Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our Federated Identity Management module. There are third party identity services that can assist us with managing identities of users across multiple platforms. We can have cloud identity services where the identity is shared as a token. Here we can create users, manage them and store them in the cloud with no connection to our internal directory services.
We can also use directory synchronization, where we create and manage users on site in our local directory services system, for example, Active Directory and Microsoft Windows Server. And then we provide a synchronization to the cloud service, so they can use cloud applications. And we can also use federated identity, which will allow us to implement single sign on or SSO, using our web browsers.
Here we use directory synchronization and on premises identity providers, and they handle the authentication and assurance. This can be used with a third party security token service or STS, or it can allow you to use temporary credentials for a user that logs in through a different site, such as Google or perhaps Facebook.
We can use federated identity management single sign on technology for business to business relationships. If we have a trust relationship between two domains or two organizations, we can create cross domain single sign on or SSO. For this to work successfully, we would need two or more trusted partners with separate domains.
We have to make sure there are common policy and technical agreements in place to make sure that our systems are compatible, and that we have a common set of practices and standards in order to process our identification process for users, and how we can manage the business to business trust relationships in these systems.
We can also use a trusted third party known as an identity provider to permit users from one domain to seamlessly use their credentials in another domain. The identity partner or IDP can control the user database and they call this a credential store. Attestation is the act of attesting something or certifying that something is true.
You should be familiar with this term for the CISSP examination. Federated identity management will allow attested users from one federation partner to seamlessly access resources at another federation partner. These systems will use public key infrastructure bridge trust. Bridge trust is when a user logs in to system A and system A trusts that user, and then that user attempts to log in to system B.
And because system B trusts system A, and the system A says that the user has been validated, then system B will trust that that user is permitted to log on and grant access. SAML, or Security Assertion Markup Language, is an XML based standard for exchanging authentication information and authorization information between security domains in federated identity management.
SAML assertions are passed like cookies from a source website to a destination website, and this can be done either through headers or HTTP post requests. The SAML identity assertions are attached to the SOAP documents envelope header to secure the pay load. SOAP stands for Simple Object Access Protocol, and it's a method for systems to communicate with each other and share information.
With federated systems, we need some way to exchange authentication information between the identity providers and the service providers, in order to allow single sign on to function properly. An identity provider can offer assertions of someone's identity. Basically, proving that the person is who they claim to be using assertion tickets.
The service provider will use the information they received from the identity provider to provide the appropriate access controls depending on the user. The advantage of using SAML based authentication is that it is platform neutral, which will improve the user experience, and it also has strong open source support as well as strong commercial support.
This concludes our Federated Identity Management module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!