tech talk: web access management and federation – two great tastes that taste good together
TRANSCRIPT
![Page 1: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/1.jpg)
World®’16
WAMandFederation:TwoGreatTastesThatTasteGreatTogetherAaronBerman– WWVP,SingleSign-on&DirectorySolutionsCATechnologies
SCT44T
SECURITY
![Page 2: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/2.jpg)
1 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
![Page 3: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/3.jpg)
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
WAM&Federation:TwoGreatTastesthatTasteGreatTogether
Choosingtherightapproachtomeetyourneedsiscritical.Choosingthe
wrongapproachcancauseproblemslikeincreasedintegrationcostsand
projectdelays.Learnaboutthedifferencesbetweenfederatedmodels
andPEP/PDPaccessmanagementmodelsforsessionsecurityand
userexperience.
AaronBermanCATechnologiesWWVP,SingleSign-On&DirectorySolutions
![Page 4: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/4.jpg)
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SingleSign-onCanMeanManyDifferentThings
§ Gettinganidentity fromoneapplicationtoanother§ Maintainingasecuresessionacrossmultipleapplications§ Onlyallowingthecorrect usersaccess§ Security controlsforthesession§ Knowingwhatactions usersaredoing§ URLfilteringtokeepbadrequestsout
![Page 5: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/5.jpg)
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TwoApproachestoMeetDifferentNeeds
§ Policyenforcementpointstointerceptandexamineeachrequest
§ Sharedsessionacrossmultipleapplications
WEBACCESSMANAGEMENT
§ Identitypassedfromidentityprovidertoapplications
§ ClaimsapproachtoSSO
§ Applicationremainsincontrolofownsecuritypolicies
OPENSTANDARDS
TIGHTLYCOUPLED LOOSELYCOUPLED
![Page 6: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/6.jpg)
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ChoosingtheWrongApproachCanCauseProblems
§ Increasedintegrationcosts
§ Useofworkaroundstomeetrequirements
§ Customization
§ ProjectDelays
Imagetakenfromhttps://hikingartist.com/thrive/nail-screw/
Choosingtherightapproach tomeetyourneedsiscritical
![Page 7: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/7.jpg)
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
DecisionGuidelines
§ OnPremiseorPaaSapplications
§ Simplecrossapplicationlinking
§ Enforcementofuserauthorization
§ Audit/Timeout/SessionSecurity
WEBACCESSMANAGEMENT
§ ThirdPartysites
§ Applicationshaveanativeintegration
§ Remotelocations
§ Onlyconcernedwithpassingidentity
OPENSTANDARDS
![Page 8: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/8.jpg)
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SAML
SSOApproachesCanbeCombined…SAMLtoanInternalApplicationWhileMaintainingURLFiltering
EndUser SSOGateway
SSOSession Applicationsession
Application
SessionLinker
![Page 9: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/9.jpg)
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
OAUTH
…andIntegratedInboundSocialSign-onDataPassedtoApplicationsWithoutAccountCreation
EndUser SSOGateway
SocialMedia
Application2
Application1SSO
CADirectorySessionStore
SSOPolicyServer
IdentityData
![Page 10: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/10.jpg)
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CASingleSign-onOffersBothOptions
Unlimitedwebserveragents
Unlimitedgateways
UnlimitedstandardsbasedSSOforalllicensedusers
CASingleSign-OnFeatures
DeployingasinglesolutionforallSSOneedsreducesITspendandIntegrationcosts
![Page 11: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/11.jpg)
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Summary
Choose therightapproachtomeetyourbusiness
needs
WAMandOpenStandardsdonotcontradict theycompliment
CombineWAM andOpenstandardstogether
![Page 12: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/12.jpg)
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
RecommendedSessions
SESSION# TITLE DATE/TIME
SCT915 DataBreachDigest,JohnGrimm 11/16/2016at12:45pm
SCT45T HowFastIsYourDirectory? 11/16/2016at4:30pm
SCX205 CASSO,AARoadmap 11/18/2016at1:45pm
![Page 13: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/13.jpg)
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Don’tMissOurINTERACTIVESecurityDemoExperience!
SNEAKPEEK!
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
![Page 14: Tech Talk: Web Access Management and Federation – Two Great Tastes that Taste Good Together](https://reader031.vdocuments.us/reader031/viewer/2022030305/5872694e1a28ab31498b552f/html5/thumbnails/14.jpg)
@CAWORLD#CAWORLD ©2016CA.AllRIGHTSRESERVED.13 @CAWORLD#CAWORLD
Security
FormoreinformationonSecurity,pleasevisit:http://cainc.to/EtfYyw