際際滷

際際滷Share a Scribd company logo

Workshop: Advanced Federation Use-Cases with PingFederate

Download as pptx, pdf
C
Craig Wu

The document summarizes an agenda for a workshop on advanced federation use cases with PingFederate. It includes introductions of the presenters, an overview of new features in PingFederate like OAuth and adaptive federation, demos of these features, and how to extend PingFederate through plugins and the software development kit.

1 of 40
Downloaded 88 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Workshop: Advanced Federation Use-Cases with PingFederate Craig Wu - Director, Product Development Peter Motykowski - Senior Engineer/Developer
Agenda Introductions New Features Overview OAuth Adaptive Federation PingFederate 6.7 and beyond 2 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
Agenda Demos OAuth Authorization Code Flow Adaptive Federation Use Cases Adapter Selectors Composite Adapter Multiple IdP data stores 3 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
Agenda Extending PingFederate Developing Plugins PingFederate SDK Building a custom adapter selector 4 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
Who are these guys? INTRODUCTIONS 5 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
Craig Wu Director, Product Development Been with Ping Identity since Feb 2007 Started with Integration Kits PF STS integration PingFederate Fall 2009 PF 6.2 6 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
Peter Motykowski Senior Engineer/Developer Been with Ping Identity since May 2007 Started with PingLabs PF STS Integration, Adapter Selectors, OAuth 7 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
PingFederate Engineering Team Denver, CO - Vancouver, BC - Moscow, Russia - Dublin, Ireland 8 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
PingFederate 6.5 OAUTH 9 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
OAuth - Drivers 10 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
OAuth - Securing APIs Simple and Standard exchange user credentials for tokens Present token for access Scopes to limit access Easily revoke access Browser, mobile and desktop clients PingFederate Authorization Server User authenticates with AS Leverage existing PF authentication 11 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
OAuth Demo Demo Overview Payment Gateway with REST API secured using OAuth 2.0 (Resource Server) Users authenticate to the PF Authorization Server, then approve issuance of an OAuth token (Client) Tunes Partner application can request: One-time Payments Perpetual Payments Initiated via Web or Native Mobile Application partner OAuth clients 12
Web One Time / Initial Payments ( 4 ) Validate Token ( 5 ) Charge Authorization Server ( 2 ) Get Token Payment Gateway (REST API endpoint) Browser ( 3 ) Use Token ( 1 ) Request Action Tunes Partner Web 13
PingFederate 6.6 ADAPTIVE FEDERATION 14 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
PingFederate Adaptive Federation 1 2 3 Define rules for directing user to an Create a chain of authentication SAML Gather identity attributes from multiple authentication method adapters sources allowing for smart attribute retrieval and reducing the need for Examples Examples deploying a virtual directory If user is from specific IP Consumer - Facebook AND One If user is from outside firewall Time Password Example If app requires specific type of Remote User - LDAP AND RSA Fulfill attribute contract with LDAP and authentication SecurID RDBMS data sources
Adapter Selectors Administrators create authentication rules using adapter selectors Authentication Rules are evaluated during SSO transaction The result values are mapped to specific adapters to be used for authentication Executed in ordered sequence Bundled 6.6 selectors CIDR SAML AuthN Context Custom Selector SDK
CIDR Adapter Selector
SAML AuthN Context Adapter Selector
Adapter Chaining via Composite Adapter Administrators chain adapters to execute in ordered sequence Composite adapter instance treated as single adapter instance Required policy creates multi-factor authentication Sufficient policy supports OR condition Authentication context weight and override
Composite Adapter
Multiple Datastore Attribute Lookup Connect to multiple directories and databases Pull attributes from any number and combination of data sources Fulfill complex attribute requirements Benefits Easily aggregate identity attributes from multiple data sources Reduce need for: Virtual Directories Custom Data Sources
IdP Multiple Datastore Lookup SP Connection Attribute Contract Fulfillment Browser SSO WS-Trust Adapter to Adapter Attribute Query Use return values from one data store as a filter criteria for a subsequent data store query
LDAP Adapter Replacement HTML Form Adapter Session Management Global Per Adapter None Per instance form template HTTP Basic Adapter Password Credential Validators Simple Username LDAP Username Can have multiple PCV instances per adapter
HTML Form Adapter
HTTP Basic Adapter
Adaptive Federation Demo 26 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
Monitoring Splunk App for PingFederate Support PF 6.3 and above Based on audit log Enable Splunk log4j appender SSO transaction and system report current transactions system health system errors Service Reports daily usage report SP/IdP provider reports per connection Trend Reports weekly/monthly usage report trend analysis 27 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
Splunk App for PingFederate 28 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
Free on SplunkBase http://splunk-base.splunk.com/apps/Splunk+App+for+PingFederate 29 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
PingFederate 6.7 and beyond PINGFEDERATE FUTURES 30 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
PingFederate 2012 Releases Two month releases RTM Release to Marketing Fully qualified and documented Upgrade Utility Marketing determines GA 31 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
PingFederate 6.7 - RTM Feb 24, 2012 Admin Console Optimizations Large number of connections Large number of adapters Splunk App for PingFederate 32 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
PingFederate 6.8 RTM April 27, 2012 Centralized configuration for AD Domains/Kerberos Realms IWA 3.0 Adapter Kerberos Token Translator 2.0 OAuth Client Management API REST API for CRUD operations 33 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
Centralized AD Domain Configuration 34 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
IWA Adapter 3.0 35 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
PingFederate 6.9 RTM June 29, 2012 Microsoft Office 365 Interoperability Upgrade Jetty Remove JBoss 36 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
PingFederate Software Development Kit (SDK) EXTENDING PINGFEDERATE 37 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
PingFederate Plugins Adapters Token Translators Custom Data Sources Adapter Selectors Password Credential Validators 38 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
Custom Adapter Selector HTTP Header Adapter Selector 39 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
Adapter Selector API Overview Methods needing to be implemented for the com.pingidentity.sdk.AdapterSelector interface: PluginDescriptor getPluginDescriptor(); void configure(Configuration configuration); AdapterSelectorContext selectContext(HttpServletRequest req, HttpServletResponse resp, Map<String, String> mappedAdapterIdsNames, Map<String, Object> extraParameters, String resumePath); void callback(HttpServletRequest req, HttpServletResponse resp, Map authnIdentifiers, String adapterInstanceId, AdapterSelectorContext adapterSelectorContext); 40 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
Ad

