Authentication Speed Versus Flexibility: Benchmarking SSO - PowerPoint PPT Presentation

About This Presentation
Title:

Authentication Speed Versus Flexibility: Benchmarking SSO

Description:

In the future, we may see complimentary cas single sign on specifications to add session management alternatives. One idea is for the OpenID Provider (“OP”) to return the logout URLs to the browser, which could then notify the back-end servers that a logout has occurred. – PowerPoint PPT presentation

Number of Views:24

less

Transcript and Presenter's Notes

Title: Authentication Speed Versus Flexibility: Benchmarking SSO


1
 Authentication Speed versus Flexibility
Benchmarking SSO
  • Gluu has been working quite a bit recently on
    benchmarking, and the question came up whether
    its better to use the Gluu Servers built in
    LDAP authentication with a custom filter, or the
    Jython based Custom Authentication Interception
    Script.
  •  
  • If you are just considering throughput, the
    Jython script has more CPU overhead. However, it
    gives the organization vastly more flexibility.
    In the future, some organizations may support
    many authentication workflows. How to identify a
    person may vary depending on the location of the
    person being authenticated, and what device is in
    their hands. Authentication attempts provide
    valuable data for fraud detection, which may be
    exposed via API interfaces. For these cases,
    empowering system administrators to add business
    logic without having to compile, build, and
    deploy a war/jar file can improve security and
    add agility.
  •  
  • Another consideration for benchmarking was
    whether to use the Gluu Server for Session
    Management. The OpenID Connect specification does
    not require central sessions managementthe
    session is only in the browser. In the Gluu
    Server, central session persistence is optional.
    In large deployments, its un-desirable. In
    smaller deployments, it can be quite useful.

2
In the future, we may see complimentary cas
single sign on specifications to add session
management alternatives. One idea is for the
OpenID Provider (OP) to return the logout URLs
to the browser, which could then notify the
back-end servers that a logout has occurred. The
Gluu Server also has a Custom Logout
Interception Script that enables the OP to
insert some tactical code to ensure the cleanup
of resources (for example, call the API to make
sure the CA Site minder session is ended).   In
the long term, session management needs to be
centralized to enable SSO where there are many
autonomous websites and sso service. Also,
extending Web SSO to mobile applications is under
discussion for standardization. This is critical
for IoT. For example, when I logout of my tablet,
can I force a logout of my TV?   As the OP
becomes smarter, there is a trade-off of speed
and flexibility, hardware and functionality.
Depending on your business requirements, and the
number of people you are serving, you may have to
make a number of hard choices.   Article
resource-http//gluu.soup.io/post/440885561/Authe
ntication-Speed-Versus-Flexibility-Benchmarking-SS
O
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Authentication Speed Versus Flexibility: Benchmarking SSO" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!