(Some) Performance Indicators for Centralized Public Procurement
Identity Management - Red Hat · Identity Management: ... How to address Active Directory...
Transcript of Identity Management - Red Hat · Identity Management: ... How to address Active Directory...
![Page 1: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/1.jpg)
Identity Management: The authentic & authoritative guide for
the modern enterprise
Ellen Newlands, Product ManagerDmitri Pal, Director, Engineering06-26-15
![Page 2: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/2.jpg)
2
Goals of the Presentation
● Introduce Identity Management problem space
● Give you an overview of the identity management components in the Red Hat portfolio
● Provide examples of some real-world use cases that can be solved with the identity management capabilities Red Hat offers
● Show that these solutions are cost effective
![Page 3: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/3.jpg)
3
Identity Management Problem Space
![Page 4: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/4.jpg)
4
What is Identity Management?
● What does this mean to you?
● What issues are you running into in this area?
![Page 5: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/5.jpg)
5
Wikipedia as the “authoritative source” for definitions:
Identity Management - (noun)
“Identity management (IdM) describes the management of individual principals, their authentication, authorization, and privileges within or across system and enterprise
boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.”
Wikipedia
![Page 6: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/6.jpg)
6
Identity Management Problem Space
● Identities– Where are my users stored? What properties do they have? How is this data made
available to systems and applications?● Authentication
– What credentials do my users use to authenticate? Passwords? Smart Cards? Special devices? Is there SSO? How can the same user access file stores and web applications without requiring re-authentication?
● Access control– Which users have access to which systems, services, applications? What commands
can they run on those systems? What SELinux context is a user is mapped to?● Policies
– What is the strength of the password? What are the automount rules? What are Kerberos ticket policies?
![Page 7: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/7.jpg)
7
Overview of the Identity Management Components
![Page 8: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/8.jpg)
8
Components of the Portfolio
● Identity Management in Red Hat Enterprise Linux (IdM)
● SSSD
● Certmonger
● Ipsilon IdP
● Apache modules
![Page 9: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/9.jpg)
9
Identity Management
● Domain controller for Linux/UNIX environments● Combines LDAP, Kerberos, DNS and certificate management capabilities● Provides centralized authentication, authorization and identity information for
Linux/UNIX infrastructure● Enables centralized policy and privilege escalation management● Integrates with Active Directory on the server-to-server level
![Page 10: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/10.jpg)
10
SSSD:
(The System Security Services Daemon)
● Client-side component
● Part of Red Hat Enterprise Linux and many other Linux distributions
● Allows connecting a system to the identity and authentication source of your choice
● Caches identity and policy information for offline use
● Capable of connecting to different sources of identity data at the same time
![Page 11: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/11.jpg)
11
Certmonger
● Client side component
● Connects to central Certificate Server and requests certificates
● Tracks and auto renews the certificates it is tracking
![Page 12: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/12.jpg)
12
Ipsilon IdP
● Identity Provider implementation
● Allows federation between different applications using SAML based SSO
![Page 13: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/13.jpg)
13
Apache Modules
● Modules that can be integrated with Apache server
● Modules that support forms-based, Kerberos or SAML authentication
● Authorization and identity data lookups are also possible using corresponding modules
![Page 14: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/14.jpg)
14
Example Architecture
Linux ServerLinux Server
IdMIdM
SSSDSSSD CertmongerCertmonger
Business ApplicationBusiness Application
ModulesModules
Active DirectoryActive Directory TrustTrust
IdPIdP
![Page 15: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/15.jpg)
15
Solving Real World Identity Management Challenges
![Page 16: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/16.jpg)
16
Use Cases and Challenges
● How can I provide centralized authentication?● Can I define access control to hosts without copying configuration files?● Can I manage SSH keys for users and hosts?● Can I provide centralized SUDO, automount, SELinux user mappings?● Is there a cost effective solution that provides strong authentication using OTP?● Can I provide a smooth SSO experience for my users inside the enterprise?● How can I integrate my applications into the same identity space?● How to address Active Directory interoperability challenges?