Recommended

Hard-drive Analysis
Hard-drive Analysis
N. Savanah Kennedy
Cross site scripting
Cross site scripting
n|u - The Open Security Community
CyberArk
CyberArk
Jimmy Sze
Evolution of right to freedom of speech and expression
Evolution of right to freedom of speech and expression
Altacit Global
Teorias principales criminologia
universalfun
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
CloudIDSummit
Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...
Seasonal Burst Handling Using Hybrid Cloud Infrastructure from Cloud Security...
CA API Management
OpenStack Security
OpenStack Security
openstackindia
My private cloud overview
My private cloud overview
davidwchadwick
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
Michael Noel
cWizard Overview
cWizard Overview
bwarrick
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
WSO2
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
Michael Noel
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
Bruce O'Dell
Open source identity management 20121106 - apache con eu
Open source identity management 20121106 - apache con eu
Francesco Chicchiricc嘆
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Michael Noel
Criticality of identity
Criticality of identity
Nordic APIs
Moving Security Model From Content to Context
Moving Security Model From Content to Context
Paolo Passeri
Contextual Authentication
Contextual Authentication
PortalGuard dba PistolStar, Inc.
Making Sense of API Access Control
Making Sense of API Access Control
CA API Management
Analyzing OAuth
Analyzing OAuth
Oliver Pfaff
New Trends in Web Security
New Trends in Web Security
Oliver Pfaff
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
Microsoft TechNet - Belgium and Luxembourg
Layer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web Services
CA API Management
Vfm palo alto next generation firewall
Vfm palo alto next generation firewall
vfmindia
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
Cisco Service Provider Mobility
BranchOffice Szenarios
BranchOffice Szenarios
Digicomp Academy AG
Denial of Service in Software Defined Netoworks
Denial of Service in Software Defined Netoworks
Mohammad Faraji
June Patch Tuesday
June Patch Tuesday
Ivanti
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptx
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptx
FIDO Alliance

