Filter by products, topics, and types of content

(442 Products)

(773 Topics)

(20 Industries)

(15 Types)

1 - 22 of 22 results
Show Summaries | Hide Summaries
View Results
Title none Type none Date down
Browser-based device fingerprint with risk-based access
Implement risk-based access and authentication on mobile devices to increase confidence in the security of mobile transactions. Using IBM Security Access Manager and IBM Tivoli Federated Identity Manager, evaluate the current session authentication level and registration status.
Articles 09 Dec 2013
Customizing SAML 2.0 with Tivoli Federated Identity Manager
SAML 2.0 is one of the most commonly used protocols for creating federation agreements for single sign-on architectures, enabling federation partners to exchange user authentication information using a relatively simple XML schema. In this article, learn how to use Tivoli Federated Identity Manager's identity-mapping rules to customize SAML 2.0 assertions for a third-party vendor or cloud service provider's unique security requirements.
Articles 19 Nov 2013
Self-registration and bring-your-own-identity using Tivoli Federated Identity Manager
This demonstration shows how to use Tivoli Federated Identity Manager to simplify the on-boarding process of end-users into a business enterprise environment by allowing them to self-register and use bring-your-own-identity.
Articles 29 Oct 2013
Design and implement just-in-time provisioning with SAML 2.0
Understand and get a demonstration of how to design and implement just-in-time (JIT) provisioning at a service provider with SAML 2.0 Federated Single Sign-On using Tivoli Federated Identity Manager, Tivoli Directory Integrator, and Tivoli Access Manager.
Articles 14 Aug 2012
Configure secure communications with WebSphere Application Server and WebSphere Message Broker using SAML 2.0 tokens and Tivoli Federated Identity Manager
This article shows you how to configure secure communication using the SAML token profile with WebSphere Application Server V7 hosting a Web service client and server, and WebSphere Message Broker V7 acting as an enterprise service bus to mediate the application communication and ensure that security requirements are met. IBM Tivoli Federated Identity Manager V6.2 acts as the Security Token Service (STS) and issues the SAML tokens.
Articles 13 Apr 2011
Understand IBM InfoSphere MDM Server Security, Part 5: Integrating Master Data Management Server with Tivoli Federated Identity Manager
This article builds on Part 4 of this series, “Using SAML in MDM Server Security.” It shows how the integration of IBM InfoSphere Master Data Management (MDM) Server and IBM Tivoli Federated Identity Manager (TFIM) can extend MDM Server’s identity propagation capabilities and facilitate client application development. Learn how to use and configure these components to solve real-world business problems.
Also available in: Chinese  
Articles 26 Feb 2009
Using Tivoli Access Manager for eBusiness WebSEAL without a user registry
Often customers require a web single sign-on and authorization solution but are unable or unwilling to replace or synchronize their existing user registry with another. This can pose a problem for customers wishing to leverage Tivoli Access Manager for eBusiness (TAMeB) where their existing user registry is not supported natively by TAMeB. This article will demonstrate how to utilize Tivoli Access Manager for eBusiness WebSEAL without requiring the enterprise users to be in the TAMeB directory. This article requires some prior knowledge of Tivoli Access Manager for eBusiness authentication, the TAMeB external authentication interface (EAI), and the Tivoli Federated Identity Manager (TFIM) Security Token Service (STS).
Articles 03 Feb 2009
Adding custom XML extensions to SAML 2.0 request messages
IBM Tivoli Federated Identity Manager 6.2 (TFIM) has extended existing support of the SAML 2.0 federated single sign-on protocol to include the ability to supply custom XML elements as part SAML requests or responses. This capability is exposed by way of an Open Services Gateway Initiative (OSGi) plug-in extension to the Tivoli Federated Identity Manager runtime. This article will outline how to use this extension point including sample Java code and instructions for deployment and testing.
Articles 28 Oct 2008
Managing OpenID trusted sites with Tivoli Federated Identity Manager
IBM Tivoli Federated Identity Manager 6.2 (TFIM) introduces support for OpenID 1.1 and 2.0 authentication protocols. When configured in the role of an OpenID Provider (Identity Provider), TFIM allows end users to record choices about authenticating to trusted relying-party sites. For example a user may select "Allow authentication forever" to a particular relying-party, and may select which attributes they are willing to share with that site. By default TFIM stores these choices in persistent cookies on the user's browser. The cookie technique is effective, but not portable for users across different browsers. This article will demonstrate how to write your own plug-in for the storage and retrieval of user choices (for example to a database) via the TFIM TrustedSitesManager extension point.
