SecureAuth STS
Security Token Service

SecureAuth STS Issues Security Tokens to Ensure Interoperability Across On-Premise Web, Cloud-based Applications, and VPN Resources

The foundation for SecureAuth's solutions is the SecureAuth Identity Enforcement Platform (IEP). SecureAuth IEP includes a Security Token Service, 2-Factor Authentication, SSO, and IdM in a single solution to make it secure and simple for end-users to access cloud and on-premise applications and resources.

SecureAuth's unique approach solves the problem of authenticating users from an existing directory (Active Directory, etc.,) and extending those identities to on-premise web applications, VPNs, mobile devices, and cloud applications such as Google Apps, SalesForce, Success Factors, Oracle OOD CRM, etc. Until now, enterprises have struggled to deploy a solution to handle the disparate resources.

SecureAuth STS addresses the security operability challenge between applications in different identity domains by providing a standards-based method of converting a security token from one application into the format that another application understands, for example converting X.509 Certificates to SAML Assertions and vice versa. Architected to provide a common access control infrastructure for a group of applications, SecureAuth STS negotiates trust between client applications and Web services which removes the need for a direct relationship. Bottom line, SecureAuth STS makes assertions based on evidence that it trusts, to whoever trusts it (or to specific recipients). And, to communicate trust, SecureAuth provides a signature to prove knowledge of a security token or set of security tokens.

The SecureAuth STS establishes a secure identity infrastructure for exchanging one type of security token for another that isn't dependent on any one mechanism, such as the Kerberos protocol or X.509 to secure messages. This makes it easier to enable different authentication protocols to interoperate, by adding a level of abstraction on top of existing protocols. SecureAuth IEP's 2-factor authentication and SSO work seamlessly with the STS which eliminates the need to enter additional passwords or the use of another security protocol for authentication and authorization. This unique approach makes it easy to implement, reduces administrative overhead, and strengthens security by ensuring that only authorized users are accessing applications.

SecureAuth STS is all Inclusive

SecureAuth's Security Token Service includes everything that is needed to create an independent trust relationship across diverse types of applications and environments. SecureAuth STS includes:

• An appliancized web server automatically handles redirected authentication requests
• Data connectors to on-premise directories including Active Directory, ADAM, LDAP v3, SQL, ODBC and more
• Executables to conduct a configurable 2-factor authentication including the creation, refreshing, validation, and revocation of digital certificates.  Registration options include UserID/Password and/or SMS, Telephony, X.509 digital certificates, KBA, Pin, and Help Desk.
• Built-in, customizable form pages securely collect profile information and provide user friend self-enrollment interface
• Automatically asserts the identity in the appropriate format that is the relevant to on-premise web applications, VPNs and SaaS applications.  Includes support for SAML 1.1, SAML 2.0, Microsoft FBA, IBM LTPA, CA SiteMinder, URL Identity Passing, and X.509 digital certificates.
• STS Extensions establish a secure conversation that provides configurable SSO and strong authentication
• Automated logging to a local or cloud-based SIEM.  The syslog event includes the appliance ID #, realm #, event code, date, time, and user ID        

SecureAuth STS for Web, VPN and SaaS Resources

SecureAuth utilizes a revolutionary new approach to X.509 v3 technology that delivers the promise of strong authentication without the complexities and cost of PKI and hardware tokens. SecureAuth IEP’s innovative architecture enables SecureAuth to conduct 2-Factor authentication utilizing industry endorsed, browser-based X.509. v3 certificates and because SecureAuth is conducting the authentication, a more secure second factor authentication is enforced.

SecureAuth IEP STS (1) receives an authentication request and verifies the identity against the local user store (Active Directory, etc.); (2), and then asserts the identities to local Web (3), VPN (4), and SaaS (5) resources. Most importantly, SecureAuth IEP conducts the authentication locally and logs to the enterprise logging resource collector (6).

In addition, the SecureAuth IEP also includes comprehensive IdM functionality that connects to local resource, maps local IDs, groups, attributes and provides self-service end user enrollment.

SecureAuth's Security Token Service is one of many functions of the SecureAuth Identity Enforcement Platform which provides Identity Enforcement plus 2-factor authentication, SSO, and IdM services in a single solution.