web access management in the cloud: problem ... - idf connect

13
Web Access Management in the Cloud: Problem Solved! Single Sign On, Session Management and how to use SiteMinder to protect applications in the Cloud

Upload: others

Post on 27-Apr-2022

1 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Web Access Management in the Cloud: Problem ... - IDF Connect

Web Access Management in the Cloud: Problem Solved!Single Sign On, Session Management and how to use SiteMinder to protect applications in the Cloud

Page 2: Web Access Management in the Cloud: Problem ... - IDF Connect

2www.idfconnect.com

IIS

HTML5

XML

Cloud

CSS3

Outcome…

Seamless and Secure IntegrationFortune 50 retail company makes an acquisition, and has seamlessly and securely integrated the new web apps with its eCommerce portal, without having to bring the apps in-house or creating a VPN to the new company

Successfully Moving .Net applications to Microsoft AzureFortune 50 finance company successfully moves its .Netapplications to Microsoft Azure while preserving all of its SSO integrations, authentication and access policies, and audit capabilities

js

PHP

Acquired Company Existing Web Apps

.NET

.Net Applications Microsoft Azure

C#

eCommerce Portal

ASP.NET

Page 3: Web Access Management in the Cloud: Problem ... - IDF Connect

3www.idfconnect.com

The Situation

50+ applications protected by SiteMinder

Multiple user directories

Multiple Password policies

Multiple authentication mechanisms incl 2FA

A Common Quandary!

Constraints

NO new firewall ports

NO cloud-to-datacenter VPNs

NO syncing/pushing employee credentials to the cloud

Key Question How do we leverage our existing WAM infrastructure to handle platforms & applications in the public cloud?

Page 4: Web Access Management in the Cloud: Problem ... - IDF Connect

4www.idfconnect.com

Authentication Management

Access Control Enforcement

Single Sign On

Idle Session Timeout

Session Maximum

Time-to-Live

Centralized Audit

Web Access Management

06 01

02

0304

05

A Complete Web Access Management Solution

Page 5: Web Access Management in the Cloud: Problem ... - IDF Connect

5www.idfconnect.com

Centralized Audit

Centralized Audit

WAM Gaps in the Cloud

Authentication Management

Access Control Enforcement

Single Sign On

Idle Session Timeout

Session Maximum

Time-to-Live

01

03

06

Session Maximum

Time-to-Live

Idle Session Timeout

Access Control Enforcement

02Web Access Management(Gaps in the

Cloud)

04

05

Page 6: Web Access Management in the Cloud: Problem ... - IDF Connect

6www.idfconnect.com

Access Control Enforcement

Idle Session Timeout

Session Maximum

Time-to-Live

Centralized Audit

Centralized Audit

WAM Gaps in the CloudAll Solved by SSO/Rest

Authentication Management

Access Control Enforcement

Single Sign On

Idle Session Timeout

Session Maximum

Time-to-Live

01

03

06

02Web Access Management(Gaps in the

Cloud)

04

05

Page 7: Web Access Management in the Cloud: Problem ... - IDF Connect

7www.idfconnect.com

Remember: Federation is NOT the Same as Web Access Management

Federation Web Access Management (WAM)

One-time handoff from partner IDP

Limited logout capabilityPerimeter Defense

Audit

Access control

www.your website.com

future business

Policy Enforcement Point (PEP)

Policy Decision Point (PDP)

www.your website.com

future business

Authentication

Session lifecycle management

Page 8: Web Access Management in the Cloud: Problem ... - IDF Connect

8www.idfconnect.com

The SSO/Rest Solution

A

B

C

D

SSO/Rest combines existing

and emerging technologies to

extend the perimeter of your

IAM solution safely and

securely into your public Cloud

platforms

SSO/Rest!

Rest based- lightweight

No firewall holes - secure

Easy to use, handles latency, transparent….

Engineered to solve this problem

Page 9: Web Access Management in the Cloud: Problem ... - IDF Connect

9www.idfconnect.com

SSO/Rest Solution Architecture

Browser SSO/Rest Plugin SSO/Rest Gateway CA SSO (SiteMinder) Policy Server

Lege

nd

Browser HTTP traffic SSO/Rest HTTP traffic SiteMinder Agent tunnel

Corporate Network

Cloud Apps

Browser call to cloud application

SSO/Rest session validation request CA SSO Agent traffic

Response (with updated SMSESSION cookie)

Policy Server Response

JSON reply from SSO/Rest

Cloud

Page 10: Web Access Management in the Cloud: Problem ... - IDF Connect

10www.idfconnect.com

Your App Runs in the Cloud But SiteMinder Thinks its in your Own Data Center

Page 11: Web Access Management in the Cloud: Problem ... - IDF Connect

11www.idfconnect.com

“Look Mom! No VPN!”

SSO/Rest Engine

Login

Update Session

Validate Session

isProtected

Gateway

Enable / Disable

Change Password

isAuthorized

SSO/Rest Web Services Endpoints

Page 12: Web Access Management in the Cloud: Problem ... - IDF Connect

12www.idfconnect.com

Server-side Application Integration

AJAX / Mobile / Thick Client Application Integration

Applications in the Cloud

WAM-as-a-Service

"Agent-less" Infrastructure

5 SSO/Rest Use Cases

SSO/Rest Solves Many Challenges

Page 13: Web Access Management in the Cloud: Problem ... - IDF Connect

T H A N K Y O U !For More Information, Please Visit

IDF Connect, Inc.2207 Concord Pike #359Wilmington, DE 19803Phone: (888) 765-1611Fax: (888) 765-7284

www.idfconnect.com

www.linkedin.com/in/rsand

@IDFConnect

www.facebook.com/IDFConnect

@rsand2

Turn CA SSO into your Enterprise 2-Factor Auth Solution with SSO/MobileKey. For more details visit www.idfconnect.com/products/sso-mobilekey/

Also check out our other products: www.idfconnect.com/products