SSO & Federation

SSO and Identity Federation

SSO is a fundamental requirement in enabling secure enterprise integration. API and Service Oriented Architectures (SOA) enable communication via ubiquitous standards such as XML, SOAP, and JSON. To foster efficient, effective message exchange and satisfy increasing user demands for real-time, aggregated information from internal and external business partners, trust must be established among all entities. Comprehensive mediation, authentication, and authorization of identity exchange among customer and partner portals, Web applications, and XML-based Web services provide the business with a simplified, coherent model for identity management and build the pillars of Federated SOA and Cloud Computing.

Federated SOA – a prerequisite for cloud computing – is predicated on interoperability within and across corporate domains. But mandating identity token standardization among trading partners is impractical from both a business and technology standpoint,” said John Woolbright, CIO of Omega Financial Services. “By securing and accelerating identity exchange locally and globally, Forum STS helps provide a unified, rich portal experience for our customers, while laying the foundation for true Federated SOA.

White Paper

How to Implement Enterprise SAML SSO

Download

Addressing these requirements, Forum Sentry provides extensive SSO capabilities. It produces and consumes identity tokens in varying protocol and message formats. Performing identity translation from one format to another, Forum Sentry allows authentication and authorization enforcement, controlling privileges to services without requiring custom code. De-coupling the developers from the identity decisions is the first step toward recognizing a more powerful and simplified model for identity management across the enterprise.

Forum Sentry provides a unified, easy-to-deploy platform that seamlessly integrates with multiple, disparate Identity Management products, allowing enterprises to capitalize on their existing infrastructure investments and utilize base standards such as WS-Trust and SAML.

DMZ-ready for organizations that require secure, accelerated and consolidated identity enforcement of both internal and external users, and applications, Forum Sentry delivers the following benefits:

 

Centralized Authentication, Authorization and Access Control

Identity token translation (OAuth Cookies, Basic Auth, SSL, SAML, WS-Identity) and deep, direct integration with all major Identity Systems including CA Siteminder, IBM TAM, RSA ClearTrust, OpenSSO, Kerberos KDC, ActiveDirectory and LDAP.

 

High Performance and Scalability

Hardware acceleration and caching mechanisms eliminate performance bottlenecks and reduce the costs associated with increasing transactions as the number of users and applications scale.

 

Enhanced Security

Built on a JITC DoD PKI-, FIPS 140-2 Level-II infrastructure, Forum STS is ideally suited for edge deployments where external partners require identity decisions.

 

Simplified Token Exchange

Forum Sentry consumes and generates protocol- and message-based Identity Tokens, eliminating the need to code against proprietary libraries by leveraging token exchange standards such as OAuth and SAML.

Related Content

API Identity Management with LDAP Server

Read More
  • DATASHEET

    Download the Forum Sentry Datasheet

    DOWNLOAD

    REQUEST DEMO

    Let us show you how an API gateway works

    SIGN UP

    WEBINAR

    Fundamentals of Enterprise API Security

    WATCH NOW

    WHITE PAPER

    Reducing Application Cost and Risk through Centralized API Security

    DOWNLOAD

  • Data moving between your company and the your partners, customers and cloud providers must be protected with military-grade security. As your enterprise increases its integration, the attack surface area increases along with the risk of corporate data leaks. Using Forum Sentry, your corporation can protect against emerging threats, deploy world-class data privacy, enforce data integrity, and ensure that every corporate transaction is accounted for.

    Threat Mitigation

    • XML Firewall
    • Web App Firewall
    • Rate-Based Rules
    • Size-Based Rules
    • Embedded AV Engine
    • Pattern Recognition
    • Intrusion Detection Prevention (IDP)
    • Data Leakage Prevention (DLP)

    Transaction Privacy

    • XML Encryption
    • WS-Security Encryption
    • Symmetric Encryption
    • SSLv3
    • TLS
    • RSA
    • DSA
    • ECC

    Transaction Integrity

    • XML Signatures
    • WS-Security Signatures
    • DSIG Verification
    • X.509 Authentication
    • XSD Schema Validation
    • XSD Tightening
    • JSON Validation
    • Timestamp Validation
    • HTML Form Validation

    PKI

    • X509
    • PKCS #1,7,8,12
    • OpenPGP
    • SSH
    • Key Import
    • Key Generation
    • CSR, Self-Sign
    • CRL, OCSP, XKMS, CDP
    • HSM Security World
    • OID Extraction
    You have to know who you do business with and the extent of information that you are willing to provide to your partners and customers. As a successful company, the number of partners that transact with you continues to increase. Forum Sentry provides a flexible identity platform that lets your corporation rapidly utilize a variety of identity tokens. From social media and cloud-based OAuth tokens to hardened 2-Factor Authentication, Forum Sentry enables code free authentication, authorization, and access control capabilities for rapidly enabling secure data exchange.