More Related Content

Similar to Workshop: Advanced Federation Use-Cases with PingFederate (20)

My private cloud overview
My private cloud overview
davidwchadwick
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
Michael Noel
cWizard Overview
cWizard Overview
bwarrick
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
WSO2
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
Michael Noel
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
Bruce O'Dell
Open source identity management 20121106 - apache con eu
Open source identity management 20121106 - apache con eu
Francesco Chicchiricc嘆
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Michael Noel
Criticality of identity
Criticality of identity
Nordic APIs
Moving Security Model From Content to Context
Moving Security Model From Content to Context
Paolo Passeri
Contextual Authentication
Contextual Authentication
PortalGuard dba PistolStar, Inc.
Making Sense of API Access Control
Making Sense of API Access Control
CA API Management
Analyzing OAuth
Analyzing OAuth
Oliver Pfaff
New Trends in Web Security
New Trends in Web Security
Oliver Pfaff
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
Microsoft TechNet - Belgium and Luxembourg
Layer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web Services
CA API Management
Vfm palo alto next generation firewall
Vfm palo alto next generation firewall
vfmindia
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
Cisco Service Provider Mobility
BranchOffice Szenarios
BranchOffice Szenarios
Digicomp Academy AG
Denial of Service in Software Defined Netoworks
Denial of Service in Software Defined Netoworks
Mohammad Faraji
My private cloud overview
My private cloud overview
davidwchadwick
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
Michael Noel
cWizard Overview
cWizard Overview
bwarrick
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
WSO2
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
Michael Noel
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
Bruce O'Dell
Open source identity management 20121106 - apache con eu
Open source identity management 20121106 - apache con eu
Francesco Chicchiricc嘆
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Michael Noel
Criticality of identity
Criticality of identity
Nordic APIs
Moving Security Model From Content to Context
Moving Security Model From Content to Context
Paolo Passeri
Contextual Authentication
Contextual Authentication
PortalGuard dba PistolStar, Inc.
Making Sense of API Access Control
Making Sense of API Access Control
CA API Management
Analyzing OAuth
Analyzing OAuth
Oliver Pfaff
New Trends in Web Security
New Trends in Web Security
Oliver Pfaff
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
Microsoft TechNet - Belgium and Luxembourg
Layer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web Services
CA API Management
Vfm palo alto next generation firewall
Vfm palo alto next generation firewall
vfmindia
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
Cisco Service Provider Mobility
BranchOffice Szenarios
BranchOffice Szenarios
Digicomp Academy AG
Denial of Service in Software Defined Netoworks
Denial of Service in Software Defined Netoworks
Mohammad Faraji

Recently uploaded (20)