Articles 15 Oct 2008
User Centric Identity with Tivoli Federated Identity Manager, Part 2: Self registration and account recovery using information cards and OpenID
Attracting users to register at your retail Web site has always been a challenge. Not only do you need to have a fantastic service to offer, you also need to make the on-boarding process as simple and convenient as possible. Traditional federation technologies like Liberty and SAML allowed companies to collaborate with tightly-coupled user bases by establishing 1:1 or many:few relationships; however, that model does not scale to the true retail space. User Centric Identity management technologies like OpenID and Information Cards allow people to manage their own identity attributes at distributed "Identity Providers" (including self-issued Information Cards). This article will demonstrate how to implement self-registration using an Information Card or OpenID (with the simple registration extension - SREG). Automated recovery of an account is also implemented, such as when the user centric credential with which it was registered is lost. Sample code is provided to rapidly enable these capabilities with IBM Tivoli Federated Identity Manager 6.2.
Articles 15 Oct 2008
User-Centric Identity with Tivoli Federated Identity Manager, Part 1: Replace Password Authentication on your Web site with an Information Card or OpenID
Most people passionately dislike having to remember and update passwords. A lot of corporate dollars are spent on customer service for password resets. In this article we describe a way for users to establish one or more alternate means of authentication to IBM WebSphere or Tivoli Access Manager environments using Information Cards and OpenID's. The flow is simple - the user first authenticates to the site using an existing authentication mechanism (which may be username/password or some other means), then "links" a user-centric credential (i.e., an information card or OpenID) to their account. Thereafter, the Information Card or OpenID can be used as the primary means of authentication.
Articles 06 Oct 2008
Understanding the Tivoli Federated Identity Manager Information Service 6.2
IBM Tivoli Federated Identity Manager 6.2 (TFIM) provides a Web service interface designed to obtain federation, federated user, and user alias information from a TFIM environment. This Web service is known as the TFIM Information Service. This article shows how to create a Web service client from the interface using Rational Application Developer 7.0 and also contains a sample application which uses the newly created Web service client to query federation, federated user and user alias information.
Articles 18 Sep 2008
Developing a custom Java module
TFIM 6.2 provides an OSGi (Open Services Gateway Initiative) extension point for custom plug-ins for STS modules. In this tutorial, we will walk through the complete development process for creating a custom STS plug-in for Tivoli Federated Identity Manager (TFIM) 6.2. Customers might develop their own STS plug-ins for a variety of reasons including advanced user mapping and attribute gathering capabilities, or to support validation or issuing of proprietary security token types. This tutorial will use as a working example a simple mapping module which adds a configurable name/value parameter pair as an attribute to the TFIM Trust Service's STSUniversalUser.
Tutorial 12 Sep 2008
Integrating Tivoli Federated Identity Manager and Tivoli Identity Manager
IBM Tivoli Federated Identity Manager (TFIM) is IBM's solution for identity propagation in Service-Oriented Architecture (SOA). As well as providing support for a variety of security token types, identity processing in TFIM can transform identities from one administrative domain to another. In this article, the design and implementation of a customized mapping module for TFIM will be presented. Tivoli Identity Manager (TIM) will be used as the source of identity metadata used to map the incoming identity to another identity.
Articles 12 Sep 2008
Tivoli Federated Identity Manager Business Gateway and ASP.NET authentication
In this article we show you how to enable your ASP.NET applications for federated single sign-on utilizing the Tivoli Federated Identity Manager Business Gateway (FIM-BG) and the plug-in it provides for Microsoft® Internet Information Server Version 6 (IIS). Your existing forms-based authentication mechanism can be expanded to include support for participating in a federated single sign-on using the SAML 1.0, 1.1 or 2.0 protocols. Here, we take a sample ASP.NET application through the process of federated single sign-on enablement using FIM-BG and the plug-in for IIS.
Articles 12 Sep 2008
Web services security interoperability using Kerberos
