1 / 39

Extend SSO and Federation for Your SiteMinder Portal—for Less Time, Hassle, and Money

Extend SSO and Federation for Your SiteMinder Portal—for Less Time, Hassle, and Money. Elle Griffin, Radiant Logic June 28, 2012. Business Demands Evolution. Your portal has to grow and changes as business needs evolve. This means integrating: NEW INITIATIVES NEW APPLICATIONS

osanna
Download Presentation

Extend SSO and Federation for Your SiteMinder Portal—for Less Time, Hassle, and Money

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Extend SSO and Federation for Your SiteMinder Portal—for Less Time, Hassle, and Money Elle Griffin, Radiant Logic June 28, 2012

  2. Business Demands Evolution • Your portal has to grow and changes as business needs evolve. This means integrating: • NEW INITIATIVES • NEW APPLICATIONS • NEW USER POPULATIONS SiteMinder is not designed to navigate and manage this heterogeneous identity layer.

  3. SiteMinder’s Growing Pains SiteMinder Runs Into Trouble When It Comes to Identity Integration or Identity Federation: 1. Adding a New User Repository without Custom Configurations 2. Enabling Cross-Application SSO 3. Routing Authentication Across Multiple Sources 4. Rationalizing User Collision Across Disparate Sources

  4. SiteMinder in Typical WAM and Federation Deployments

  5. Ideal SiteMinder Deployment:Portal Hosting Multiple Applications

  6. Adding Multiple Authentication Sources Slows Your System and Hinders Authentication

  7. A Typical SiteMinder Deployment: Portal in Federation Mode

  8. Adding Multiple Authentication Sources is a Challenge for the Identity Provider

  9. Adding Multiple IdPs Could be a Solution--- But Could Jeopardizes SSO

  10. The Solution: A Federated Identity Service Based on Virtualization

  11. Federated Identity Based on Virtualization

  12. Building a Federated Identity Service • Enable Authentication and SSO Across Multiple Sources • Build a union list with no duplicates • Support Attribute-Driven Authorization • Extend profiles with join • Connect to Siteminder • Provide a single access point for web access management

  13. Authentication: Build a Global View

  14. Authentication Through Union

  15. Authorization Through Join

  16. Siteminder + Radiant = SSO

  17. STEP 1: Inventory Your Identity Sources and Remap Data to Create a Common Namespace

  18. STEP 2: Build a Global List with No Duplications

  19. STEP 3: Delegate Authentication to the Appropriate Source

  20. STEP 4: Gather Attributes to Build a Virtualized Global Profile

  21. STEP 5: Add SiteMinder-Specific Attributes

  22. The Result: A SiteMinder That is Easier to Use, Costs Less Money, and Provides SSO

  23. Your SiteMinder in Less Time, Hassle and Money • One Secure Access Point for SiteMinder • Enable New Applications, Functionality, and User Populations • Does not Disrupt Current Deployments • Intuitive, Wizard-Driven Work Process • Reusable for Any Initiative Beyond SiteMinder: Directory Migration, Cloud Integration, Federation, the list goes on!

  24. Thank you Continue the conversation… Twitter: @RadiantLogic @RadiantElle Facebook.com/radiantlogic

  25. Extending SiteMinder With Federated Identities Todd Clayton, Co-Founder todd.clayton@coreblox.com @tclayton

  26. The IAM System Improving the Solution Unify auth sources and provide custom auth w/o code Extend authorization with profile enrichment Provide an unified point of access for audit information Leverage caching to improve system performance and access for HA

  27. SiteMinder Challenges • Environments with a high number of user repositories • Enriching your policies for fine-grained authorization • Adding new identity stores and user populations to SiteMinder • Extending SiteMinder to enable cross-application SSO, even if you don’t have a global user identifier • Simplifying the management of users and policies • Addressing custom data requirements • Making the data available beyond SiteMinder

  28. Adding a New Directory to SiteMinder • Create a new user directory • Add the user directory to each domain • Configure the authorized users in each relevant policy in the domains • Define the Directory Mapping configurations • Add the Directory Mapping to each relevant realm or advanced application configuration How Do You Handle This With 500 Applications???

  29. Directory Mapping What happens with no common attribute in 12.5 or attributes are in different cases Only option pre 12.5 What about multiple mappings of the same type? Only legacy mappings for Applications

  30. Where Directory Mapping Doesn’t Work • Federation has no mapping capabilities to retrieve attributes from other user repositories without coding for legacy federation • Disparate name identifiers or attributes across repositories for partnership federation • Systems which require a common GUID to map to disparate directories or databases where none exists • Application of multiple mappings to a single resource (realm) that depend upon the context of the request • There must be an attribute that have a unique value for each user (if 2 are found, then mapping fails)

  31. Adding a New Directory VDS • Add the new user directory to VDS • Incorporate the user directory into the existing hierarchy With No SiteMinder Changes!!!

  32. Build a Complete Profile withall Required Attributes

  33. Aggregate and Disambiguate Identities One view of the identity across systems tclayton@co.com CID: tclayton@co.com 1470233 toddclay

  34. SiteMinder Integration Opportunities • Password Policies across multiple repositories • Advanced attribute handling • SharePoint Agent dynamic groups • Creation of a repeatable deployment methodology through infrastructure blocks • Dynamic attributes and policies without coding • SiteMinder Policy Store

  35. Disparate Password Policies • Underlying user repositories have different password policies • Need common model across all applications regardless of user source • Requirement to prevent invalid “strikes” when authenticating against multiple directories • Need to store password data for LDAP users in a database

  36. Advanced Attribute Management • Modify attribute values • Combine attributes into a single response • Implement business logic when determining attribute values • Integrate data from “chained” objects • Map users to NT Domain for Integrated Windows Authentication • Create internal dynamic groups

  37. SiteMinder “Block” Concept

  38. Key Technical Benefits • Packaged Solution • Federated Identity Driven • Map Users Across Disparate User Stores • Enable Fine-Grained Authorization • Common Data Abstraction Layer

  39. Questions CoreBlox 877-879-2569 info@coreblox.com www.coreblox.com www.ssohelp.com @coreblox or @ssohelp

More Related