Purpose built, generic Single Sign On framework
The Asimba application was designed to provide a framework for authentication and authorization, and while doing so, support all the protocols that are required to be able to integrate Asimba into a custom environment. It is not an application “that also does SSO”, it is not a library that you can use to roll your own Identity Provider front-end, but instead, Asimba was designed to do Authentication and Authorization, and do it in the best possible way.
More than 10 years of experience went into the development of Asimba.
Almost every part of Asimba can be extended or customized, because of the modular architecture of the application. Asimba consists of a core, that uses components to perform actual functionality. There are multiple components readily available that can be used or modified, or new components can be implemented to provide the missing functionality.
Created as J2EE Web Application
The Asimba SSO server is developed as J2EE Web Application, and can be deployed inside a J2EE Application Server. This proven technology is the foundation for a stable, flexible and scalable deployment platform.
Asimba is prepared and is already been deployed in load-balanced environments, thereby able to scale to meet different load and availability requirements.
The Asimba repository is managed through Maven, making it easy to integrated in custom deployments.
Single Sign On
Identification Transaction Pipeline
Throughout Asimba, an internal pipeline guides the process of creating an response to a request. The pipeline consists of different stages, like authorizing a request, authenticating a user, authorizing a user, retrieving user attributes, etc. All the stages of the Identification Pipeline are configurable components for each deployment, offering maximum flexibility for integrating Asimba in multiple environments.
Pluggable Protocol Front-Ends
A Single Sign On protocol, like SAML, A-Select or OpenID, can be configured for your custom endpoints, and multiple configurations can be configured within a single Asimba instance.
The SAML2 IDP Profile allows Asimba to act as a SAML2 Identity Provider. When also using the SAML2 Authentication Method, Asimba can be deployed as a full featured SAML2 Proxy.
The following SAML profiles are supported:
- Web SSO
- Single Logout
- Artifact Resolution
Some of the supported SAML2 features are:
- AuthnContext linked to Authentication Profiles
- Support for behavior as SAML2 Proxy
- Support for Passive AuthnRequest
To authenticate a user, an authentication profile is executed. An authentication profile can consist of multiple authentication methods that are executed sequentically, to ensure an authenticated user.
All authentication methods are extensible and can be implemented for every custom environment. Included with the baseline Asimba distribution, are the following authentication methods:
Multiple backends are supported, among which:
- JDBC for database backed userstore
- JNDI for LDAP backed userstore
- RADIUS for using an existing Radius server
- File backed (asimba-users.xml) for small deployments
- htaccess backed for reusing existing managed identities
- Guest for testing or allowing guest accounts
- Identifying for development purposes
One Time Password Authentication
Support for SMS based distribution of One Time Passwords. Includes out-of-the-box support for using the CM Gateway (Asimba partner)
Remote or Federated Authentication
- Remote A-Select authentication
- Remote SAML2 authentication
X.509 Client Certificates
Support for implementing custom X.509 Client Certificates for authentication is available in a concept implementation. If interested, please contact Asimba.
Basic IP-address limited authorization. Extensible for implementing custom authorization rules that can be based on attributes or context.