    Message-Based Tokens

    • WS-Username
    • WS-Kerberos
    • WS-SAML
    • WS-X509
    • SAML
    • DSIG

    Protocol-Based Credentials

    • HTTP Basic
    • HTTP Digest
    • HTTP Form Post
    • HTTP Cookie
    • SSL X.509 Client Auth
    • REST URI
    • OAUTH

    Access Control

    • Central Authorization
    • XACML
    • Database
    • IdP and SP-Initiated schemes
    • Native Identity Adapters
    • Intelligent Caching
    • Patented Cryptographic Acceleration

    Federation

    • Cookie Consumption
    • Cookie Generation
    • Cookie Tracking
    • IdP and SP-Initiated SSO Schemes
    • WS-Federation
    • SAML
    • STS
    • Credential Persistence
    Forum Sentry API Gateway is designed to securely integrate clients and services, both modern and legacy, with comprehensive standards built in for optimal interoperability. Leveraging over 14 years in the industry, the Forum Sentry API Gateway inspects and analyzes transaction attributes in the request and response to enable policy-based enforcement. These attributes include: HTTP methods, protocol headers, message data, X.509, IdM attributes, and other dynamic attributes. This enables contextual decisions to be based on HTTP methods such as POST and GET, as well as contextual methods such as URIs, message data content, and any other attribute source. The integration features also enable API-based message enrichment where workflows, data transformation, and APIs can be extended via scripting and service aggregation capabilities.

    Standards

    • XML, SOAP
    • HTML, JSON
    • AS2, ebXML
    • SAML, WS-Federation
    • XML-Sec, WS-Sec
    • WSDL, XSD
    • WS-Trust, XACML
    • WS-Addressing
    • WS-Reliable Messaging
    • WS-Policy, UDDI
    • XPath
    • XSLT

    Data Mapping

    • SOAP-to-REST Conversion
    • Attribute Mapping
    • Protocol and Message Mapping
    • Identity Token Conversion
    • Data Aggregation
    • Node Encoding and Conversion
    • Transformation
    • Header, Body & Attribute Identification
    • X.509 Attribute Mapping
    • Database Mapping
    • IdM Mapping (LDAP, AD, etc.)
    • API & SOA Data Repository Integration
    • URI Mapping

    Protocols

    • HTTP, HTTPS
    • SSL / TLS
    • IBM MQ
    • Tibco EMS
    • JBOSS JMS
    • Oracle JMS
    • Sun JMS
    • Active MQ, Rabbit MQ
    • Solace JMS
    • AMQP
    • FTP, FTPS, SFTP
    • SMTP

    Monitoring

    Forum Sentry provides you with granular, real-time and accurate view into your corporations transactions with your customers and partners. With extensive logging, reporting and SLA enforcement capabilities, Forum Sentry can control traffic pattern between your application, cloud providers and users. With extensive throttling and alerting capabilities, Forum Sentry ensures that you are in direct and immediate control of your API traffic.

    Actions

    • API Traffic Reporting
    • Rates and Size Statistics
    • Latency and Throughput
    • Message Throttling and Shaping
    • Threshold Alerts
    • Enforcement time windows

    Logging

    • SYSLOG UDP/TCP/SSL
    • SNMP v3
    • JMX
    • SOAP Logging
    • Database Logging
    • Customized logging

    Transaction Accountability

    • Archiving
    • Logging
    • Reporting
    • Monitoring
    • SNMP
    • JMX
    • Custom SOAP Alerts

    Repositories

    • MySQL
    • IBM DB2
    • Oracle Database
    • Microsoft SQL Server
    • HP-OpenView
    • CheckPoint ELA

     

    Hardware

    1-U Hardened Appliance

    • FIPS 140-2 Level II Chassis
    • FIPS 140-2 Level III HSM Cryptographic Acceleration
    • Dual Power Supply
    • Integrated Flash
    • Unlimited Cloud Capacity
    • 3 x Gigabit Ethernet (optional 10-Gigabit)

    Forum Sentry

     

     

    Virtual Appliance

    Fully encapsulated virtualized rendition of hardware system in a deployable OVA VMware system

    • Virtual OS
    • VMware
    • Cloud

    Virtual Appliance

     

     

    Software

    Enabled for automated deployment and provisioning

    • Windows
    • Linux
    • Solaris
    • VMware
    • Cloud