News & comment
Product update information and support discussion arising from work with our clients.
Common tags: sso plugin, update, news, xml gateway, active directory, blog, cac, dashboards, iis, saml, ssoplugin
● Bringing Ping Federate to BMC and HP ITSM
posted by John B on 9th February 2012
There's a (mistaken) belief that SAML is easy, and that a product with SAML support will integrate with other SAML products.
This is not correct.
Each vendor implements the standard how they see fit and products need to be validated to ensure compatibility.
Ping Federate is a well known SAML Identity Provider implementation that's used for providing Internet based SSO. SSO Plugin (3.5.6) has been validated against Ping Federate and JSS will support this deployment.
If Internet SSO is a requirement, you can now rely on Ping Federate and SSO Plugin to provide a solution.
● Security experts putting more demands on users with longer more complex passwords
posted by Danny Kellett on 23rd January 2012
JSS keep abreast of publications regarding passwords and security and this article on the popular CSO site caught our attention.
Christopher Frenz, CTO at See-Thru and a faculty member at Mercy College, both in New York, says:
"the problem is not because of passwords being obsolete, but because of the prevalence of bad passwords and bad password practices." He admits that high-quality passwords are difficult for users to remember, especially if users (as they should) have different ones for possibly dozens of sites."
Furthermore, Owain Rees, information security officer for BBC-TV in the UK, agrees:
"The only way to make a password more effective is to make it longer. In most cases a very long simple password is more difficult to break than a smaller complex password,"
Matthew Walker, manager at ShieldPass in Singapore comments,
"The current trend among IT administrators is to insist that users increase the complexity of their passwords and change them at regular intervals. This makes managing online passwords a living hell; and yet it makes not one bit of difference to the malware that commonly intercepts and copies them."
While the security and administration experts spend endless hours and millions of dollars figuring the best approach to teach our users to use and remember long, complex passwords while, as stated above creating a “living hell” for everyone involved, JSS will continue to invest in removing all the living nightmares stated above by removing the need for passwords.
It sounds quite simple: If managing passwords is a “living hell”, leaves your applications open to lazy passwords, cost time and money to maintain, then maybe it’s time to implement single sign on.
● JSON for BMC AR System and ITSM
posted by John B on 19th January 2012
XML Gateway 3.5.8 introduces JSON support for BMC AR System and ITSM. This allows a range of third party application building toolkits to integrate with XML Gateway and AR System.
Other changes to the platform include improved "query by parameter" support, allowing simple HTTP GET queries to be used for generating complex XML and JSON based responses, and support for the AR System "impersonate" functionality.
● SSO for BMC ITBM
posted by John B on 7th January 2012
SSO Plugin (version 3.5.4) introduces SSO for BMC IT Business Management (BMC ITBM).
The solution allows for both SSO and non-SSO logins to BMC ITBM, an improvement on the "out of the box" functionality that appeared to be both untested and lacking in support for non-SSO users.
This integration adds yet another BMC product to the list of SSO Plugin supported solutions and is available immediately.
● SSO Plugin, around the world
posted by Danny Kellett on 2nd January 2012
With 2011 at a close, SSO Plugin has once again grown in popularity within the BMC market.
Banks, retail, public service, educational, technology, pharmaceutical, US military and government: SSO Plugin has been deployed to organisations in all these sectors during 2011.
Customers have continued to provide great feedback in the quotes section of our website, such as Tony R from a large US medical organisation who wrote:
They stayed with me in support throughout the night of our install even though our maintenance window started at 3am London time!
This single statement underlines the offering from JSS: we don't simply provide a quality product driven by listening to customers and implementing feedback, we provide support that's rated above our competitors. And we continue to offer upfront inclusive professional services at no cost, to deploy SSO Plugin in your environment to ensure it meets your requirements without any cost or commitment.
This year also saw the release of exciting integrations to BMC Dashboards, Analytics and SAP Business Objects. It didn't take long for existing customers to deploy these integrations, including a US military customer who implemented the BMC integrations without a single remote support session from ourselves, by following our instructions and online videos. We've also gained custom in the HP market with the release of SSO Plugin for HP Service Manager and Service Request Catalog.
And during 2012, new integrations will be announced.
We wish everyone a happy and prosperous new year and we look forward to working with you in 2012.
● What's SAML?
posted by John B on 21st December 2011
SAML is a protocol for allowing authentication over the Internet, typically associated with SSO.
Consider a company wishing to use an Internet based Remedy On Demand service who's already enjoying SSO Plugin on their corporate network. Users don't need to login to ITSM and if the company moved to Remedy On Demand (without SSO Plugin), users would have to login. This would result in fewer people raising tickets, because people don't like barriers. However, users can have SSO access to Remedy On Demand by requesting SSO Plugin and using SAML to integrate with their Active Directory Federation Service.
The high level process is as follows:
User is sitting inside the corporate network and they try to access Remedy On Demand. They are not authenticated so typically, a login page would appear.
With SSO Plugin installed on RoD, an XML request is created (by SSO Plugin) and the user's browser is redirected to the corporate Active Directory Federation Service with the XML request.
ADFS decodes the XML request and decides if it's from a known third party. Once this has been established, ADFS authenticates the user and creates an XML response. The user's browser is redirected back to Remedy on Demand complete with the XML response.
The request hits RoD and SSO Plugin intercepts it. The XML response is discovered, decoded, verified to be from ADFS (using public/private keys), and a username extracted. SSO Plugin now continues with an SSO login to RoD.
User now has access to RoD using their standard Windows login, just as they did before moving to RoD.
It's also worth noting that a number of these technologies exist, it just happens that SAML and OpenID (which Google seem to promote) are more common than others. The concept is essentially the same: an exchange of tokens, with layers of encryption, to pass a username (and other associated information, such as a list of Active Directory roles) from one system to another without the systems directly interacting with each other.
● SSO Plugin at Home Credit and Finance Bank
posted by Danny Kellett on 22nd November 2011
Helios IT, a Russian BMC partner company, has deployed SSO Plugin to Home Credit and Finance Bank. They've written an article on the ITSM implementation and how SSO Plugin helped increase usage of the ITSM application by 40%.
An English version of the article is available with thanks to Google translate.
● SSO Plugin and CAC
posted by John B on 8th November 2011
We are regularly asked by US government agencies if SSO Plugin supports Common Access Cards.
SSO Plugin is used by a number of US military clients, some of which have integrated with CAC.
The answer is yes: SSO Plugin is the only solution suitable for the US government.