IBM tivoli identity manager - websphere-7

I am new to Tivoli identity manager and need to setup the same for an existing project. Please let me know how to configure tivoli identity manager for web service security management in Websphere 7.0.0.0 ? Basically i am looking for trust chain and STS setup.

This is a much broader category to answer. You can simply get into some PDF to help you out with TIM configuration. There are a lot of them available online.

Since you refer to Trust Chains and STS, you are actually asking about the wrong product. What you want to look into is Tivoli Federated Identity Manager. A good place to start is http://www-01.ibm.com/support/knowledgecenter/SSZSXU/welcome

Related

artifactory OSS self-hosted authentication using SAML/Azure AD

Is it possible to authenticate Artifactory OSS (self-hosted) with Azure AD/SAML? Right now we use local Active Directory, but are thinking of deprecating local AD in favor of Azure AD, and moving most authentication to Azure AD/SAML. I understand the other versions of Artifactory can do this, but I can't definitively find if the self hosted OSS version does. If it does not, it may drive us to one of the pay models.
Thanks for any help!
The SAML SSO is not supported in the OSS version of Artifactory. In the link provided, you might find useful information on the top right of the page for JFrog Subscriptions that support the feature (relevant to all features).
Also, you can check the Pricing page for the different features included in each subscription. You should find the SAML SSO feature under the "Pro" subscription level and "Platform Security".
I hope this clarifies more.

Path of least resistance to implement SSO with SAML

Here's the environment:
Existing .NET B2B application with multiple, external corporate customers. The service provider application is hosted in IIS.
Existing non-SSO authentication with user account info stored in a database.
Must have both SSO and non-SSO login capability.
The initial identity provider will be ADFS hosted by a customer.
All options are on the table. I'm open to cloud solutions, open source (Shibboleth et al), local ADFS server, and/or custom implementation. I'm looking for the easiest and fastest way to implement an SSO solution into an existing .NET application.
Lots of things to wheigh in. First strike the custom solution part, hard and unnessecary in this case.
As I understand you are looking for the SP part as IDP will be ADFS at customer.
In this case the product does not even have to talk to the database. Only the IDP needs that.
Some things to think about when choosing the product.
Opensource is cheep in licens cost. enterprise products can be quite expensive.
Enterprise product might have better support then opensource when things doenst work. If your applications ar critical this might be important.
It might be a good idea to consider one of many cloudbased SPs to offload the management of the SP from you.
These are some considerations to take. What you choose will depend on your need and wishes in terms of uptime, support, managements etc.
Most products will have no problem implementing this use case.

how to write a cloud-based Active directory .NET application

I work for a network management company and I want to write a .Net application (MVC 4) that will allow us to service Active Directory users from a cloud-based application.
As I have never written a cloud-based app, I don't know if I'm using that term correctly or not. I am in the requirements gathering stage. Basically, I'd like to provide our customers with the ability, for example, to change their own password using our cloud-based application.
is this an application that should be written specifically using Azure? If not, what tools and platform(s) should I take into consideration?
What tutorials or other resources are available ?
Actually, I don't even know enough about Active Directory and Cloud computing to ask the right questions. But, I hope someone will point me in the right direction
Read How to Authenticate Web Users with Windows Azure Active Directory Access Control. There are great walk-throughs there. There is more reading and code samples here - Access Control Service 2.0.
That's using ACS.
You could go direct to Azure Active Directory if you wished?
Refer: Adding Sign-On to Your Web Application Using Windows Azure AD.
If you use Office 365, you already have an AAD tenant.

Difference between Preview and Production version of Azure AppFabric Access Control Service

I started to learn everything connected with Azure platform a little time ago. I'm really fascinated how some stuff works like a charm. One of that is AppFabric Access Control Service (ACS) and possibility of Single Sign On (SSO) with Facebook, Google, Live id...
When I was learning how to get running AppFabric I used preview version of it (available for free at https://portal.appfabriclabs.com/, but without SLA). Every tutorial about SSO was based on that Management portal.
Now, when I have my real Azure account (and AppFabric with it) I'm really confused because I can't find anywhere and section on portal where to configure ACS? I want to be able to create relaying party with facebook, live id and google identity provider using real appfabric account? Is that possible?
On some places I saw that this what I'm talking is only preview version of future ACS and that is not in production yet. So, if that is true, my main question is can I use production version (real appfabric account) to do single sign on on my web app? If not, what can I do with current production ACS version? What is the main purpose of it?
If someone have some links where are described main difference between Preview and Production version of AppFabric ACS, I will appreciate that.
P.S - Only tutorial that I found and is considered on current production release of ACS is at https://portal.appfabriclabs.com/. But I don't see integration with facebook, google.. There isn't SSO there...
Thank you in advance.
The current production version of ACS is a subset of what you see in the "Labs". Production currently supports SWT and WRAP. No WS-Federation, no WS-Trust, no (or limited) SAML.
All the cool stuff you mention (SSO for websites, out of the box integration with FB, Google, Yahoo! and LiveID, etc) is available on ACS "Labs" (which is not production yet).

How do you create an Azure deployable WebRole that use LiveId and Access Control Service

I need some help with creating a simple WebRole that uses federated authorzation/authentication with LiveId and the Access Control Service. I'm able to get it working with a local test ASP.NET application, but can't seem to find any information on the steps necessary to do this with a Web Role that can be deployed to Azure. The only information that I've found is to handle this scenario using a custom STS and the ACS or just LiveID, but nothing that demonstrates using both together.
Is there currently a limitation with Azure that prevents this? I've read some articles that seem to indicate it isn't currently possible due to the Geneva Framework not being fully implemented on Azure - can anyone confirm?
Thank you very much for any help!
You may find this resource useful - http://code.msdn.microsoft.com/wifwazpassive. It shows how to use ACS in an Azure Webrole. It does use a custom STS, not LiveID, but given that it's using Geneva framework components it should be possible to make it work with LiveID.

Resources