Friday, 19 September 2008

X.509 (SmartCard) Integration Kit for PingFederate

We recently completed an X.509 Integration Kit to allow for Certificate based authentication to PingFederate. The kit will be available for download shortly.

The PingFederate X.509 Certificate IdP Integration Kit provides an Identity Provider (IdP) Adapter for PingFederate. This Adapter allows a PingFederate IdP server to perform client X.509 certificate authentication for single sign-on (SSO) to Service Provider (SP) applications.

The X.509 Certificate IdP Adapter uses the PingFederate security infrastructure for certificate validation and management. PingFederate validates the trust of all certificates. A certificate is trusted if the root certificate of the issuing Certificate Authority (CA) is imported into the PingFederate trusted certificate store.

Technorati Tags: SAML WS-Federation SSO Single Sign-On Federation Federated Identity Management

Posted by adurand at 12:59 PM in IdM | Responses (0) | Permalink

What he said

Jeff Bohren responded to my recent post on centralized versus distributed projects.

So Federation (loose coupling) is always the best way to go, right?
No. It’s often the best way to go but there are many times that tight coupling simply must be done. Often that means using a provisioning system and a means of synchronizing accounts (IBM TIM, Sun SIM, MS ILM, etc). Sometimes that means configuring your systems to centralize the identity (Quest Vintella, Centrify, etc).
And here is where I will let you in on the dirty little secret of provisioning. It’s really all about deprovisioning. Typically enterprises don’t care if it takes weeks for you to get access to all of the resources you need to do your job. They care in the abstract (usually), but not enough to actually do anything about it. But the minute your employment is ended, your access to all your enterprise resources needs to be turned off.
And for that you need centralization of some sort.

Jeff, you're right. There is no 'one approach' that fits all. Both centralized and federated approaches have their pros and cons, depending on the situation. Most of life happens somewhere between black and white. I've just come to appreciate how to succeed in small increments, and this lesson isn't limited to IdM projects.