
Federation Standards
OpenAMSAML
1.0SAML
1.xSAML
2.0
Liberty ID-FF 1.1/1.2
Shibboleth 1.0/1.1
Shibboleth 2(SAML2)
WS-Federation 1.1
ADFS
ADFS2
OAUTH 1.0 OAUTH 2.0
OpenIDConnect
REST/JSON
SOAP
WS-Federation 1.0
2002 Today
30IRM Summit 2014
OpenAM Federation
■ OpenAM provides first class federation support
■ Federation Protocol support– SAML2, WS-Federation, ID-FF, OAuth2
■ Federated Web Services
■ Multi-Protocol Hub– Allows OpenAM to act as a broker between different federation protocols
■ Plug-in points allow for easy customization
■ Fedlet for applications that do not support standard protocols