June Patch Tuesday
June Patch Tuesday
Ivanti
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptx
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptx
FIDO Alliance
Crypto Super 500 - 14th Report - June2025.pdf
Crypto Super 500 - 14th Report - June2025.pdf
Stephen Perrenod
Kubernetes Security Act Now Before Its Too Late
Kubernetes Security Act Now Before Its Too Late
Michael Furman
Mastering AI Workflows with FME - Peak of Data & AI 2025
Mastering AI Workflows with FME - Peak of Data & AI 2025
Safe Software
Security Tips for Enterprise Azure Solutions
Security Tips for Enterprise Azure Solutions
Michele Leroux Bustamante
Tech-ASan: Two-stage check for Address Sanitizer - Yixuan Cao.pdf
Tech-ASan: Two-stage check for Address Sanitizer - Yixuan Cao.pdf
caoyixuan2019
Addressing Evolving AI Model Challenges Through Memory and Storage, a Prese...
Addressing Evolving AI Model Challenges Through Memory and Storage, a Prese...
Edge AI and Vision Alliance
Raman Bhaumik - Passionate Tech Enthusiast
Raman Bhaumik - Passionate Tech Enthusiast
Raman Bhaumik
SAP Modernization Strategies for a Successful S/4HANA Journey.pdf
SAP Modernization Strategies for a Successful S/4HANA Journey.pdf
Precisely
Supporting the NextGen 911 Digital Transformation with FME
Supporting the NextGen 911 Digital Transformation with FME
Safe Software
Bridging the divide: A conversation on tariffs today in the book industry - T...
Bridging the divide: A conversation on tariffs today in the book industry - T...
BookNet Canada
Enabling BIM / GIS integrations with Other Systems with FME
Enabling BIM / GIS integrations with Other Systems with FME
Safe Software
Providing an OGC API Processes REST Interface for FME Flow
Providing an OGC API Processes REST Interface for FME Flow
Safe Software
FIDO Alliance Seminar State of Passkeys.pptx
FIDO Alliance Seminar State of Passkeys.pptx
FIDO Alliance
Securing Account Lifecycles in the Age of Deepfakes.pptx
Securing Account Lifecycles in the Age of Deepfakes.pptx
FIDO Alliance
FIDO Seminar: Targeting Trust: The Future of Identity in the Workforce.pptx
FIDO Seminar: Targeting Trust: The Future of Identity in the Workforce.pptx
FIDO Alliance
FME for Distribution & Transmission Integrity Management Program (DIMP & TIMP)
FME for Distribution & Transmission Integrity Management Program (DIMP & TIMP)
Safe Software
OpenACC and Open Hackathons Monthly Highlights June 2025
OpenACC and Open Hackathons Monthly Highlights June 2025
OpenACC
AI vs Human Writing: Can You Tell the Difference?
AI vs Human Writing: Can You Tell the Difference?
Shashi Sathyanarayana, Ph.D
June Patch Tuesday
June Patch Tuesday
Ivanti
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptx
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptx
FIDO Alliance
Crypto Super 500 - 14th Report - June2025.pdf
Crypto Super 500 - 14th Report - June2025.pdf
Stephen Perrenod
Kubernetes Security Act Now Before Its Too Late
Kubernetes Security Act Now Before Its Too Late
Michael Furman
Mastering AI Workflows with FME - Peak of Data & AI 2025
Mastering AI Workflows with FME - Peak of Data & AI 2025
Safe Software
Security Tips for Enterprise Azure Solutions
Security Tips for Enterprise Azure Solutions
Michele Leroux Bustamante
Tech-ASan: Two-stage check for Address Sanitizer - Yixuan Cao.pdf
Tech-ASan: Two-stage check for Address Sanitizer - Yixuan Cao.pdf
caoyixuan2019
Addressing Evolving AI Model Challenges Through Memory and Storage, a Prese...
Addressing Evolving AI Model Challenges Through Memory and Storage, a Prese...
Edge AI and Vision Alliance
Raman Bhaumik - Passionate Tech Enthusiast
Raman Bhaumik - Passionate Tech Enthusiast
Raman Bhaumik
SAP Modernization Strategies for a Successful S/4HANA Journey.pdf
SAP Modernization Strategies for a Successful S/4HANA Journey.pdf
Precisely
Supporting the NextGen 911 Digital Transformation with FME
Supporting the NextGen 911 Digital Transformation with FME
Safe Software
Bridging the divide: A conversation on tariffs today in the book industry - T...
Bridging the divide: A conversation on tariffs today in the book industry - T...
BookNet Canada
Enabling BIM / GIS integrations with Other Systems with FME
Enabling BIM / GIS integrations with Other Systems with FME
Safe Software
Providing an OGC API Processes REST Interface for FME Flow
Providing an OGC API Processes REST Interface for FME Flow
Safe Software
FIDO Alliance Seminar State of Passkeys.pptx
FIDO Alliance Seminar State of Passkeys.pptx
FIDO Alliance
Securing Account Lifecycles in the Age of Deepfakes.pptx
Securing Account Lifecycles in the Age of Deepfakes.pptx
FIDO Alliance
FIDO Seminar: Targeting Trust: The Future of Identity in the Workforce.pptx
FIDO Seminar: Targeting Trust: The Future of Identity in the Workforce.pptx
FIDO Alliance
FME for Distribution & Transmission Integrity Management Program (DIMP & TIMP)
FME for Distribution & Transmission Integrity Management Program (DIMP & TIMP)
Safe Software
OpenACC and Open Hackathons Monthly Highlights June 2025
OpenACC and Open Hackathons Monthly Highlights June 2025
OpenACC
AI vs Human Writing: Can You Tell the Difference?
AI vs Human Writing: Can You Tell the Difference?
Shashi Sathyanarayana, Ph.D
Ad

