Use Case for Asimba as SAML Proxy - PowerPoint PPT Presentation

About This Presentation
Title:

Use Case for Asimba as SAML Proxy

Description:

Gluu is currently evaluating the idea of incorporating the Asimba SAML platform on the Gluu Server (in addition to Shibboleth). SAML can be confusing, even to the experts. – PowerPoint PPT presentation

Number of Views:305

less

Transcript and Presenter's Notes

Title: Use Case for Asimba as SAML Proxy


1
 Use Case for Asimba as SAML Proxy
  • Gluu is currently evaluating the idea of
    incorporating the Asimba SAML platform on the
    Gluu Server (in addition to Shibboleth). SAML can
    be confusing, even to the experts. We at Gluu
    worked on the diagram below as a simple overview
    of why a SAML proxy might be useful, and where it
    would fit in the Gluu open source stack.
  •  
  • A few things to note
  •  
  • The main advantage of the proxy is a very simple
    configuration for the SP. If the website is a
    SaaS or off-the-shelf software, you may only get
    one way to trust the IDP. Discovery and
    re-direction to your respective home domain IDP
    are handled by the proxy.
  •  
  • Internal websites that dont care about other
    federated IDPs can just point to your SAML IDP
    directly.

2
Applications using the Asimba proxy can request a
specific authentication type via SAML ACR
request.   Authentication business logic is
handled in OXno need to support 2FA in both SAML
and OAuth2.   In many cases, the OX OP also grabs
a legacy SSO ticket (i.e. CAS, Siteminder,
etc.)   In a federation with many IDPs, if the
participants trust the federation operator, it is
efficient for the federation operator to manage
trust with the websites. For example, instead of
updating 1,000 IDPs to update their
configuration, just update the proxy.   Article
Resource- http//thegluuserver.wordpress.com/2013
/12/30/use-case-for-asimba-as-saml-proxy
3
  • Sprint could support standard APIs for
    authentication and authorization, and enable an
    ecosystem of partners to authenticate Sprint
    customers via Internet standard API.
  • How is this better than Sprints current
    solution?
  • Supporting standards is important because we live
    in a world where there are multiple consumer
    IDPs, and if a website needs a special API to use
    your IDP, it will probably just not support you.
  • What is the cost of your solution?
  • Gluu sells support on its product. However, I
    think there might be some sponsored
    co-development opportunities.
  • Who are some of your current customers?
  • Toshiba uses Gluu to deliver authentication for
    its Cloud TV Service in Japan and Europe (and
    soon in the US). We have more than 20 university
    customers, in addition to a number of large
    enterprise customers.

4
We also are designing an authentication/authorizat
ion platform for the State of TX K-12 students,
and a citizen authentication platform for the
Philippines (90M users). In the telecom industry,
we worked with British Telecom on a multi-year
VOIP project, and have advised Rackspace on the
design of their authentication system. Do you
have any additional information or
comments? Please check the latest OpenID Connect
test results. Look in the last column for Gluu,
and you can see that our server is currently the
most comprehensive implementation of an OpenID
Connect Provider. Article Resource-http//theglu
userver.wordpress.com/2013/11/22/submission-to-spr
int-innovate-why-sprint-should-support-openid-conn
ect/
Write a Comment
User Comments (0)
About PowerShow.com