Tag Archives: SSO

Web SSO with One-time Passwords via Mobile SMS and Email

      6 Comments on Web SSO with One-time Passwords via Mobile SMS and Email

With increasing incidents of online frauds through username/password compromises and stolen/forged identity credentials – Strong authentication using multi-factor credentials is often considered as a  defensive solution for ensuring high-degree of identity assurance to accessing  Web applications. Adopting multi-factor credentials based authentication has also become a most common security requirement for enabling access control to critical online banking transactions and to safeguard online customer information  (Mandated by FFIEC… Read more »

Exploring Logical Access Control with PIV cards

      No Comments on Exploring Logical Access Control with PIV cards

Looks like convergence projects are in the limelight… lately I noticed a lot of interests on enabling the use of common credentials for securely accessing physical and logical resources.  Although we find most convergence projects are targeted at the enterprise level but there are serious minds working on using smartcard based PKI credentials for supporting citizen-scale projects (I regret that… Read more »

Smartcard/PKI authentication based SSO (Using OpenSSO)

      7 Comments on Smartcard/PKI authentication based SSO (Using OpenSSO)

It’s been so long, I had been involved with multiple Smartcard/PKI projects particularly supporting integration of Sun technologies for use with National eID, US Federal (HSPD-12 / PIV cards) and DoD CAC projects. There is no secret sauce,  but unfortunately I did’nt find time to put together a trustworthy documentation addressing the technical aspects of using Smartcard based PKI credentials… Read more »

Here you go..OWASP Hartford !

      No Comments on Here you go..OWASP Hartford !

Last night, I had the opportunity to present at an OWASP event @Hartford, CT.  James McGovern, a long-time buddy of mine organized this event at one of the Hartford skyscrappers – What a great view !  I had contributed code artifacts to OWASP projects before, but it was the first time I had a chance to attend an OWASP event…. Read more »

Stronger Authentication with Biometric SSO (Using OpenSSO and BiObex).

      3 Comments on Stronger Authentication with Biometric SSO (Using OpenSSO and BiObex).

I had been involved with multiple Biometric ISV providers and its integration with Sun technologies particularly OpenSSO, IdM, Sun Rays and Solaris. I also had the opportunity to deploy Biometric solutions to few govt organizations that starts with “D” and “N”. Believe it or not…we have few of them in production. Now, getting down to the specifics – Putting it… Read more »

Match-to-SmartCard PKI and Biometric authentication.

      No Comments on Match-to-SmartCard PKI and Biometric authentication.

A picture is worth a thousand words. This picture is intended for a friend of mine (a doubting Thomas), who did’nt believe my latest work on enabling a multi-factor authentication based “Web SSO” that uses on-card credentials (PIN + PKI + Biometrics) using PIV card. This solution is currently tested to run Sun OpenSSO Enterprise 8 (running on Glassfish v2),… Read more »

Biometrics enabled Single Sign-On (SSO) using SAML

      No Comments on Biometrics enabled Single Sign-On (SSO) using SAML

Last week, I was at Biometric Consortium Conference 2006 to present “Biometric Single Sign-On using SAML: Architecture and Design Strategies” and demonstrate one of my favorite topic of interest – Stronger authentication solution that combines “Web Access Management/SSO/Federation” using “Biometrics”.  I used my previous JAAS Module integration work between Sun Java System Access Manager 6.x (SunONE Identity Server) and BioBex… Read more »