1.25 LDAP Server - amresh087/Question GitHub Wiki

ApacheDirectoryStudio-2.0.0.v20210213-M16-win32.win32.x86_64

apacheds-2.0.0.AM26

  • HTTP - LDAP (Optional) - Web & Networking - Security concepts - IAM Overview: Access Management and SSO overview - Ping identity – product overview - Federation concepts with Ping Federate -

  • Whenever there is a reference to SAML or OpenidConnect or OAuth and you need help with additional details on these topics, please feel free to do your self-study but here are some good reference links. SAML concepts - (6) Yammer : PSL_PingTraining_SAML.mp4 in Oracle IDM

  • OIDC - OpenID Connect | OpenID OIDC Playground - https://openidconnect.net/

  • OAuth - OAuth 2.0 — OAuth, Ldapwiki: OAuth 2.0 OAuth playground - OAuth 2.0 Playground (google.com)

  • SAML Security Assertion Markup Language (SAML) is an open federation standard that allows an identity provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider (SP). SAML enables the SP to operate without having to perform its own authentication and pass the identity to integrate internal and external users. It allows security credentials to be shared with a SP across a network, typically an application or service. SAML enables secure, cross-domain communication between public cloud and other SAML-enabled systems, as well as a selected SAML work SAML works by passing information about users, logins, and attributes between the identity provider and SP. Each user authenticates once to an IdP and can then seamlessly extend their authentication session to potentially numerous applications. The IdP passes what’s known as a SAML assertion to the SP when the user attempts to access those services. The SP requests the authorization and authentication from the identify. SAML example:

  • Login and access the SSO authentication. SAML provider A SAML provider is a system that helps users obtain access to a service needed. SAML transfers identity data between two parties, an IdP and a SP. There are two main types of SAML providers: Identity provider (IdP)—performs authentication and passes the user's identity and authorization level to the service provider (SP). The IdP has authenticated the user while the SP allows access based on the response provided by the IdP. Service provider (SP)—trusts the IdP and authorizes the given user to access the requested resource. A SP requires the authentication from the IdP to grant authorization to the user and since both of systems share the same language, the user only needs to log in once. SAML and OAuth use cases SAML is primarily used to enable web browser single sign-on (SSO). The user experience objective for SSO is to allow a user to authenticate once and gain access to separately secured systems without resubmitting credentials. The security objective is to ensure the authentication requirements are met at each security perimeter. • Manage identities in the cloud and on-premises. • Streamline identity tasks. • Zero-trust strategy. • Manage consumer digital access.

  • OAuth OAuth is an open-standard authorization protocol or framework that provides applications the ability for “secure designated access.” For example, you can tell Facebook that it’s OK for ESPN.com to access your profile or post updates to your timeline without having to give ESPN your Facebook password.

  • Work What if one third-party service wants to use information that you have on another third-party service? So for example, you want to share one of your Instagram photos to Facebook. You’d think that Facebook would ask for your Instagram password so that it can retrieve the photos posted on there. Right?

  • PingId PingID is a cloud-based authentication service that binds user identities to mobile devices. During the PingID authentication process, the PingID service sends an authentication request to the user's mobile device. No password response is required: the user just swipes to authenticate. You can use PingID for any of these solutions: PingOne SSO Use PingID as a secondary authentication solution for PingOne single sign-on (SSO) in the cloud. A PingOne administrator can enable PingID in minutes. PingFederate SSO Use PingID as either a secondary or primary authentication solution for federated SSO through PingFederate. A PingFederate administrator can install and configure a PingID adapter that negotiates with the PingID service.