single sign on in action
DESCRIPTION
Authority of Information Technology Application National Center of Digital Signature Authentication. Single Sign On In Action. Ninh Binh, June 25, 2010. Main Contents. SSO Overview Introduce and demo OpenSSO Introduce and demo OpenID. SSO Overview. - PowerPoint PPT PresentationTRANSCRIPT
Authority of Information Technology ApplicationNational Center of Digital Signature Authentication
Ninh Binh, June 25, 2010
Main Contents Main Contents
SSO Overview
Introduce and demo OpenSSO
Introduce and demo OpenID
SSO Overview SSO Overview
Single Sign On is a property of access control of multiple, related but independent systems. This property allows an user to login and gain access to all systems without logging in in each of them
A group of those linked systems is called a Federation .
A Federated Identity Management provides a standardized central system to manage users’ identities
Roles in a federationRoles in a federation
End User
Identity Provider: Manage Users’ Identities Issue Identities Manage Users Authenticate Users’ Identities
Service Provider: Manage access to the service Check Users’s Identities from Identity Provider Manage Users’s Profiles
Benefits of SSOBenefits of SSO
Reduce total cost of ownership Provides measurable ROI across the organization Helpdesk cost savings
Improve User Productivity and Convenience Reduce frustration of multiple log-on events Remembering passwords
Increase Security and Compliance Strengthen and centralize user access control Improved reporting and monitoring for regulatory compliance
Allow multi-factor authentication
Some Open SSO Some Open SSO SolutionsSolutions
OpenSSOOpenSSO
OpenSSO is an open source SSO solutions developed by Sun Microsystems Inc (now is subsidiary of Oracle)
OpenSSO provides access management by allowing the implementation of authentication, policy-based authorization, federation, SSO, and web services security from a single, unified framework
OpenSSO usually act as an Identity Provider in a Federation.
What does OpenSSO What does OpenSSO do ?do ?
What does OpenSSO What does OpenSSO provides ?provides ?
Access Control
Federation Management
Web Services Security
Identity Web Services
Demo OpenSSO – Step Demo OpenSSO – Step 11
Demonstrate the use of digital certificates to login to Google Apps via OpenSSO
We used services provided by SSOCircle, base on OpenSSO
User go to Google Apps website
Demo OpenSSO – Step Demo OpenSSO – Step 22
User is redirected to OpenSSO Login screen.
They can login using various of methods
Demo OpenSSO – Step Demo OpenSSO – Step 33
After logging in, I was redirected back to Google Apps
I used a certificate issued by SSOCircle to login
OpenIDOpenID
An open, decentralized protocols that allow end-users login to multiple services with a single identity
Simple and easy to deploy
Base on mature technology like HTTP, SSL/TLS, Diffie-Hellman
Open, patent free
Supported by a lot of major companies like IBM, Microsoft, Google, Yahoo, AOL.
How does OpenID work How does OpenID work ??
Each OpenID is an unique URL http://thangnm.myopenid.com
The service provider discover and establish a secure connection with the identity provider
Redirect user to the Identity Provider to login
Redirect back to service provider website
Service provider check OpenID response and grant user access if authenticated.
The popularity of The popularity of OpenID OpenID
1 billion OpenID accounts as of 12/2009
9 millions websites have integrated OpenID consumer support.
Major OpenID providers Google AOL Orange VeriSign Yahoo Microsoft
Demo OpenID – Step 1Demo OpenID – Step 1
Facebook allows a Facebook account to be linked with an OpenID account.
In Account Settings screen, you can select an OpenID provider to link accounts with.
I selected Google and enter my Facebook password to continue
Demo OpenID – Step 2Demo OpenID – Step 2
Facebook will redirect me to Google to login
I need to confirm once more to links the 2 accounts
From now on, after logging to Google Accounts, I will be logged in to Facebook automatically
Thank you. Thank you.