XML Web services provide an open, standards-based mechanism for inter-process communication and are common in implementations of Service Oriented Architecture (SOA). From a security perspective, complementary standards such as WS-Security exist to enable cross-platform, cross-domain interoperability for message level security. Implementations using these standards often reveal subtle challenges. In this article, security interoperability using Kerberos security tokens in a heterogeneous Microsoft .NET and IBM WebSphere J2EE environment is examined. A number of non-obvious implementation details are provided to assist readers in implementing their own solutions.
Articles 07 Jul 2008
SOA and SAP - Let IBM extend your investment
This article presents a solution that allows for identity propagation from SAP Web service clients to products from other vendors. It allows organizations that are heavily invested in SAP to reuse their infrastructure in Systems-Oriented Architecture (SOA) projects. After reading this article, you will know how to propagate the identity within a SAP Web service request to other vendors' products. The solution uses the IBMWebSphere DataPower XML Firewall in conjunction with the IBM Tivoli Federated Identity Manager Security Token Service to map the proprietary SAP identity token to an open standards token, such as SAML. This augments the SAP Web service client functionality and allows for securing Web services sent to third party products.
Articles 07 May 2008
Using SAML security tokens with Microsoft Web Services Enhancements
Microsoft Web Services Enhancements (WSE) is a framework for developing secure, interoperable Web services for the Microsoft .NET platform. WSE supports standard security token types such as Username, Kerberos and X.509 certificate tokens. One widely used security token type not supported by WSE is the Security Assertion Markup Language (SAML). This article will demonstrate an architecture and implementation capable of integrating WSE and SAML using Tivoli Federated Identity Manager (TFIM).
Articles 29 Apr 2008
SOA authorization using Tivoli Federated Identity Manager and WebSphere Service Registry and Repository
This article describes a service-based approach to authorization in Service Oriented Architecture (SOA) environments using IBM Tivoli Federated Identity Manager (TFIM). This approach extends existing IBM solutions for identity propagation in SOA by leveraging Tivoli Access Manager (TAM) as the authorization policy decision point. A software utility to discover services from the IBM WebSphere Service Registry and Repository (WSRR) to enable the authorization solution will be provided to simplify and accelerate deployment of this authorization solution.
Articles 09 Jan 2008
SOA: Managing identity contexts across service requests
Businesses embrace Service Oriented Architecture (SOA) to help their IT meet the needs of their business. The loose coupling of services and their distributed nature across organizations and trust boundaries presents a number of challenges. When it comes to the reuse of existing applications or service connectivity across organizational or technological boundaries, the identity systems can vary and so can the credential systems. Managing, mapping, and propagating identity across these environments is necessary. This article discusses the business challenges when managing identity contexts in Web services and SOA. It outlines the importance of creating solutions based on standards. The security token service (STS) capability in IBM Tivoli Federated Identity Manager (TFIM) is a key building block that can be used in solutions to address these identity propagation requirements. This article explains the capabilities of the STS and outlines architectural approaches using TFIM to solve these needs.
Articles 08 Jan 2008
ASP.NET Authentication using LTPA and Tivoli Federated Identity Manager (TFIM)
In this article, we show you how to enable your ASP.NET applications for federated single sign-on utilizing the IBM Tivoli Federated Identity Manager (TFIM) to translate LTPA cookies set by IBM WebSphere Application Server. We show how to create an ASP.NET HTTP module that extracts the LTPA cookie then uses TFIM to translate the token into a username via WS-Trust.Background
Articles 16 Oct 2007
Securing a composite business service delivered as a software-as-a-service: Part II, Supporting identity propagation (enterprise and federated SSO) and authorization
A composite business service (CBS) introduces many new challenges for security in an SOA solution. In this two-article series, a few security scenarios are examined in a proof-of-concept (PoC) CBS software-as-a-service (SaaS) application for banking called Jivaro. These scenarios help to identify when and how to apply different IBM Tivoli security products. In particular, scenarios for using IBM Tivoli Access Manager and Tivoli Federated Identity Manager (TFIM) for meeting SSO requirements in a CBS are described.
Articles 27 Sep 2007
1 - 22 of 22 results
Show Summaries | Hide Summaries