PingFederate Course

Index:

  1. Installations
  2. What is Identity Management?
  3. What is Access Management?
  4. What is Pingfederate
  5. LDAP Overview
  6. Configure Datastore
  7. Password Credential Validator
  8. Authenticating Adaptors
  9. Onboarding your First basic SP connection
  10. Digital Signature
  11. Encryption

1.       Installations:


2. What is Identity Management?

      Managing the life cycles of identities is called Identity management. Anything related to users' attributes like name, email, cell, location, address, etc are called user identities. Identity management also provides the provisioning (grant) and de-provisioning (revoke).

3. What is Identity Management?

    Providing the authentication and authorization of the identities is called Access Management 

    Authentication: verifying the username and password. 

    Authorization: verifying whether the user has access or not. The authorization will check only for authenticated users.

    Access Management also deals with Single Sign-On.

   What is SSO?: Allows the user to access multiple applications without entering the login id and password once he logged in.

4. What is Pingfederate?

    Pingfederate is an access management tool that enables user authentication and single sign-on for customers, employees, and partners.

5. LDAP Overview

       Lightweight directory access protocol (LDAP) is a protocol that makes it possible for applications to query user information rapidly.

       usernames, passwords, email addresses, printer connections, and other static data will be stored in the LDAP.

       it's a form of language that allows users to find the information they need very quickly.

 

 

  1. SearchBase is where you have to search

eg: ou=people,dc=techstotle,dc=com

       ou=it,ou=people,dc=techstotle,dc=com

    2. SearchFilter is whom you want to search

Distinguished Name(DN): This is the unique identifier for an LDAP entry.

eg: dn: cn=emp1,ou=IT,ou=people,dc=techstotle,dc=com

    dn: cn=admin,ou=people,dc=techstotle,dc=com

    dn: cn=server1,ou=HYD,ou=servers,dc=techstotle,dc=com

    dn: cn=printer1,ou=printers,dc=techstotle,dc=com

dn=Distinguished Name

cn=Common Name

ou=Organizational Unit

dc=Domain Controller


6. Configure Datastore:

      While authenticating a user, PF has to talk with DB to check the username and password. So we have to configure the Pingfederae with Datastore.

 7. Password Credential Validator:

    When authenticating the user,  we have to specify the PF two things. 1. From search has to begin(         Search Base) 2. whom has to search (Search Filter)

 Eg:

Search Base= ou=people,ou=example,ou=com

Search Filter= (|(${username})(${username}))

 8. Authenticating Adaptors

Adaptors are like a connector that acts as a bridge between PF and internal or third-party systems

Using adaptors we can specify the type of login pages it has to display. We have to load the login pages into PF at <pf-home>pingfederate/server/default/conf/template location

Onboarding your First basic SP connection

Digital Signature:

Original data will be encrypted using the Sender’s private key,  Once the receiver receives the signed data, the receiver decrypts it using the sender’s public key.


Encryption:

 

Original data will be encrypted using the receiver’s public key, Receiver decrypt the cipher text using the his (receiver) private key

IDP (Identity provider):

 

Identity provider’s responsibility is to authenticate the end user. It maintains the Datastore. Once the end user authenticated, IDP will create the session at IDP side and creates the SAML, sends the SAML to SP (Service Provider).

 

SP ( Service Provider):

 

Service Provider validates the SAML once it receives from IDP. Creates session at SP side and sends the requested response to end user.

 

Login Flow:

 


Share on Google Plus

About Satya

Satya is an IAM Engineer and the Editor of Techstotle.com. He possesses a deep passion for Identity and Access Management (IAM) technologies, with a particular focus on PingFederate and PingAM. Satya is dedicated to demystifying these complex technologies and making them accessible to a wider audience. Techstotle.com serves as a one-stop shop for the latest IAM insights, featuring comprehensive tutorials on PingFederate and PingAM. Join Satya on this journey of tech exploration as he empowers you to navigate the ever-evolving world of IAM.

0 comentários:

Post a Comment