Open Source Identity Management

  • TYPE: Combined Session DATE: Wednesday, May 15, 2013 TIME: 17:00-18:00 LOCATION: AMMERSEE 2


Since Identity Management Systems have always to be integrated into existing IT landscapes the flexibility provided by Open Source products has proven to be very useful in IdM projects. The presentation will highlight such Open Source advantages and will then showcase some products: ForgeRock´s OpenAM for securing mobile applications, OpenLDAP for setting up highly scalable Metadirectories and authentication services, Shibboleth for federated SSO based on the SAML standard, and some other open standards based Open Source products for synchronization and provisioning. A success story of a migration project in which all these technologies have been deployed will conclude the talk.


Peter Gietz, CEO of DAASI International, has an MA in humanities and is active in the field of IT since 1985. He is internationally recognized as an directory expert, with core expertise in X.500, LDAP, PKI, Metadata and eHumanities. Since 1994 he worked for DFN Directory projects, which he lead...


Daniel has more than 15 years of experience building brands and driving product leadership. Prior to joining ForgeRock, he served as Chief Identity Strategist at Sun Microsystems. Daniel has also held leadership positions at McGraw-Hill, NComputing, Barnes & Noble and Agari. He holds a...

Today, the Security Assertion Markup Language (SAML) is widely used to implement identity and service providers (for instance, Shibboleth and OpenSAMLphp), which provide organizational and cross-organizational service access, as well as, single sign-on. From the perspective of a service provider, the main reasons for the extensive use of SAML-based authentication and attribute delivery are probably the simple integration of web-based services and the increased quality of identity information that is provided by the identity provider of an organization. However, a convenient integration of non web-based services (e.g., services that can be accessed via SSH) into a federated service infrastructure has not been possible so far. In the current talk, I present FACIUS, a SAML-based architecture that enables cross-organizational access to high performance, grid, and cloud computing resources, as well as, to large scale data facilities. In particular, FACIUS serves as an integration concept that can be used for non web-based services in any existing SAML-based federation with only minimal changes. Furthermore, I report on the application of FACIUS in the cross-institutional project bwIDM that is borne by identity management experts of the nine universities of the state of Baden-Württemberg, Germany. Currently, non web-based services of academic institutions of Baden-Württemberg are provided in an un-federated and locally administered manner, where everyone uses service-specific credentials to get access (like in most other institutions or companies). bwIDM aims to provide federated single sign-on to those non web-based services and to relieve the services from the burden of user management. In the context of the bwIDM project, proof-of-concepts based on FACIUS were implemented and already deployed to productive services.


Sebastian Labitzke Researcher, Karlsruhe Institute of Technology (KIT) Sebastian Labitzke studied computer science at the University of Karlsruhe. He is member of the department Services, Development, and Integration at the Steinbuch Centre for Computing and part of Prof. Dr. H. Hartenstein's...

Log in to download presentations:  


Session Links


European Identity & Cloud Conference 2013

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 14 - 17, 2013 Munich/Germany