Flexible Token Authentication Empowering Identity and Access Management

POC Requirements – Token Authentication and Mapping

Often times in sales engineering I get “tunnel-vision”, focusing so much of my efforts on just meeting the requirements of a proof-of-concept (POC) that I fail to fully appreciate the true value Expressway Service Gateway provides Intel’s customers. Take a POC I recently completed, some of the functional items on my list to demonstrate included:

Although I successfully demonstrated and checked off all the functional items on my list, these four had special significance for my customer. And like the ingredients in my Mom’s famous brownie recipe – each are “sweet” outright but baking them together yields something truly awesome. Stepping back I realized the same applied to these key POC functional items – combining these within Expressway created something of immense value to my customer.

Security Token Service

A Security Token Service (STS) is a software based provider primarily responsible for authenticating clients and issuing security tokens. An STS removes the burden of authenticating clients from applications – simply redirecting to the STS not only performs authorization but also provides a trusted security token allowing applications to easily consume protected services likely part of a federated model. Not surprising Expressway Service Gateway was chosen to facilitate this, considering its application security capabilities, including:

Identity Extraction Capabilities
Multiple ways to extract identities, including: Single Sign-On from cookie, name from SAML subject, principal name from Kerberos, name or token from OAuth authorization request, HTTP basic authorization, any HTTP metadata (query, headers, etc.), and WS-Security.

Identity Providers and Authentication Mechanisms Support
Built in support for LDAP, Active Directory, Oracle Access Manager, Tivoli Access Manager, STS, Keystore.

Token Mapping and Creation
Create from scratch or map to SAML, OAuth, and WS-Trust tokens or create customized tokens.

Flexible Interface Configuration
Policy based interface configuration allows users to easily configure protocol, data input type, and contextual information (i.e. HTTP method, URI, query params, headers, etc.)

Benefit To The Customer

Expressway Service Gateway was successfully demonstrated to be an agile and effective STS – solving real business needs the customer has, including:

  1. Providing seamless integration with the Oracle Identity Management Suite.
  2. Providing a vendor-neutral platform that modernizes their current Identity and Access Management platform by integrating both contemporary and emerging technologies.
  3. Eliminating costly custom integrations with improved interoperability and security between applications (3rd party, SaaS, mobile).
  4. Flexible protocol support for federated and web access management within a hybrid enterprise, allowing secure access to any private, public or hybrid cloud environment.
  5. Potential to move any cloud-based partner identity solutions on-premise.

Summary

The POC was a complete success – the customer is now employing Expressway for multiple infrastructure needs, particularly as a STS. Expressway provides them increased flexibility and security while opening up tremendous opportunities for their infrastructure roadmap. Identity Access and Management initiatives can now be broken into phases thanks in part to Expressway’s integration with contemporary and emerging technologies – eliminating the necessity to do too much, too soon.

Joe Welsh

About Joe Welsh

Joe is a Proof of Concept Pre-Sales Engineer with Intel’s Application Security Software & Datacenter Software Divisions. He joined Intel after working as a Healthcare Integration and Software engineer. Joe’s current focus resides in helping provide integration solutions utilizing Intel’s flagship Expressway gateway security product line that includes: Intel Expressway Tokenization Broker, Service Gateway, and API Management products. When not working, Joe enjoys spending time with his family, the outdoors, music, live sports (soccer and hockey especially), and reading non-fiction.

Comments are closed.