WSO2Con EU 2016: An Introduction to the WSO2 Analytics Platform
WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server
-
Upload
wso2-inc -
Category
Technology
-
view
366 -
download
3
Transcript of WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server
Salesforce Single Sign-‐on with WSO2.
Benoy Jose Salesforce Prac:ce Head Marlabs Inc.
Agenda
Courtesy: wso2.com
• Introduc:on • Business Challenge • Technical Challenge • Design • Solu:on op:ons • Summary
Introduc:on
• Why do we need SSO? – Improve produc:vity and reduce support costs – Enhance security and compliance – Improve customer experience
• SSO Intro – IDP ini:ated SSO – SP ini:ated SSO
Iden:ty Provider
Service Provider
Iden:ty Store
Service Provider
Business Challenge
• Enable Single Sign-‐on into Salesforce for employees using ADFS
• Enable Single Sign-‐on into Salesforce customer Portal through exis:ng authen:ca:on process.
• Employees need the ability to log into the portal with their ADFS Id.
Salesforce Portal
Custom Iden:ty Store
Salesforce
Windows ADFS
Partner Employee
Technical Challenge
• To use a single SSO system to solve the business use cases
• Retain the exis:ng authen:ca:on system for business portal for the Salesforce Customer portal
• Design a SSO solu:on that is scalable to support mobile apps through OAuth.
Design
• Design for a consolidated SSO framework for both the requirements
• Custom rou:ng to delegate the authen:ca:on to ADFS and Custom data store.
• Just in :me provisioning
Salesforce Portal
Custom Iden:ty Store
Salesforce
Windows ADFS
Partner Employee
Process Flow
• SSO request received from Service provider is sent to the Authen:ca:on Framework.
• Based on the Service provider config, the authen:cator determines the Local Authen:cator that will handle the request.
• Access request for Salesforce are handled by the AD handler
• Access request for the Salesforce Customer service portal are handled by the CustomUserStoreManager.
Authen:ca:on
Courtesy: wso2.com
Solu:on Op:ons
Courtesy: wso2.com
• Separate SSO solu:ons for Employee SSO and Salesforce portal SSO. – SSO with OpenSSO, Shibboleth for portal. – Delegated Authen:ca:on through AD connector.
• Difficulty to customize the Shibboleth SSO solu:on. • Ability to handle Just in :me provisioning.
Summary
• According to Gartner, by 2016 80% of enterprises will need SSO.
• Planning for a comprehensive SSO strategy as early as possible will save Development and support costs.
• Plan for scalability by using proven standards like SAML, Oauth.
Addi:onal Reading
• SAML Introduc:on: – h\p://wso2.com/library/ar:cles/2014/02/introduc:on-‐to-‐
security-‐asser:on-‐markup-‐language-‐2.0/
Thank You