Index:
- Installations
- What is Identity Management?
- What is Access Management?
- What is Pingfederate
- LDAP Overview
- Configure Datastore
- Password Credential Validator
- Authenticating Adaptors
- Onboarding your First basic SP connection
- Digital Signature
- Encryption
1. Installations:
2. What is Identity Management?
Managing the life cycles of identities is called Identity management. Anything related to users' attributes like name, email, cell, location, address, etc are called user identities. Identity management also provides the provisioning (grant) and de-provisioning (revoke).
3. What is Identity Management?
Providing the authentication and authorization of the identities is called Access Management
Authentication: verifying the username and password.
Authorization: verifying whether the user has access or not. The authorization will check only for authenticated users.
Access Management also deals with Single Sign-On.
What is SSO?: Allows the user to access multiple applications without entering the login id and password once he logged in.
4. What is Pingfederate?
Pingfederate is an access management tool that enables user authentication and single sign-on for customers, employees, and partners.
5. LDAP Overview
• Lightweight directory access protocol (LDAP) is a protocol that makes it possible for applications to query user information rapidly.
• usernames, passwords, email addresses, printer connections, and other static data will be stored in the LDAP.
• it's a form of language that allows users to find the information they need very quickly.
- SearchBase is where you have to search
eg: ou=people,dc=techstotle,dc=com
ou=it,ou=people,dc=techstotle,dc=com
2. SearchFilter is whom you want to search
Distinguished Name(DN): This is the unique identifier for an LDAP entry.
eg: dn: cn=emp1,ou=IT,ou=people,dc=techstotle,dc=com
dn: cn=admin,ou=people,dc=techstotle,dc=com
dn: cn=server1,ou=HYD,ou=servers,dc=techstotle,dc=com
dn: cn=printer1,ou=printers,dc=techstotle,dc=com
dn=Distinguished Name
cn=Common Name
ou=Organizational Unit
dc=Domain Controller
6. Configure Datastore:
While authenticating a user, PF has to talk with DB to check the username and password. So we have to configure the Pingfederae with Datastore.
When authenticating the user, we have to specify the PF two things. 1. From search has to begin( Search Base) 2. whom has to search (Search Filter)
Search Base= ou=people,ou=example,ou=com
Search Filter= (|(${username})(${username}))
Adaptors are like a connector that acts as a bridge between PF and internal or third-party systems
Using adaptors we can specify the type of login pages it has to display. We have to load the login pages into PF at <pf-home>pingfederate/server/default/conf/template location
Onboarding your First basic SP connection
Digital Signature:
Original data will be encrypted using the Sender’s private key, Once the receiver receives the signed data, the receiver decrypts it using the sender’s public key.
Encryption:
Original data will be encrypted using the receiver’s public key, Receiver decrypt the cipher text using the his (receiver) private key
IDP (Identity
provider):
Identity provider’s responsibility is to authenticate the end user. It maintains the Datastore. Once the end user authenticated, IDP will create the session at IDP side and creates the SAML, sends the SAML to SP (Service Provider).
SP ( Service
Provider):
Service Provider validates the SAML once it receives from IDP. Creates session at SP side and sends the requested response to end user.
Login Flow:
0 comentários:
Post a Comment