SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.
-
Upload
louise-skinner -
Category
Documents
-
view
218 -
download
4
Transcript of SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.
SSO Case StudySuchin RenganPrincipal Technical ArchitectSalesforce.com
2
The Scenario
OutlookBrowser
Mobile
3
Key Considerations
Must be Seamless
No Impacts to the intended Functionality
Focus on Usability
Comply with Security Standards– User credentials cannot be stored in any applications
Reusability wherever possible
Allow for Scalability
4
SSO Mechanisms
DA– SF Legacy way to accomplish SSO– Customers have to build a Web Service that will authenticate requests that are delegated by SF – User Profiles need to be enabled for SSO– Delegated Authentication configuration to point to the Delegated Authentication Web Service
hosted by the customer
SAML– SAML is a technology that enables SSO between two disparate systems (Web and Desktop)– SF supports SAML 1.1 and SAML 2.0
• Support since Summer ’08
– Supports browser post profiles– Cannot be used to accomplish SSO for desktop/ outlook/ mobile clients (DA/ OAuth2 is a better
alternative)
OAuth– Open standard for authorization (OAuth!)– Stop the password anti-pattern– Explicit grant of permission by user
• The Valet key concept
– Credential is per-service-provider• Revokable without changing password
– Browser based authentication for rich clients• Make it possible to participate in SSO
5
The Browser Scenario
BrowserIdentity Provider (Corporate Portal)
3. Post SAML
4. User Session
1. User Request
2. Validate and Generate SAML Token
6
The Outlook Scenario
Outlook
Identity Provider
User Session
Intermediary Service SAML Token
DA Service
True/ False
User Credentials (context based)
SAML Token (Login API)
DA Redirect
7
The Mobile Scenario
Mobile
NT Authentication ServicesNT Login
Credentials
DA Service
True/ False
DA Redirect
User Session
8
Summary
Been in production for 2 years
Supports 20 K users