All Layer 7 API Gateways ship with a Security Token Service (STS) engine inside. The Layer 7 Security Token Service is capable of performing:
The Layer 7 STS supports both the WS-Trust and WS-Federation specifications, including SAML 1.1 and 2.0. It includes deep certificate integration to support holder-of-key, bearer token and sender-vouches methods of subject confirmation for identity propagation. The Web Browser SSO Profile (including Browser-Artifact and Browser POST) is supported in either an identity provider or a service provider role. Web service-style token profiles are also supported.
The STS can be implemented inline or as an endpoint security service. Additionally, it can be deployed as an adjunct to commercial identity and access management (IAM) products from leading vendors such as Oracle, Sun, Novell, Tivoli, CA and RSA.
Beyond the specific interactions provided by the WS-Trust specification, Layer 7’s STS provides comprehensive identity federation across a wide array of security tokens and message formats. A security token can be:
Supported authorization styles include:
White Paper: Federated Identity & Single Sign-On Using Layer 7
Federate identity for SaaS, Web services, APIs, mobile applications and the Cloud
This white paper provides a detailed overview of how Layer 7’s API Gateways empower enterprises to address the challenges of dealing with identity silos, via identity federation and SSO.
Delivers token mapping and translation at wire speed via dedicated acceleration
Allows for implementation inline or as an end-point service
Combines caching with token translation to minimize delays in token processing
Includes out-of-the-box SSO capabilities for popular SaaS applications such as Salesforce
Supports leading SSO products from Sun, Oracle, CA, Tivoli, RSA and Novell
Includes comprehensive, policy-based message- and API-level security
The Layer 7 Security Token Service supports:
The Layer 7 STS also supports integration with a wealth of identity, access, SSO and federation systems, including:
The STS additionally supports a range of authentication protocols, including: