1. OCAU Merchandise is available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion in this thread.
    Dismiss Notice

Anyone into identity management here?

Discussion in 'Business & Enterprise Computing' started by Ding.Chavez, Apr 28, 2016.

  1. Ding.Chavez

    Ding.Chavez Member

    Joined:
    Jul 27, 2001
    Messages:
    423
    Location:
    Sydney
    I have a sister company, not connected to us - no trust etc, that is building a web app/portal with a shopping cart. They have taken it upon themselves to implement IdentityServer3 with OpenID.

    We have our own portal and want to be able to send our already authenticated user to their portal, shop/book, then return to us which we then will process the payment (local currency etc). We can pass tokens to them or cookies but they need to know something about our client (booking number/dob/etc). We can change our local authentication from our current system which is basic local auth.

    Since they're so difficult to deal with, business process and culture wise, we are needing this to go away until we can tackle it with B2C Azure later this year.

    Anyone got any suggestions?

    PCI compliant and PII conscious ...
     
  2. OP
    OP
    Ding.Chavez

    Ding.Chavez Member

    Joined:
    Jul 27, 2001
    Messages:
    423
    Location:
    Sydney
    Anyone know expert out-sourced web identity company then?
     
  3. lavi

    lavi Member

    Joined:
    Dec 20, 2002
    Messages:
    4,008
    Location:
    Brisbane
    look into SAML ?

    edit:
    re-read your post and noticed PCI-DSS well yeah implement SAML, you'd be sill not to
     
  4. IACSecurity

    IACSecurity Member

    Joined:
    Jul 11, 2008
    Messages:
    760
    Location:
    ork.sg
    I have done lots and lots in the area. IDM is not just WebSSO... though just in time provisioning with SAML-P gets towards IDM.

    Setting up an ADFS IDP/STS within your ord allows you to kerberos SSO to it, and then have it pass a SAML token to their portal, it can do OpenID.. but sucks at it comparitivley speaking.

    You never send passwords, the federated user concept doesnt preclude PCI-DSS.
     
  5. IACSecurity

    IACSecurity Member

    Joined:
    Jul 11, 2008
    Messages:
    760
    Location:
    ork.sg
    never seen identityserver3 used. it has a WS-Fed plugin module, so you could use that with ADFS, costs you nothing.

    Or setup simpleSAML (PHP) or Shiboleth IDP and bob is your uncle.
     
  6. IACSecurity

    IACSecurity Member

    Joined:
    Jul 11, 2008
    Messages:
    760
    Location:
    ork.sg
    .........................
     
  7. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,474
    Location:
    qld.au
    I was thinking ..........................., but clearly ........................ also makes sense :p

    On the topic of IDM, ForgeRock stuff looks good but I'm yet to actually try it.
     
  8. IACSecurity

    IACSecurity Member

    Joined:
    Jul 11, 2008
    Messages:
    760
    Location:
    ork.sg
    That was Sun IDM and AM.. really great base to start from, not sure about support though?

    Given ur in QLD, talk to Unify Solutions about options for IAM. Ping Federate might work too (IIRC licencing for that works best when you have huge numbers of users.
     

Share This Page

Advertisement: