Month: April 2012

SAML IDP with multiple inbound URLs? possible? #SAML #IDM #identity #infosec


I had an interesting use case come up this morning and I am wondering if there are any “federation” products that can handle this use case.  My client would like to configure the IDP to handle different sets of users (let’s call them “internal” and “external”).  To avoid the external users from being redirected to the IDP directly it has been front-ended with a proxy (Apache HTTP) located in the DMZ.  Internal users should have access to the same same SPs … but probably don’t want the internal users getting redirected to the proxy located in the DMZ.  One of the products that I work with can only have one “server url” configured (that I know of) … do other products allow for multiple URL’s to be configured?  Would love to hear if this is actually a “problem” and if so how other vendors have implemented.  The easy solution on our part is to deploy another federation server (IDP) to handle the different users … personally I hate to keep telling the customer to deploy a new instance each time a new use case comes up.  I don’t think that scales very well.

Virtual Identity Server for Office 365 – OptimalIDM


I just got this from my friends at OptimalIDM and wanted to share this news.

OptimalIDM is formally announcing their Virtual Identity Server for Office 365 via a press release at 9:00 a.m. this morning.

VIS for Office 365 adds a ton of features and support to Office 365 such as:

  • ·         Users can exist anywhere (i.e. eDirectory)
  • ·         Complete Multi-forest support (no on-premise synch required)
  • ·         Non-routable UPN’s (domain.local) & multiple UPN suffixes support
  • ·         Two-Factor authentication
  • ·         Denial of Service prevention/Detection
  • ·         Cloud Firewall (filter data going to cloud)
  • ·         Detailed Audit logging

OptimalIDM is demonstrating this at a Lunch presentation on TUESDAY at TEC.