pp108 : Managing Authentication

Managing Authentication
This topic describes the concept of Authentication in Process Platform.

Identity or digital identity is a claim made by users to uniquely identify themselves. For example, name or employee ID, and so on. Identity is the foundation for security management in any organization.
Authentication is the process of confirming the claim made by the user. Authentication and identity are not the same. The goal of authentication is to verify that users are actually who they claim to be. Authentication is accomplished by presenting one's identity and credentials. Examples of credentials are passwords, one-time tokens, digital certificates and so on. The medium of verifying the user's identity is by using a login form.

Single Sign-On

Single Sign-On is a security model that authenticates users once after which they can access the services of multiple software systems. By doing so, SSO removes the need for redundant authentication. For information on using Single Sign-On in Process Platform, refer to Process Platform Single Sign-On.

  • The Process Platform SSO feature is able to exchange identity information with other software systems that support the SAML standard or OTDS protocol.

Security standards currently supported by Process Platform

  • SAML 2.0
  • WS-Security: SOAP Message Security 1.0
  • WS-Security Username Token Profile 1.0
  • WS-Security SAML Token Profile 1.1

According to the guidelines of Basic Security Profile 1.0 Process Platform conforms to:

  • Core
  • Transport Layer Mechanisms such as SSL
  • Username Token
  • SAML Token

Security Assertion Markup Language (SAML)

  • Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions ) and a service provider (a consumer of assertions). SAML is a product of the OASIS Security Services Technical Committee.
  • Process Platform supports SAML 2.0 as authentication mechanism.

WS-Security

  • WS-Security is a communications protocol providing a means for applying security to Web Services
  • WS-Security incorporates security features in the header of a SOAP message, working in the application layer. Thus it ensures end-to-end security

OpenText Directory Services (OTDS)

  • OpenText Directory Services (OTDS) is an proprietary protocol for identity management across OpenText products.
  • The Process Platform supports OTDS 10.2 and higher as authentication mechanism.
  • OTDS supports Single Sign On
  • OTDS supports adding an authentication token to the header of a SOAP message

Trust relationships between Service Groups

The Single Sign-On component gives statements about identity. Administrators can use the Security Administration task to manage trust relationships between service groups.
Custom forms The client-side Single Sign-On library facilitates easy development of custom login forms.