You are previewing Open Source Identity Management Patterns and Practices Using OpenAM 10.x.
O'Reilly logo
Open Source Identity Management Patterns and Practices Using OpenAM 10.x

Book Description

An intuitive guide to learning OpenAM access management capabilities for web and application servers

  • Learn patterns, practices, and the terminology of Identity Management

  • Learn how to install OpenAM 10.x

  • Protect web and application servers using policy agents

  • Protect applications using the Security Assertion Markup Language (SAML)

  • Integrated OAuth 2 logins like Facebook with OpenAM protected applications

  • In Detail

    OpenAM is a web-based open source application that provides authentication, authorization, entitlement and federation services. OpenAM provides core identity services to simplify the implementation of transparent single sign-on (SSO) as a security component in a network infrastructure. It also provides the foundation for integrating diverse web applications that might typically operate against a disparate set of identity repositories and that are hosted on a variety of platforms such as web application servers.

    Open Source Identity Management Patterns and Practices Using OpenAM 10.x is a condensed, practical guide on installing OpenAM to protect your web applications. This book will teach you how to integrate to different identity sources such as Active Directory or Facebook using two-factor authentications.

    Open Source Identity Management Patterns and Practices Using OpenAM 10.x looks at Identity Management and how to implement it using OpenAM 10.x. It specifically focuses on providing authentication to your web application using either a local identity source or a cloud-based identity source, so you don’t have to worry about authentication in your application.

    You will learn how to install OpenAM, and then how to install policy agents against your web and application servers to do authentication. In addition, we’ll focus on integrating to applications directly using SAML, either through the use of a small preconfigured application, or through a third-party SAML library. Finally, we’ll focus on integrating to cloud identity providers using OAuth 2.0 and utilizing two-factor authentication.

    If you want a scalable robust identity management infrastructure, Open Source Identity Management Principles and Patterns Using OpenAM 10.x will get you up and running in the least amount of time possible.

    Table of Contents

    1. Open Source Identity Management Patterns and Practices Using OpenAM 10.x
      1. Table of Contents
      2. Open Source Identity Management Patterns and Practices Using OpenAM 10.x
      3. Credits
      4. About the Author
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers and more
          1. Why Subscribe?
          2. Free Access for Packt account holders
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Errata
          2. Piracy
          3. Questions
      8. 1. Identity Management Patterns and Principles
        1. Defining Identity Management
          1. How claims relate to identity
          2. Understanding identity contexts
        2. Why Identity Management is important?
          1. Examples of identity levels
            1. Pseudonymous identities
            2. Trusted identities
            3. Trusted identities with multiple contexts
            4. Federated identities
        3. How Identity Management works
        4. Key components of Identity Management
          1. Identity Service Providers
          2. Identity policy agents
          3. Identity providers
          4. Identity data stores
          5. Identity managers
        5. Summary
      9. 2. Installing OpenAM 10.x
        1. Downloading OpenAM 10.x
        2. Prerequisites for OpenAM
          1. Creating a fully qualified domain name
          2. Installing the Java Runtime Environment
          3. Downloading the Tomcat application server
          4. Configuring Tomcat for OpenAM
        3. Installing OpenAM 10.1.0
        4. Summary
      10. 3. Cross-Domain Single Sign On
        1. An introduction to Cross-Domain Single Sign On
        2. Securing an Apache 2.4 local domain website
          1. Creating an Apache Policy Agent profile in OpenAM
          2. Securing Apache with the OpenAM Policy Agent
        3. Securing a Tomcat 6 remote domain website
          1. Configuring Tomcat and creating a Tomcat Policy Agent profile
          2. Securing Tomcat with the OpenAM Policy Agent
          3. Configuring a Tomcat Agent profile for Cross-Domain Single Sign On
        4. Summary
      11. 4. Distributed Authentication
        1. Understanding distributed authentication
          1. How policy agents communicate with OpenAM
          2. Understanding defense-in-depth architectures
        2. Preparing OpenAM for distributed authentication
        3. Configuring the distributed authentication application server
        4. Configuring the distributed authentication application
        5. Testing distributed authentication
        6. Summary
      12. 5. Application Authentication with Fedlets
        1. Understanding Fedlets
          1. Advantages of Fedlets over policy agents
          2. Disadvantages of Fedlets over policy agents
        2. Configuring the Fedlet application server
        3. Creating a SAML hosted identity provider
        4. Creating a Fedlet
        5. Deploying Fedlet.zip onto our Java application server
        6. Validating the Fedlet setup
        7. More information about Fedlets
        8. Summary
      13. 6. Implementing SAML2 Federation Patterns
        1. Understanding SAML
          1. Understanding Identity Providers
          2. Understanding Service Providers
          3. Understanding a Circle of Trust
        2. Configuring OpenAM as a SAML Identity Provider
        3. Installing SimpleSAMLphp
        4. Configuring SimpleSAMLphp as a Service Provider
        5. Configuring OpenAM to trust a SimpleSAMLphp SP
        6. Testing our SAML Circle of Trust
        7. Summary
      14. 7. OAuth Authentication
        1. Understanding OAuth
        2. Preparing Facebook as an OAuth Provider
        3. Configuring an OAuth authentication module
        4. Configuring Authentication Chaining
        5. Testing our OAuth Client against Facebook as an OAuth Provider
        6. Summary
      15. 8. Two Factor Authentication
        1. Understanding two factor authentication
        2. Understanding OATH and how it relates to OpenAM
        3. Configuring OpenAM for two factor authentication
          1. Configuring OpenAM to use additional LDAP attributes
          2. Installing an OATH HOTP token generator
          3. Populating our LDAP attributes with values
          4. Configuring the OATH authentication module
        4. Testing two factor authentication
        5. Summary
      16. 9. Adaptive Risk Authentication
        1. Understanding Adaptive Risk authentication
        2. Understanding how Adaptive Risk authentication works
        3. Adding the Adaptive Risk module
        4. Configuring the Adaptive Risk module
        5. Adding adaptive risk to the authentication chain
        6. Potential authentication patterns
        7. Summary
      17. Index