Falcon authentication saml
11
Secure User Access WisePoint Series Secure authentication solution to access web and VPN applications Falcon System Consulting Inc.
-
Upload
katsumi-yamashita -
Category
Education
-
view
117 -
download
1
Transcript of Falcon authentication saml
Secure User Access
WisePoint Series
Secure authentication solutionto access web and VPN applications
Falcon System Consulting Inc.
©2014 Falcon System Consulting, Inc. All Rights Reserved
Function of WisePoint Series
Browser-based one time password authentication with various authenticators(imaged software token, matrix card, hardware token)
Secure VPN functionality with Juniper, Cisco ASA and major network vendors Single Sign On with applications (e-mail, groupware, CRM ,in house development
and cloud applications)
Responding to SAML2.0 and Shibboleth.
Shibboleth IdP, SP (Reverse Proxy ) Device authentications with mobile and smart phone (iPhone, tablet, etc.)
©2014 Falcon System Consulting, Inc. All Rights Reserved
Imaged software authentication Preselected image is recognized an ID/password
Credential is randomly generated as one time password.
The corresponding vertical and horizontal number and imagepositioning is a credential in network
Major functions -1
©2014 Falcon System Consulting, Inc. All Rights Reserved
Challenge and Response auth Challenge and Response typed authentication
Match the random numbers in the card printed table and thecorresponding numbers in the designated column generated byWisePoint server as a challenge
Challenge code is always at random every time you log-in. TheMatrix Card is unique for each user.
Major functions -2
©2014 Falcon System Consulting, Inc. All Rights Reserved
Mobile and Smart phone auth Device authentication based on unique identification set by
WisePoint
Realize two factored authentication with imaged software token orrandom matrix card
Major functions -3
©2014 Falcon System Consulting, Inc. All Rights Reserved
Major functions -3 (cont)
①Click icon “WisePointBrowser” to start operation
②Automated deviceauthentication thru access toserver (URL)
③After complete ofauthentication, click the imagepattern personality recognized
④Access to the respectiveportal/groupware thru SSO
iPhone device authentication
©2014 Falcon System Consulting, Inc. All Rights Reserved
Major functions -4
A: ID syainAPW ****
・・
A: ID ****APW ****
・・
A: ID A****PW ****
・・
groupware
CRM
other webapplication
WisePoint Server
Employee A
-Reveres proxy on DMZ
suzuki********
Authentication isjust Once!
Web Single Sign On Only input ID and Password to WisePoint once, and you can access every web application
without respective password to individual system.
WisePoint can single-sign-on to various systems, such as O365, GoogleApps, Salesforce,
Mail,GroupWare and web applications developed by user’s own.
No needs to input
【employee ID/PW】
©2014 Falcon System Consulting, Inc. All Rights Reserved
8
System Config:WisePoint Shibboleth-IdP/-SP
DMZ
LAN
WisePointShibboleth-IdP
WisePointShibboleth-SP(SSO用)
WebApplication
DataBase
WisePoint Management Server
LDAP
©2014 Falcon System Consulting, Inc. All Rights Reserved
9
WisePoint Collaborative Solutions
SSL-VPN
Juniper MAG Series(Juniper Networks)
BIG-IP (F5 Networks)
ArraySPX (Array Networks)
Cisco ASA5500 Series(Cisco systems)
Authentication VLAN
Apresia (Hitachi Metals)
Alcatel OmniSwitch (ALCATEL LUCENT)
AX series (ALAXALA Networks)
IP-VPNCisco ASA5500 Series(Cisco Systems)Software Brade(CheckPoint SOFTWARETECHNOLOGIES)
Wireless LAN
Mobility Controllers (Aruba Networks)
Cisco Aironet (Cisco Systems)
Proxy Server
BlueCoat SG series (BlueCoat Systems)
FireWall
FireWall-1
(CheckPoint SOFTWARE TECHNOLOGIES)
©2014 Falcon System Consulting, Inc. All Rights Reserved
Matrix based auth matrix based PW auth
Matrix code auth at IdP, andSSO to both within And outsideservices
Kyushu University :Shibboleth Auth and SSO
•教職員
EducationalAffairs Sys
For Educational officers
WisePoint Shibboleth SPReverse Proxy Server
Services with matrixAuth (QMAX)
Office portal
SSO
CLOUD
Shibboleth based LibrarySys. w/o Matrix PW Auth
・Common ID
・Matrix code・Role generation
(Back face:Matrix )
IC card issue
PW changesys
Register UersID
PW change
University Common IDmgt sys
InformationAuth inquiry
ElectricalJournal
DBサーバ
LDAPserver
Student accesselectronicJorurnal SP anduniversity portal. W ID/PW
ID、PW Auth
Matrix Auth
For Students
WisePoint Shibboleth SPReverse Proxy Server
User PW inquiry
Matrix PWinquiry
SSO to Web sys and external federation
Cloud Stack(Shibboleth)
Wise Point Shibboleth IdPMatrix Code PW Server
©2014 Falcon System Consulting, Inc. All Rights Reserved
Academic
Authentication Service Platform
AD orLDAP
OpenID SiteFalconSC/AWS・・・
11
Authentication Service Platform