Workshop: Advanced Federation Use-Cases with PingFederate

  • 1. Workshop: Advanced Federation Use-Cases with PingFederate Craig Wu - Director, Product Development Peter Motykowski - Senior Engineer/Developer
  • 2. Agenda Introductions New Features Overview OAuth Adaptive Federation PingFederate 6.7 and beyond 2 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 3. Agenda Demos OAuth Authorization Code Flow Adaptive Federation Use Cases Adapter Selectors Composite Adapter Multiple IdP data stores 3 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 4. Agenda Extending PingFederate Developing Plugins PingFederate SDK Building a custom adapter selector 4 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 5. Who are these guys? INTRODUCTIONS 5 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 6. Craig Wu Director, Product Development Been with Ping Identity since Feb 2007 Started with Integration Kits PF STS integration PingFederate Fall 2009 PF 6.2 6 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 7. Peter Motykowski Senior Engineer/Developer Been with Ping Identity since May 2007 Started with PingLabs PF STS Integration, Adapter Selectors, OAuth 7 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 8. PingFederate Engineering Team Denver, CO - Vancouver, BC - Moscow, Russia - Dublin, Ireland 8 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 9. PingFederate 6.5 OAUTH 9 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 10. OAuth - Drivers 10 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 11. OAuth - Securing APIs Simple and Standard exchange user credentials for tokens Present token for access Scopes to limit access Easily revoke access Browser, mobile and desktop clients PingFederate Authorization Server User authenticates with AS Leverage existing PF authentication 11 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 12. OAuth Demo Demo Overview Payment Gateway with REST API secured using OAuth 2.0 (Resource Server) Users authenticate to the PF Authorization Server, then approve issuance of an OAuth token (Client) Tunes Partner application can request: One-time Payments Perpetual Payments Initiated via Web or Native Mobile Application partner OAuth clients 12
  • 13. Web One Time / Initial Payments ( 4 ) Validate Token ( 5 ) Charge Authorization Server ( 2 ) Get Token Payment Gateway (REST API endpoint) Browser ( 3 ) Use Token ( 1 ) Request Action Tunes Partner Web 13
  • 14. PingFederate 6.6 ADAPTIVE FEDERATION 14 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 15. PingFederate Adaptive Federation 1 2 3 Define rules for directing user to an Create a chain of authentication SAML Gather identity attributes from multiple authentication method adapters sources allowing for smart attribute retrieval and reducing the need for Examples Examples deploying a virtual directory If user is from specific IP Consumer - Facebook AND One If user is from outside firewall Time Password Example If app requires specific type of Remote User - LDAP AND RSA Fulfill attribute contract with LDAP and authentication SecurID RDBMS data sources
  • 16. Adapter Selectors Administrators create authentication rules using adapter selectors Authentication Rules are evaluated during SSO transaction The result values are mapped to specific adapters to be used for authentication Executed in ordered sequence Bundled 6.6 selectors CIDR SAML AuthN Context Custom Selector SDK
  • 18. SAML AuthN Context Adapter Selector
  • 19. Adapter Chaining via Composite Adapter Administrators chain adapters to execute in ordered sequence Composite adapter instance treated as single adapter instance Required policy creates multi-factor authentication Sufficient policy supports OR condition Authentication context weight and override
  • 21. Multiple Datastore Attribute Lookup Connect to multiple directories and databases Pull attributes from any number and combination of data sources Fulfill complex attribute requirements Benefits Easily aggregate identity attributes from multiple data sources Reduce need for: Virtual Directories Custom Data Sources
  • 22. IdP Multiple Datastore Lookup SP Connection Attribute Contract Fulfillment Browser SSO WS-Trust Adapter to Adapter Attribute Query Use return values from one data store as a filter criteria for a subsequent data store query