![Page 17: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/17.jpg)
17
Centralized Authentication
IdMIdM
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Steps: ● Consolidate your user accounts● Load your user data into a IdM● Connect you Linux/UNIX systems to IdM
– ipa-client-install
Why would I use IdM?● Different authentication methods:
– LDAP, Kerberos, OTP, Certificates● Integrated solution
– Easy to install and manage● Integrates with AD● Has a lot of other valuable capabilities
![Page 18: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/18.jpg)
18
Use Cases and Challenges
● How can I provide centralized authentication?● Can I define access control to hosts without copying configuration files?● Can I manage SSH keys for users and hosts?● Can I provide centralized SUDO, automount, SELinux user mappings?● Is there a cost effective solution that provides strong authentication using OTP?● Can I provide a smooth SSO experience for my users inside the enterprise?● How can I integrate my applications into the same identity space?● How to address Active Directory interoperability challenges?
![Page 19: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/19.jpg)
19
Host Based Access Control
● Which users or group of users
can access● Which hosts or groups of hosts● Using which login services
console, ssh, sudo, ftp, sftp, etc.
● You define rules centrally● Rules are enforced on the client● Rules are cached● There is a test tool to help you
IdMIdM
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
![Page 20: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/20.jpg)
20
Use Cases and Challenges
● How can I provide centralized authentication?● Can I define access control to hosts without copying configuration files?● Can I manage SSH keys for users and hosts?● Can I provide centralized SUDO, automount, SELinux user mappings?● Is there a cost effective solution that provides strong authentication using OTP?● Can I provide a smooth SSO experience for my users inside the enterprise?● How can I integrate my applications into the same identity space?● How to address Active Directory interoperability challenges?
![Page 21: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/21.jpg)
21
SSH Key Management
IdMIdM
LinuxSystem
A
LinuxSystem
A
LinuxSystem
B
LinuxSystem
B
SSH
Digest Userpublic key
● Host public keys uploaded at the client installation time
● User can upload his public key to IdM manually
● When user SSHs from a system A the public key of to the target system B is delivered to system A (no need to validate digest)
● User public key is automatically delivered to system B
![Page 22: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/22.jpg)
22
Use Cases and Challenges
● How can I provide centralized authentication?● Can I define access control to hosts without copying configuration files?● How I can manage SSH keys for users and hosts?● Can I provide centralized SUDO, automount, SELinux user mappings?● Is there a cost effective solution that provides strong authentication using OTP?● Can I provide a smooth SSO experience for my users inside the enterprise?● How can I integrate my applications into the same identity space?● How to address Active Directory interoperability challenges?
![Page 23: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/23.jpg)
23
SUDO Integration
● Centrally define commands and groups of commands
● Define which groups of users can run these commands or groups of commands on which hosts or groups of hosts
● Rules are enforced on client● Rules are cached● Capability is integrated into the sudo
utility
IdMIdM
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Commands“ABC”
Commands“ABC”
Commands“KLM”
Commands“KLM”
Commands“XYZ”
Commands“XYZ”
![Page 24: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/24.jpg)
24
SELinux User Mapping
● Mappings can be defined centrally● Allow different users on different
systems have different SELinux context● Default SELinux labels are available in
IPA configuration● Mappings are enforced on the client● Mappings are cached
IdMIdM
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
UnprivilegedUnprivileged PrivilegedPrivileged Superprivileged
Superprivileged
![Page 25: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/25.jpg)
25
Automount
● Define direct or indirect maps● Associate maps with a particular
location● Configure clients to pull data from that
location (part of the LDAP tree)
● Maps are defined centrally● Maps are applied on the client ● Maps are cached● Maps are integrated with autofs
IdMIdM
LinuxSystems
(US)
LinuxSystems
(US)
FileServer(US)
FileServer(US)
LinuxSystems(Japan)
LinuxSystems(Japan)
FileServer(Japan)
FileServer(Japan)
Maps forJapanlocation
Maps forUS
location
![Page 26: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/26.jpg)
26
Use Cases and Challenges
● How can I provide centralized authentication?● Can I define access control to hosts without copying configuration files?● How I can manage SSH keys for users and hosts?● Can I provide centralized SUDO, automount, SELinux user mappings?● Is there a cost effective solution that provides strong authentication using OTP?● Can I provide a smooth SSO experience for my users inside the enterprise?● How can I integrate my applications into the same identity space?● How to address Active Directory interoperability challenges?
