SlideShare a Scribd company logo

Design Pattern for Federated Single Sign-On Access

Mike Reams, profile picture
Mike Reams

The document outlines the federated enterprise single sign-on (SSO) architecture design pattern, detailing components and their interactions in a software system. It emphasizes the use of SAML 2.0 as the industry standard for federated SSO and describes supported use cases, security measures, and the architecture involving identity and service providers. Key processes such as identity exchange, authorization, and real-time registration are also summarized.

Technology
1 of 1
1
Federated Enterprise Single Sign-On Architecture Design Pattern – Tier 1 Solution Building Block Version: 1.0 Author: Mike Reams Last Modified: Design Pattern Federated Single Sign-On (SSO) A Design Pattern provides a scheme for refining the subsystems or components of a software system, or the relationships between them. It describes commonly recurring structure of communicating components that solves a general design problem within a particular context . Architectural patterns are similar to software design patterns but have a broader scope. The architectural patterns address various issues in software engineering, such as computer hardware performance limitations, high availability and minimization of a business risk. Federated SSO The Industry Standard is SAML 2.0 with Organizational Standard of assertions use SAML 2.0 Post Bindings. Supported use cases are (1) IdP Initiated; (2) SP Initiated; (3)IdP Trusted; (4) SP Real-Time Registration; Preference is to Sign both the SAML Assertion Request & Response. With PII data, entire xml must be encrypted end-to-end over the SOAP channel. SP=Service Provider | IdP=Identity Provider Architecture Domain(s) Identity Management | Security | Middleware Web Server (SP) Access Manager Access Policy General Architecture Assertion Consumer Service (ACS) Service Provider Service Provider Initiated (SP) Web Service Metadata Exchange Invokes IdPInvokes SP Identity Provider 4. IdP posts SAML Response with 10 digit ID SP Trusted User IdP Trusted User Guest User Service Provider B. Certificate & URI exchange (Build Trust) 1. User invokes a Service Provider (SP) protected URL 2. SP sends user to IdP with SAML Redirect Post Request 3. User enters credentials on IdP Login page 1. User invokes IdP protected application A. Identity Exchange 6. SP grants authorization Application 5b. SP trusted user is redirected with an IdM SAML assertion to access SP 3. User enters credentials on IdP Login page 2. IdP sends guest user to Login page (challenge URL) Assertion Consumer Service (ACS) 4. IdP posts SAML Request with a valid 10 digit ID Application 6. IdP user is authorized w/ token to access SP 5a. SP trusted user is registered real-time if not found 5. IdP Creates token for On-Prem Access

More Related Content

PPT
Nistagmus
kebaplik
 
PPT
Api desgin
Prabhat gangwar
 
DOCX
Home automation System
Naman Gautam
 
PPSX
Busy-Business accounting software.
Corrigo India
 
PDF
BC - Tal Wilkenfeld (Bass Transcription)
samcontesse
 
PDF
final project report_full edit
Sayam Roy
 
PPTX
Bionic eye
mohammadalimuktar
 
PPTX
Google lens
sreelakshmikv
 
Nistagmus
kebaplik
 
Api desgin
Prabhat gangwar
 
Home automation System
Naman Gautam
 
Busy-Business accounting software.
Corrigo India
 
BC - Tal Wilkenfeld (Bass Transcription)
samcontesse
 
final project report_full edit
Sayam Roy
 
Bionic eye
mohammadalimuktar
 
Google lens
sreelakshmikv
 

Similar to Design Pattern for Federated Single Sign-On Access (20)

PDF
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
Fwdays
 
PPTX
IdP, SAML, OAuth
Dan Brinkmann
 
PDF
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Canada
 
PDF
Single Sign-On Best Practices
Salesforce Developers
 
PDF
Taking a Pragmatic Look at the Salesforce Security Model
Salesforce Developers
 
PPT
O2 Presentation Sdp Event
jameskenney
 
PPTX
Tech UG - Newcastle 09-17 - logic apps
Michael Stephenson
 
PDF
Architecting Multi-Org Solutions
Salesforce Developers
 
PDF
Single sign on using SAML
Programming Talents
 
PDF
Saas security
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
PPTX
Cisco SocialMiner Tools for Social Media Customer Care
Natasha Kelly
 
PPTX
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
ForgeRock
 
PDF
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Canada
 
DOCX
Sindhumathi Vellaidurai
Sindhumathi Vellaidurai
 
PPTX
Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...
MongoDB
 
PPTX
CTU June 2011 - Windows Azure App Fabric
Spiffy
 
PDF
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
DevOps for Enterprise Systems
 
PPTX
Sharksim Overview
tcoyle72
 
PDF
Impact 2013 2971 - Fundamental integration and service patterns
Brian Petrini
 
DOCX
Syllabus for Technical courses
Montek1Learning
 
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
Fwdays
 
IdP, SAML, OAuth
Dan Brinkmann
 
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Canada
 
Single Sign-On Best Practices
Salesforce Developers
 
Taking a Pragmatic Look at the Salesforce Security Model
Salesforce Developers
 
O2 Presentation Sdp Event
jameskenney
 
Tech UG - Newcastle 09-17 - logic apps
Michael Stephenson
 
Architecting Multi-Org Solutions
Salesforce Developers
 
Single sign on using SAML
Programming Talents
 
Saas security
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Cisco SocialMiner Tools for Social Media Customer Care
Natasha Kelly
 
