POC Requirements – Token Authentication and Mapping
Often times in sales engineering I get “tunnel-vision”, focusing so much of my efforts on just meeting the requirements of a proof-of-concept (POC) that I fail to fully appreciate the true value Expressway Service Gateway provides Intel’s customers. Take a POC I recently completed, some of the functional items on my list to demonstrate included:
- Multiple credential schemes
- Token Authentication and Mapping
- Integration with Oracle Access Manager
- Support for multiple protocol and data types (especially for Web Services, REST, SOAP, etc.)
Although I successfully demonstrated and checked off all the functional items on my list, these four had special significance for my customer. And like the ingredients in my Mom’s famous brownie recipe – each are “sweet” outright but baking them together yields something truly awesome. Stepping back I realized the same applied to these key POC functional items – combining these within Expressway created something of immense value to my customer.
Security Token Service
A Security Token Service (STS) is a software based provider primarily responsible for authenticating clients and issuing security tokens. An STS removes the burden of authenticating clients from applications – simply redirecting to the STS not only performs authorization but also provides a trusted security token allowing applications to easily consume protected services likely part of a federated model. Not surprising Expressway Service Gateway was chosen to facilitate this, considering its application security capabilities, including:
Multiple ways to extract identities, including: Single Sign-On from cookie, name from SAML subject, principal name from Kerberos, name or token from OAuth authorization request, HTTP basic authorization, any HTTP metadata (query, headers, etc.), and WS-Security.
Identity Providers and Authentication Mechanisms Support
Built in support for LDAP, Active Directory, Oracle Access Manager, Tivoli Access Manager, STS, Keystore.
Flexible Interface Configuration
Policy based interface configuration allows users to easily configure protocol, data input type, and contextual information (i.e. HTTP method, URI, query params, headers, etc.)
Benefit To The Customer
Expressway Service Gateway was successfully demonstrated to be an agile and effective STS – solving real business needs the customer has, including:
- Providing seamless integration with the Oracle Identity Management Suite.
- Providing a vendor-neutral platform that modernizes their current Identity and Access Management platform by integrating both contemporary and emerging technologies.
- Eliminating costly custom integrations with improved interoperability and security between applications (3rd party, SaaS, mobile).
- Flexible protocol support for federated and web access management within a hybrid enterprise, allowing secure access to any private, public or hybrid cloud environment.
- Potential to move any cloud-based partner identity solutions on-premise.
The POC was a complete success – the customer is now employing Expressway for multiple infrastructure needs, particularly as a STS. Expressway provides them increased flexibility and security while opening up tremendous opportunities for their infrastructure roadmap. Identity Access and Management initiatives can now be broken into phases thanks in part to Expressway’s integration with contemporary and emerging technologies – eliminating the necessity to do too much, too soon.