  • 23. LDAP Adapter Replacement HTML Form Adapter Session Management Global Per Adapter None Per instance form template HTTP Basic Adapter Password Credential Validators Simple Username LDAP Username Can have multiple PCV instances per adapter
  • 26. Adaptive Federation Demo 26 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 27. Monitoring Splunk App for PingFederate Support PF 6.3 and above Based on audit log Enable Splunk log4j appender SSO transaction and system report current transactions system health system errors Service Reports daily usage report SP/IdP provider reports per connection Trend Reports weekly/monthly usage report trend analysis 27 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 28. Splunk App for PingFederate 28 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 29. Free on SplunkBase http://splunk-base.splunk.com/apps/Splunk+App+for+PingFederate 29 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 30. PingFederate 6.7 and beyond PINGFEDERATE FUTURES 30 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 31. PingFederate 2012 Releases Two month releases RTM Release to Marketing Fully qualified and documented Upgrade Utility Marketing determines GA 31 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 32. PingFederate 6.7 - RTM Feb 24, 2012 Admin Console Optimizations Large number of connections Large number of adapters Splunk App for PingFederate 32 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 33. PingFederate 6.8 RTM April 27, 2012 Centralized configuration for AD Domains/Kerberos Realms IWA 3.0 Adapter Kerberos Token Translator 2.0 OAuth Client Management API REST API for CRUD operations 33 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 34. Centralized AD Domain Configuration 34 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 35. IWA Adapter 3.0 35 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 36. PingFederate 6.9 RTM June 29, 2012 Microsoft Office 365 Interoperability Upgrade Jetty Remove JBoss 36 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 37. PingFederate Software Development Kit (SDK) EXTENDING PINGFEDERATE 37 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 38. PingFederate Plugins Adapters Token Translators Custom Data Sources Adapter Selectors Password Credential Validators 38 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 39. Custom Adapter Selector HTTP Header Adapter Selector 39 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.
  • 40. Adapter Selector API Overview Methods needing to be implemented for the com.pingidentity.sdk.AdapterSelector interface: PluginDescriptor getPluginDescriptor(); void configure(Configuration configuration); AdapterSelectorContext selectContext(HttpServletRequest req, HttpServletResponse resp, Map<String, String> mappedAdapterIdsNames, Map<String, Object> extraParameters, String resumePath); void callback(HttpServletRequest req, HttpServletResponse resp, Map authnIdentifiers, String adapterInstanceId, AdapterSelectorContext adapterSelectorContext); 40 Copyright 息 2011. Cloud Identity Summit. All Rights Reserved.

Editor's Notes

  • #6: Insert funny pictures here
  • #7: 5 to 40PF Web Services
  • #8: 5 to 40PFWeb Services
  • #11: Bad practice to give applications your passwords - Limit access valet key to the web only allow specific limited accessEasity revoke access if you give out password you have to changePF use IdP Adapters for authentication
  • #12: Bad practice to give applications your passwords - Limit access valet key to the web only allow specific limited accessEasity revoke access if you give out password you have to changePF use IdP Adapters for authentication
  • #13: Tunes Partner client or appPayment Gateway Resource ServerPF - AS
  • #14: PFs responsibility is to authorize users and issue token to clients and validate tokens from RS
  • #23: Available for all SP connection attribute contract fulfillment
  • #28: Show link on spunkbase
  • #29: Show link on spunkbase
  • #30: Show link on spunkbase
  • #32: 5 to 40PFWeb Services
  • #33: 5 to 40PFWeb Services
  • #34: 5 to 40PFWeb Services
  • #35: 5 to 40PFWeb Services
  • #36: 5 to 40PFWeb Services
  • #37: 5 to 40PFWeb Services
  • #39: 5 to 40PFWeb Services
  • #40: 5 to 40PFWeb Services
About
息 2025 際際滷