![Page 27: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/27.jpg)
27
Two Factor Authentication
IdMIdM
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
ExternalOTP
server
ExternalOTP
server
● Native 2FA– Yubikey, FreeOTP, Google
authenticator– HOTP/TOTP compatible– Over LDAP or Kerberos
● Proxied over RADIUS– Any third party that has RADIUS
support– Kerberos only
● Easy migration
![Page 28: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/28.jpg)
28
Use Cases and Challenges
● How can I provide centralized authentication?● Can I define access control to hosts without copying configuration files?● How I can manage SSH keys for users and hosts?● Can I provide centralized SUDO, automount, SELinux user mappings?● Is there a cost effective solution that provides strong authentication using OTP?● Can I provide a smooth SSO experience for my users inside the enterprise?● How can I integrate my applications into the same identity space?● How to address Active Directory interoperability challenges?
![Page 29: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/29.jpg)
29
Kerberos Based SSO
IdM/AD/KerberosIdM/AD/Kerberos
1
2
3
4NFS ClientNFS Client
NFS ServerNFS Server
KerberizedapplicationKerberizedapplication
TGT
Key
Key
ST
ST
5
![Page 30: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/30.jpg)
30
Kerberos SSO Flow
● User logs into the system that is connected to a Kerberos server– It can be: Kerberos KDC, Active Directory or IdM
● User authenticates (1) and receives a ticket granting ticket (TGT) from Kerberos server● User accesses a resource (2), for example NFS client ● Kerberos library will request a service ticket from KDC on behalf of the user (3)● Ticket is presented to the service, for example NFS server (4)● Server or service decrypts using using its Kerberos key● Keys are distributed at the configuration time, IdM provides a command to get the
Kerberos keys for the client systems
![Page 31: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/31.jpg)
31
SAML Based SSO
ApacheApache
Identity Provider (IdP)Identity Provider (IdP) Identity SourceIdentity Source
Application FrameworkApplication Framework
ApplicationApplicationSAML moduleSAML module
UserAttributes
1
2
3 4
5
6 7
![Page 32: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/32.jpg)
32
SAML Flow
1. User starts browser and navigates to a resource or application
2. SAML component checks the presence of the assertion and redirects to IdP
3. IdP prompts user for authentication methods it supports
4. IdP uses some identity source to perform the authentication
5. IdP creates a SAML assertion and redirects browser back to the resource
6. SAML component checks the assertion and extracts user data from it
7. Data is passed to the application – user is authenticated
![Page 33: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/33.jpg)
33
Use Cases and Challenges
● How can I provide centralized authentication?● Can I define access control to hosts without copying configuration files?● How I can manage SSH keys for users and hosts?● Can I provide centralized SUDO, automount, SELinux user mappings?● Is there a cost effective solution that provides strong authentication using OTP?● Can I provide a smooth SSO experience for my users inside the enterprise?● How can I integrate my applications into the same identity space?● How to address Active Directory interoperability challenges?
![Page 34: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/34.jpg)
34
Application Integration
Apache with modulesApache with modules
Linux Platform Linux Platform Identity SourceIdentity SourceSSSDSSSD
Application FrameworkApplication Framework
ApplicationApplication
AuthenticationAuthentication
Kerberos SSOKerberos SSO
SAML, OpenID,...SAML, OpenID,...
