Identity Federation Flashcards
Federated Access Roles
Types of federated accesses?
SAML 2.0,
Federated Access Roles
Special names for the two acting systems in federation?
Identity Provider (like AD), Service Provider (controls access to resources)
Federated Access Roles
Examples of Identity Provicders
Facebook, Google, Amazon.com
Federated Access Roles
Two steps to use federated login?
Go to IdP, get a Token. Give token to AssumeRoleWithWebIdentity, get AWS keys
Federated Access Roles
AWS system that manages this federation for mobile apps?
Amazon Cognito
Federated Access Roles
Federated method for large scale, unknown users?
Web identity federation (Facebook, etc.)
Federated Access Roles
Federated method for enterprise use case with employees?
SAML (uses an existing directory of users)
SAML
What is SAML Federation?
Legacy! Use SSO instead. Use on-prem system to auth, swap for aws creds
SAML
What version of SAML does AWS support?
2.0
SAML
What Microsoft product uses SAML?
Microsoft Active Directory Federated Services (ADFS)
SAML
Use SAML with Google or Facebook?
Nope, there’s other federation for that. SAML is only about your ON-PREM auth system.
SAML
When do you switch from using AWS to manage identities and using SAML?
One example is when you hit the 5,000 IAM User limit per account.
SAML
How long (in general) are creds good for when you use SAML 2.0?
<= 12 hours
SAML
Setting up trust between on-prem and AWS for SAML. One-way or two-way trust?
Set up two way trust
SAML
What does a SAML enterprise system give you?
SAML Assertion (bearer token), exchange this with AWS for temp creds.