Facebook Authentication to WebSEAL

I recently decided to look into how to add a “Login from Facebook” button to a website, in particular a website protected by Tivoli Access Manager WebSEAL (though this really isn’t all that important). Given that Facebook’s graph API is based on the draft OAuth 2.0 specification this seemed an interesting technology investigation. The surprise […]

Continue reading

Tivoli Federated Identity Manager and Salesforce.com with SAML 2.0

A while back I posted configuration notes for SAML 1.1 Integration with Salesforce.com. The integration was performed with a trial edition of Salesforce CRM. Since that time Salesforce have added support for SAML 2.0 as a single sign-on protocol. This article will highlight the configuration requirements for SAML 2.0. If you haven’t already done so, […]

Continue reading

Complex Federation Identity and Attribute Mapping for Tivoli Federated Idenity Manager

Use Case Description This article describes an advanced Tivoli Federated Identity Mananager configuration model concerning mapping modules for single sign-on federations. The article is applicable to readers who are already familiar with Tivoli Federated Identity Manager and it’s federated SSO support. In particular I will present a technique to perform identity and attribute mapping via […]

Continue reading

Using WebSphere TAI with Tivoli Federated Identity Manager

In this article I will describe a pattern of custom authentication to WebSphere via TAI for use with Tivoli Federated Identity Manager acting as an Identity Provider. The article assumes a strong background in WebSphere authentication and Tivoli Federated Identity Manager. The primary goal of this pattern is to be able to authenticate to WebSphere […]

Continue reading

Tivoli Federated Identity Manager and Salesforce.com

I have had several enquiries about how to configure federated single sign-on integration between Tivoli Federated Identity Manager and salesforce.com. Saleforce.com offer cloud applications for all manner of sales and CRM capabilities, and the typical use case is that an enterprise has already authenticated their employees (application users) via a company portal/website, and then want […]

Continue reading

Protected Access to Individual TFIM STS Chains

This post is a technical note on using security within the Tivoli Federated Identity Manager Security Token Service. It will be of interest to Tivoli Federated Identity Manager customers using the TFIM STS as a service for identity mediation and token exchange. I had an interesting enquiry about using the Tivoli Federated Identity Manager Security […]

Continue reading

Tivoli Federated Identity Manager and GoogleApps

I was recently asked to demonstrate a use case for securing Software-as-a-Service (SaaS) offerings, in particular GoogleApps. The concept is fairly straight forward – there are a growing number of hosted online services that coporations and individuals may subscribe to instead of self-hosting or using desktop applications. GoogleApps is one example, offering hosted email (GMail), […]

Continue reading

Tivoli Federated Identity Manager and Developerworks

This entry is a collection of references to developerworks articles on advanced Tivoli Federated Identity Manager (TFIM) concepts, development, and integrations. I have also included a few of my articles related to Tivoli Access Manager (TAM), as I often use the concepts from both in various Tivoli security deployments that I am involved with. I […]

Continue reading