IdentityIdentity
User Attributes
![Page 35: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/35.jpg)
35
Use Cases and Challenges
● How can I provide centralized authentication?● Can I define access control to hosts without copying configuration files?● How I can manage SSH keys for users and hosts?● Can I provide centralized SUDO, automount, SELinux user mappings?● Is there a cost effective solution that provides strong authentication using OTP?● Can I provide a smooth SSO experience for my users inside the enterprise?● How can I integrate my applications into the same identity space?● How to address Active Directory interoperability challenges?
![Page 36: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/36.jpg)
36
AD Integration Options
Active Directory
Active Directory
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Direct Integration
CentralIdentityServer
CentralIdentityServer
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Linuxsystem
Indirect Integration
Active Directory
Active Directory
![Page 37: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/37.jpg)
37
Direct Integration
Active Directory
Active Directory
Linux systemLinux systemDNSDNS LDAPLDAP KDCKDC
SSSDSSSD PoliciesPolicies
Name ResolutionName Resolution
AuthenticationAuthentication
IdentitiesIdentities
sudosudo
hbachbac
automountautomount
selinuxselinux
Can map AD SID to POSIX attributes or use SFU/IMUCan join system into AD domain (realmd)Leverages native AD protocols and LDAP/Kerberos
Authentication can use LDAP or Kerberos
AD can be extended to serve basic sudo and automount Policies are delivered via configuration files and
managed locally or via a config server like Satellite or Puppet. GPO support for HBAC is implemented since 7.1.
![Page 38: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/38.jpg)
38
Indirect Integration
Active Directory
Active Directory
Linux systemLinux systemDNSDNS LDAPLDAP KDCKDC
SSSDSSSD PoliciesPolicies
Name ResolutionName Resolution
AuthenticationAuthentication
IdentitiesIdentities
Domain trust is established on the Kerberos level.DNS zone can be delegated to IdM, can be a
subdomain
Client software connects to the right server depending on the information it needs
IdMIdM
KDCKDC LDAPLDAP DNSDNS
sudosudo
hbachbac
automountautomount
selinuxselinuxPolicies are managed centrally
User domain Domain for Linux resources
![Page 39: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/39.jpg)
39
Example Architecture
Linux ServerLinux Server
IdMIdM
SSSDSSSD CertmongerCertmonger
Business ApplicationBusiness Application
ModulesModules
Active DirectoryActive Directory TrustTrust
IdPIdP
![Page 40: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/40.jpg)
40
Cost Effectiveness
![Page 41: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/41.jpg)
41
What is the cost?
● All mentioned components and solutions are provided using Red Hat Enterprise Linux without extra charge
● No third party vendors involved● Deployment is easy and integrated – saves time● The main cost is server side subscriptions, but one server can serve about 2-3K clients
![Page 42: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/42.jpg)
42
Use Cases in Works
![Page 43: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/43.jpg)
43
Use Cases in the Pipeline
● Integration of different products in Red Hat portfolio● Smart Card authentication● Central key store● User lifecycle management● One-way trusts● DNSSEC
![Page 44: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/44.jpg)
44
Future considerations
● Global catalog support● Authentication indicator in tickets● Integration with Samba 4 DC● Full smart card management capabilities● IdM to IdM trusts
![Page 45: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/45.jpg)
45
Pointers and Resources
![Page 46: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/46.jpg)
46
Resources
● Blog: http://rhelblog.redhat.com/author/dpalsecam/● Red Hat Documentation:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/● Demo community instance of IdM (FreeIPA): http://www.freeipa.org/page/Demo● Demo community instance of Ipsilon: https://saml.redhat.com/idp/
![Page 47: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/47.jpg)
47
Questions!
● What use cases do you want us to address?
● What challenges do you have in your environment that we did not discuss in this presentation?
![Page 48: Identity Management - Red Hat · Identity Management: ... How to address Active Directory interoperability challenges? 17 Centralized Authentication ... public key Host public keys](https://reader031.fdocuments.in/reader031/viewer/2022020215/5b39ebdd7f8b9a5a518f0d88/html5/thumbnails/48.jpg)
48