CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
-
Upload
cloudidsummit -
Category
Technology
-
view
44 -
download
2
Transcript of CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
EASY FEDERATION IN THE CLOUD AND ON PREMISES
Ian Jaffe
Copyright © 2014 Ping Identity Corp. All rights reserved.
2
Who am I
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved.
3
• Nineteen years of Information Technology Experience
– Seven and a half of those years have been at Ping
• Current role as Solutions Support Engineer
• Previous roles: Project Director of PingOne and PingConnect and Software Quality Engineer on various products
– Undergraduate degree from RPI and MBA from DU
– Development experience in Java, C#, PHP, and more
Introduction
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved.
4
• PingFederate and PingOne Integration – Time to setup greatly improved - # of steps significantly cut down
• REST API – Creation of Customer Connection through API (Demo) – Also demonstrating enabling/disabling connection and querying
• Provisioning – New capabilities and supported applications
PINGFEDERATE AND PINGONE INTEGRATION
Easy Federation in the Cloud and on Premises
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved.
5
Why Integrate PingFederate and PingOne?
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved.
6
• One connection from PingFederate to PingOne provides a multiplexed connection to applications
• Take advantage of the PingOne Dock, PingID, User Authorization, Basic SSO, and Mobile Application capabilities
• Ease of setting up your own applications in the cloud and ability to connect to PingOne-enabled applications
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved.
7
• Download metadata • Takes many steps
– Creation of adapter, data store, and certificate
– Definition of attribute mapping and attribute lookup
• Possible confusion around certificates
Create PF Connection
Integration as we know it today
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved.
8
• Export metadata from PingFederate
• Upload to PingOne on the SSO Configuration page
• Upload secondary verification certificate (optional)
• Enable Provisioning (optional)
Setup PingOne
Integration as we know it today
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved.
9
• Simplified Configuration Steps
• New PingFederate Installer
• Node Monitoring Reporting
• Designed for PingFederate 8.0
New Functionality
Identity Bridge Setup Improvements (Q3 2015)
REST API Easy Federation in the Cloud and on Premises
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 10
REST API Capabilities
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 11
• Available today for PingOne Service Providers – Found under Customer Connections -> Adding Connections -> REST
service documentation – Functions include:
• Get a customer connection
• Create a customer connection
• Update a customer connection
• Enable a customer connection
• Disable a customer connection
REST API Calls
Confidential — do not distribute
• PingOne provides information on the request parameters such as the name of the attribute, whether or not the attribute is required, and a description
Copyright © 2014 Ping Identity Corp. All rights reserved. 12
REST API Calls
Confidential — do not distribute
• Response parameters are provided if there are any
Copyright © 2014 Ping Identity Corp. All rights reserved. 13
REST API Calls
Confidential — do not distribute
• Response codes are listed for each call with the number of the code first and then the description
Copyright © 2014 Ping Identity Corp. All rights reserved. 14
REST API Calls
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 15
• Examples are given for each call – whether the call is a GET, a POST, or a PUT
• Create Customer Connection PUT https://admin.pingone.com/web-portal/rest/saas/idp/2.0/spManaged/exampleIdp.com
{
"email": "[email protected]",
"entityId": "example Identity Provider",
"ssoEndpoint": "http://www.exampleIdp.com",
"signingCertificateData": "MIIDkDCCAvmgAwIBAgIJAONZ…”
}
REST API Calls Demo
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 16
• Demo of my REST API Application – Created in Java to demonstrate API functionality – Starts with a form where user provides needed
information to create their connection – Assumes that customer has an existing P1
account
PROVISIONING Easy Federation in the Cloud and on Premises
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 17
New Capabilities
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 18
• Common Provisioning Layer – Can build cross platform provisioners quicker and more easily
• SCIM Provisioning
– Inbound SCIM Provisioning (AD Connect and PingFederate)
• Outbound Provisioners were added or improved upon
Outbound Provisioners that are Added or Improved Upon
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 20
• – Prior implementation (OpenID 2.0) was
replaced with OAuth 2.0 – Demo of new functionality KB Article: http://community.pingidentity.com/PingIdentityArticle?id=kA340000000GsukCAC
Outbound Provisioners that were Added or Improved Upon
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 21
Added Licensing Support. Login here for possible values: http://graphexplorer.cloudapp.net/
(Business Edition only)