Embed Size (px)
DESCRIPTION
ACA IT-Solutions Security Specialist Jan Van den Bergh details OpenAM best practices at VAL-I-PAC as part of a joint Case Study session with Everett and IS4U, moderated by ForgeRock VP of Services Steve Ferris and Director of Support Tim Rault-Smith.
Citation preview
2013 Open Stack Identity Summit - France
Use of OpenAM at VAL-I-PAC
About myself
• Jan Van den Bergh
@janvdbergh
• IAM Architect and Security Specialist at ACA IT-Solutions.
About VAL-I-PAC
• Non-profit organization consisting of about 50 companies from a broad cross section of industries.
• Controls how industrial packaging waste is managed in Belgium.
• Provides services to over 8.000 Belgian companies.
The application landscape
MonaLisa+ ODO
Leonardo
IBMCognos
CRM
Amazon EC2 Cloud
Google Apps
OpenAM
Key features
• Different authentication mechanisms:
Username / password – Belgian eID card – MyDigipass
• Different integration mechanisms:
SAML – Agent-based – Custom connector (OSGI).
• Automatic deployment using scripts:• Quickly deploy and redeploy different environments.
• Reduces errors and down-time.
Key features
• Leverages the EC2 cloud.• Quickly set up / replace hosts.
• Add environments when they are needed.
Later enhancements• Automatic deployments using Chef.
• HTML 5 adaptive screen layout.
• Reusable components:• OpenAM connector for custom applications (replaces agents).
• Custom authentication modules (eID – OpenID – RememberMe).
• Deployment scripts.
• Invite mechanism (= delegated administration)
• SaaS model using REST services.
Some best practices
• Use OpenAM only for access management.
• Do not add new features to the UI.(Instead, set up a different application using the SDK.)
• Invest in automated install and configuration.
• Do not underestimate the required effort.
