Background
In the almost two years of Centrifying we have discussed Identity Consolidation with AD and Single Sign-on at length. 90% of organizations have Active Directory but sometimes over-complicate things when it comes to identity consolidation and SSO.I had the chance to speak about this in a seminar and these two videos consolidate many entries that we've covered in this blog over the years.
Direct Integration
Name Service Switch, Pluggable Authentication Modules, GSSAPI, Kerberos and Proxies
- OpenSSH SSO over an outgoing external non-transitive AD one-way trust
- NSS and PAM using Oracle DB as an example (externally identified user)
- GSSAPI using MongoDB
- Kerberos using Hadoop (MapR example)
- LDAP Proxy to enable Couchbase console access.
Web-Java, SAP and DB2 Plugins
SPNEGO Plugins (Apache/Java); ERP Plugin (SAP Netweaver, SAPgui), DB2 Plugin
- Apache SPNEGO
- JBoss SPNEGO
- DB2 Plugin
- Toolset: Centrify-enhanced psftp; addns, adcert
Conceptual Diagram
The idea is to eliminate complexity and promote reuse by committing to Active Directory, let the Centrify DirectControl agent do the heavy-lifting for Direct Integration and use the SPNEGO plugins when needed.
For the full briefing, including marketing slideware go here.
No comments:
Post a Comment