Red Hat SSO & Azure Active...
Transcript of Red Hat SSO & Azure Active...
![Page 1: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/1.jpg)
Red Hat SSO and Azure Active Directory
Red Hat SSO & Azure Active Directory
RHUG 2018
Sebastien Perreault
Senior Solutions Architect
![Page 2: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/2.jpg)
Red Hat SSO and Azure Active Directory
Identity and SSO
![Page 3: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/3.jpg)
Red Hat SSO and Azure Active Directory
Wikipedia as the “authoritative source” for definitions:
3
“Identity management (IdM) describes the management of individual principals, their authentication, authorization, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.”
Wikipedia
Identity Management - (noun)
![Page 4: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/4.jpg)
Red Hat SSO and Azure Active Directory4
Modern EnterpriseIdentity View
Servers Services Clouds Applications Tools
Users
![Page 5: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/5.jpg)
Red Hat SSO and Azure Active Directory5
Modern Identity ModelActive Directory based solution
Servers Services Clouds Applications Tools
Active Directory
![Page 6: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/6.jpg)
Red Hat SSO and Azure Active Directory
External NamespaceInternal Namespace
6
UsersIn Modern Enterprise
EmployeesContractors
CustomersPartners
![Page 7: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/7.jpg)
Red Hat SSO and Azure Active Directory
On-premises /Private cloud
devices datausers apps
THE WORLD BEFORE MOBILITY & CLOUD
![Page 8: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/8.jpg)
Red Hat SSO and Azure Active Directory
On-premises /Private cloud
![Page 9: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/9.jpg)
On-premises /Private cloud
![Page 10: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/10.jpg)
Red Hat SSO and Azure Active Directory
How to deal with SSO
![Page 11: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/11.jpg)
Red Hat SSO and Azure Active Directory11
● Platform level:○ NTLM - old, weak crypto, should not be used○ Kerberos - old, went a long way, recommended
● Application level:○ OpenID - old, has weaknesses, should not be used○ SAML - old, proven, recommended, challenges with mobile○ OpenID Connect (OIDC) - modern, proven, recommended for
new applications
Some of the standards listed here!Overview
![Page 12: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/12.jpg)
Red Hat SSO and Azure Active Directory
Protocols
OpenId Connect
● JSON● Simpler● Bearer token
When to use
● Default● Single-page apps, mobile● REST services
SAML
● XML● More mature
When to use
● Monolithic applications○ Or you don’t need end-to-end auth
● If your apps already support SAML● If you have requirements OpenID Connect
doesn’t support
You can use both!
![Page 13: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/13.jpg)
Red Hat SSO and Azure Active Directory13
Use combination of Kerberos, SAML, OIDC and a combination of them based on the use case.
Federation is the key
How to deal with SSOBottom Line
![Page 14: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/14.jpg)
Red Hat SSO and Azure Active Directory
Concepts
![Page 15: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/15.jpg)
![Page 16: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/16.jpg)
Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Concepts
![Page 17: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/17.jpg)
Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Azure Active Directory B2C
Securely authenticate your customers using their preferred identity providerCapture login, preference, and conversion data for customers
Provide branded (white-label) registration and login experiences
Microsoft Azure Active Directory
Social IDs
Business & Government IDs
contoso
Any SAML provider
Customers Business
Apps
Analytics
![Page 18: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/18.jpg)
Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Azure AD Connect authentication optionsPassword Hash synchronization
Password Hash synchronization
Microsoft Azure Active Directory
Office 365, SaaS, and LoB apps
On-premises
![Page 19: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/19.jpg)
Red Hat SSO and Azure Active Directory
Adapters
Red Hat Single Sign-On
● Client-side JavaScript● JBoss EAP● JBoss Fuse● Node.js● Servlet Filter● Spring Boot
Keycloak (community)
● Jetty● Spring Boot 2● Spring Security● Tomcat● WildFly
![Page 20: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/20.jpg)
Red Hat SSO and Azure Active Directory
Demo Time !
![Page 21: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/21.jpg)
Red Hat SSO and Azure Active Directory
Microsoft Azure AD - Cheatsheet
21
● iDP Mapping
firstName: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
lastName: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
![Page 22: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/22.jpg)
Red Hat SSO and Azure Active Directory22
Questions?Finally
![Page 23: Red Hat SSO & Azure Active Directorypeople.redhat.com/mlessard/qc/presentations/sept2018/RHSSOandA… · Red Hat SSO and Azure Active Directory MICROSOFT CONFIDENTIAL – INTERNAL](https://reader031.fdocuments.in/reader031/viewer/2022040605/5eaa0e98b044bb65cf0e2cd8/html5/thumbnails/23.jpg)
Red Hat SSO and Azure Active Directory
THANK YOU
plus.google.com/+RedHat
linkedin.com/company/red-hatyoutube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHatNews