Since Identity Management Systems have always to be integrated into existing IT landscapes the flexibility provided by Open Source products has proven to be very useful in IdM projects. The presentation will highlight such Open Source advantages and will then showcase some products: ForgeRock´s OpenAM for securing mobile applications, OpenLDAP for setting up highly scalable Metadirectories and authentication services, Shibboleth for federated SSO based on the SAML standard, and some other open standards based Open Source products for synchronization and provisioning. A success story of a migration project in which all these technologies have been deployed will conclude the talk.
Today, the Security Assertion Markup Language (SAML) is widely used to implement identity and service providers (for instance, Shibboleth and OpenSAMLphp), which provide organizational and cross-organizational service access, as well as, single sign-on. From the perspective of a service provider, the main reasons for the extensive use of SAML-based authentication and attribute delivery are probably the simple integration of web-based services and the increased quality of identity information that is provided by the identity provider of an organization. However, a convenient integration of non web-based services (e.g., services that can be accessed via SSH) into a federated service infrastructure has not been possible so far. In the current talk, I present FACIUS, a SAML-based architecture that enables cross-organizational access to high performance, grid, and cloud computing resources, as well as, to large scale data facilities. In particular, FACIUS serves as an integration concept that can be used for non web-based services in any existing SAML-based federation with only minimal changes. Furthermore, I report on the application of FACIUS in the cross-institutional project bwIDM that is borne by identity management experts of the nine universities of the state of Baden-Württemberg, Germany. Currently, non web-based services of academic institutions of Baden-Württemberg are provided in an un-federated and locally administered manner, where everyone uses service-specific credentials to get access (like in most other institutions or companies). bwIDM aims to provide federated single sign-on to those non web-based services and to relieve the services from the burden of user management. In the context of the bwIDM project, proof-of-concepts based on FACIUS were implemented and already deployed to productive services.