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
ForgeRock
 
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Canada
 
Sindhumathi Vellaidurai
Sindhumathi Vellaidurai
 
Transforming a Large Mission-Critical E-Commerce Platform from a Relational A...
MongoDB
 
CTU June 2011 - Windows Azure App Fabric
Spiffy
 
z/OS Connect - Overview at the "z Systems Agile Enterprise Development Confer...
DevOps for Enterprise Systems
 
Sharksim Overview
tcoyle72
 
Impact 2013 2971 - Fundamental integration and service patterns
Brian Petrini
 
Syllabus for Technical courses
Montek1Learning
 
Ad

More from Mike Reams (17)

PDF
Design Pattern Logical Model
Mike Reams
 
PPTX
Knowledge Transfer Training Presentation for Identity Lifecycle Manager
Mike Reams
 
PDF
Mobile user single sign on flow
Mike Reams
 
PDF
Solution Delivery Calendar
Mike Reams
 
PDF
Environment Gap Analysis for Applications
Mike Reams
 
PDF
Perimeter Protected Access Design Pattern
Mike Reams
 
PDF
Design Pattern for Oracle Identity Provisioning
Mike Reams
 
PDF
Retiree Data Flow Diagram
Mike Reams
 
PDF
Series of Visual Flow Diagrams
Mike Reams
 
PDF
High-level Architecture viewpoint of a Troux Infrastructure
Mike Reams
 
PDF
Visio Diagram of a user SSO Flow
Mike Reams
 
PDF
Visio Diagram Scripting and Server Management flow
Mike Reams
 
PDF
Visio Diagram for Configuration Management
Mike Reams
 
PDF
User Flow swim-lane Diagram for New Hire
Mike Reams
 
PDF
Architecture Design Presentation for OIM
Mike Reams
 
PDF
Sample Template for Single Sign-On (SSO)
Mike Reams
 
PDF
Visual representation as an architectural artifact
Mike Reams
 
Design Pattern Logical Model
Mike Reams
 
Knowledge Transfer Training Presentation for Identity Lifecycle Manager
Mike Reams
 
Mobile user single sign on flow
Mike Reams
 
Solution Delivery Calendar
Mike Reams
 
Environment Gap Analysis for Applications
Mike Reams
 
Perimeter Protected Access Design Pattern
Mike Reams
 
Design Pattern for Oracle Identity Provisioning
Mike Reams
 
Retiree Data Flow Diagram
Mike Reams
 
Series of Visual Flow Diagrams
Mike Reams
 
High-level Architecture viewpoint of a Troux Infrastructure
Mike Reams
 
Visio Diagram of a user SSO Flow
Mike Reams
 
Visio Diagram Scripting and Server Management flow
Mike Reams
 
Visio Diagram for Configuration Management
Mike Reams
 
User Flow swim-lane Diagram for New Hire
Mike Reams
 
Architecture Design Presentation for OIM
Mike Reams
 
Sample Template for Single Sign-On (SSO)
Mike Reams
 
Visual representation as an architectural artifact
Mike Reams
 
Ad

Recently uploaded (20)

PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Teaching material agriculture food technology
LiaRayya
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Approach and Philosophy of On baking technology
30anthuong17
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 

Design Pattern for Federated Single Sign-On Access

  • 1. Federated Enterprise Single Sign-On Architecture Design Pattern – Tier 1 Solution Building Block Version: 1.0 Author: Mike Reams Last Modified: Design Pattern Federated Single Sign-On (SSO) A Design Pattern provides a scheme for refining the subsystems or components of a software system, or the relationships between them. It describes commonly recurring structure of communicating components that solves a general design problem within a particular context . Architectural patterns are similar to software design patterns but have a broader scope. The architectural patterns address various issues in software engineering, such as computer hardware performance limitations, high availability and minimization of a business risk. Federated SSO The Industry Standard is SAML 2.0 with Organizational Standard of assertions use SAML 2.0 Post Bindings. Supported use cases are (1) IdP Initiated; (2) SP Initiated; (3)IdP Trusted; (4) SP Real-Time Registration; Preference is to Sign both the SAML Assertion Request & Response. With PII data, entire xml must be encrypted end-to-end over the SOAP channel. SP=Service Provider | IdP=Identity Provider Architecture Domain(s) Identity Management | Security | Middleware Web Server (SP) Access Manager Access Policy General Architecture Assertion Consumer Service (ACS) Service Provider Service Provider Initiated (SP) Web Service Metadata Exchange Invokes IdPInvokes SP Identity Provider 4. IdP posts SAML Response with 10 digit ID SP Trusted User IdP Trusted User Guest User Service Provider B. Certificate & URI exchange (Build Trust) 1. User invokes a Service Provider (SP) protected URL 2. SP sends user to IdP with SAML Redirect Post Request 3. User enters credentials on IdP Login page 1. User invokes IdP protected application A. Identity Exchange 6. SP grants authorization Application 5b. SP trusted user is redirected with an IdM SAML assertion to access SP 3. User enters credentials on IdP Login page 2. IdP sends guest user to Login page (challenge URL) Assertion Consumer Service (ACS) 4. IdP posts SAML Request with a valid 10 digit ID Application 6. IdP user is authorized w/ token to access SP 5a. SP trusted user is registered real-time if not found 5. IdP Creates token for On-Prem Access