Web  Access  Management  in  the  Cloud:    Problem  Solved!  Single  Sign  On,  Session  Management  and  how  to  use  SiteMinder  to  protect  applica7ons  in  the  Cloud

2  www.idfconnect.com  

Why  is  IDF  Connect  Right  for  your  Enterprise?  

Our  CEO    

Launched  his  engineering  

career  with  fundamental  

companies  like  IBM  and  

Netegrity  -­‐  where  CA  SSO  

(formerly  SiteMinder)  was  

developed,  and  he  has  

worked  in  IAM  for  almost  

20  years.  

01

Has  helped  implement  the  

largest  rollouts  at  some  of  

the  leading  companies  in  

the  world,  solving  the  

most  complex  integraJon  

challenges,  bridging  the  

deepest  technology  to  the  

execuJve  and  boardroom.   02

And,  for  the  last  six  years  

he  has  been  developing  

SSO/Rest,  a  soluJon  that  is  

approved  of  by  fortune  50  

companies,  those  of  which  

now  possess  true,  

complete  Web  Access  

Management  in  the  Cloud

03

3  www.idfconnect.com  

IIS  

HTML5  

XML  

Cloud  

CSS3  

Proven  Success  with  Large  Enterprises  

Seamless  and  Secure  IntegraJon Fortune  50  retail  company  makes  an  acquisiJon,  and  has  

seamlessly  and  securely  integrated  the  new  web  apps  with  its  

eCommerce  portal,  without  having  to  bring  the  apps  in-­‐house  

or  creaJng  a  VPN  to  the  new  company

Successfully  Moving  .Net  applicaJons  to  MicrosoT  Azure Fortune  50  finance  company  successfully  moves  its  .Net  

applicaJons  to  MicrosoT  Azure  while  preserving  all  of  its  SSO  

integraJons,  authenJcaJon  and  access  policies,  and  audit  

capabiliJes

js  

PHP  

Acquired  Company  Exis7ng  Web  Apps

.NET  

.Net  Applica7ons   MicrosoC  Azure  

C#  

eCommerce  Portal

ASP.NET  

4  www.idfconnect.com  

The  SituaLon  

50+  applicaJons  integrated  with  WAM  infrastructure

MulJple  user  directories

MulJple  Password  policies

MulJple  authenJcaJon  mechanisms  incl  2FA

A  Common  Quandary!  

Constraints  

NO  new  firewall  ports

NO  cloud-­‐to-­‐datacenter  VPNs

NO  syncing/pushing  employee  credenJals  to  the  cloud

Key  QuesLon   How  do  we  leverage  our  exisLng  WAM  infrastructure  to  handle  plaQorms  &  applicaLons  in  the  public  cloud?  

5  www.idfconnect.com  

AuthenJcaJon  Management

Access  Control  Enforcement

Single  Sign  On

Idle  Session  Timeout

Session  Maximum  Time-­‐to-­‐Live

Centralized  Audit

Web  Access  Management  

06 01

02

03 04

05

A  Complete  Web  Access  Management  SoluLon  

6  www.idfconnect.com  

Centralized  Audit

Centralized  Audit

WAM  Gaps  in  the  Cloud  

AuthenJcaJon  Management

Access  Control  Enforcement

Single  Sign  On

Idle  Session  Timeout

Session  Maximum  Time-­‐to-­‐Live

01

03

06

Session  Maximum  Time-­‐to-­‐Live

Idle  Session  Timeout

Access  Control  Enforcement

02 Web  Access  Management  (Gaps  in  the  

Cloud)  

04

05

7  www.idfconnect.com  

Access  Control  Enforcement

Idle  Session  Timeout

Session  Maximum  Time-­‐to-­‐Live

Centralized  Audit

Centralized  Audit

WAM  Gaps  in  the  Cloud  All  Solved  by  SSO/Rest

AuthenJcaJon  Management

Access  Control  Enforcement

Single  Sign  On

Idle  Session  Timeout

Session  Maximum  Time-­‐to-­‐Live

01

03

06

02 Web  Access  Management  (Gaps  in  the  

Cloud)  

04

05

8  www.idfconnect.com  

The  SSO/Rest  SoluLon  

A

B

C

D

SSO/Rest  combines  exisJng  

and  emerging  technologies  to  

extend  the  perimeter  of  your  

WAM  soluJon  safely  and  

securely  into  your  public  Cloud  

pla^orms

SSO/Rest!  

Rest  based-­‐  lightweight

No  firewall  holes  -­‐  secure

Easy  to  use,  handles  latency,    transparent….

Engineered  to  solve  this  problem

9  www.idfconnect.com  

Server-­‐side  ApplicaJon  IntegraJon

AJAX  /  Mobile  /  Thick  Client  ApplicaJon  IntegraJon

ApplicaJons  in  the  Cloud

WAM-­‐as-­‐a-­‐Service

"Agent-­‐less"  Infrastructure

5  SSO/Rest  Use  Cases  

SSO/Rest  Solves  Many  Challenges  

10  www.idfconnect.com  

SSO/Rest  SoluLon  Architecture  

Cloud  App(s)   SSO/Rest  Gateway   Policy  Decision  Point  (e.g.  CA  SiteMinder)  

Legend

Browser  HTTP  traffic SSO/Rest  HTTP  traffic WAM  traffic  (vendor-­‐specific)

Corporate  Network  

SSO/Rest  Plugin  

Cloud  

Browser  

11  www.idfconnect.com  

“Look  Mom!  No  VPN!”

SSO/Rest  Engine  

Login

Update  Session

Validate  Session

isProtected

Gateway

Enable  /  Disable

Change  Password

isAuthorized

SSO/Rest  Web  Services  Endpoints  

12  www.idfconnect.com  

Remember:  FederaLon  is  NOT  the  Same  as  Web  Access  Management  

FederaLon   Web  Access  Management  (WAM)  

One-­‐Jme  handoff  from  partner  IDP

Limited  logout  capability Perimeter  Defense

Audit

Access  control

www.yourwebsite.com

future business

Policy  Enforcement  Point  (PEP)

Policy  Decision  Point  (PDP)

www.yourwebsite.com

future business

AuthenJcaJon

SAML  OAuth  OpenID  

Session  lifecycle  management

THANK   YOU !  For  More  InformaJon,  Please  Visit

IDF  Connect,  Inc.  2207  Concord  Pike  #359 Wilmington,  DE  19803 Phone:  (888)  765-­‐1611 Fax:  (888)  765-­‐7284

www.idfconnect.com

www.linkedin.com/in/rsand

@IDFConnect

www.facebook.com/IDFConnect

@rsand2

Turn  CA  SSO  into  your  Enterprise  2-­‐Factor  Auth  SoluJon  with  SSO/MobileKey.  For  more  details  visit  www.idfconnect.com/products/sso-­‐mobilekey/  

Also  check  out  our  other  products:  www.idfconnect.com/products