1 / 8

SSO Case Study

SSO Case Study. Suchin Rengan Principal Technical Architect Salesforce.com. The Scenario. Mobile. Outlook. Browser. Key Considerations. Must be Seamless No Impacts to the intended Functionality Focus on Usability Comply with Security Standards

chloe
Télécharger la présentation

SSO Case Study

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com

  2. The Scenario Mobile Outlook Browser

  3. Key Considerations • Must be Seamless • No Impacts to the intended Functionality • Focus on Usability • Comply with Security Standards • User credentials cannot be stored in any applications • Reusability wherever possible • Allow for Scalability

  4. SSO Mechanisms • DA • SF Legacy way to accomplish SSO • Customers have to build a Web Service that will authenticate requests that are delegated by SF • User Profiles need to be enabled for SSO • Delegated Authentication configuration to point to the Delegated Authentication Web Service hosted by the customer • SAML • SAML is a technology that enables SSO between two disparate systems (Web and Desktop) • SF supports SAML 1.1 and SAML 2.0 • Support since Summer ’08 • Supports browser post profiles • Cannot be used to accomplish SSO for desktop/ outlook/ mobile clients (DA/ OAuth2 is a better alternative) • OAuth • Open standard for authorization (OAuth!) • Stop the password anti-pattern • Explicit grant of permission by user • The Valet key concept • Credential is per-service-provider • Revokable without changing password • Browser based authentication for rich clients • Make it possible to participate in SSO

  5. The Browser Scenario 1. User Request 2. Validate and Generate SAML Token Browser Identity Provider (Corporate Portal) 4. User Session 3. Post SAML

  6. The Outlook Scenario Outlook User Credentials (context based) Identity Provider Intermediary Service SAML Token SAML Token (Login API) User Session DA Service DA Redirect True/ False

  7. The Mobile Scenario Mobile NT Authentication Services NT Login Credentials User Session DA Redirect DA Service True/ False

  8. Summary • Been in production for 2 years • Supports 20 K users

More Related