简体繁体 English

IBM Tivoli Access Manager与Tivoli Federated Identity Manager

[英]IBM Tivoli access manager vs Tivoli Federated identity manager

原文 2015-03-10 14:16:12 5 3 saml/ tivoli/ tivoli-identity-manager

Can someone please explain the major differences between IBM Tivoli Access Manager and Tivoli Federated Identity Manager? 有人可以解释一下IBM Tivoli Access Manager和Tivoli Federated Identity Manager之间的主要区别吗？ Does TAM support SAML? TAM是否支持SAML？

3 个解决方案

Updated Answer: SAML is now supported with ISAM v9. 更新的答案：ISAM v9现在支持SAML。

The names and versions of the products have been updated/changed. 产品的名称和版本已更新/更改。 Basically, TFIM and TAM are now old names and products. 基本上，TFIM和TAM现在是旧名称和产品。 All of the functionality and code of TFIM has been rolled into to ISAM v9. TFIM的所有功能和代码已集成到ISAM v9中。 ISAM v9 now has Web, AAC, and Federation components. ISAM v9现在具有Web，AAC和联合身份验证组件。 (ISAM v8 did not have the Federation componentm ISAM 8 only had Web and Mobile) （ISAM v8不具有联合身份验证组件，而ISAM 8仅具有Web和移动设备）

ISAM 9 Web - reverse proxy that handles authentication/authorization to back-end web servers ISAM 9 Web-反向代理，用于处理对后端Web服务器的身份验证/授权
ISAM 9 AAC (Advanced Access Control) - more advanced authorization functions tailored toward mobile devices like device fingerprinting, geolocation awareness, and IP reputation ISAM 9 AAC （高级访问控制）-针对移动设备量身定制的更高级的授权功能，例如设备指纹，地理位置识别和IP信誉
ISAM 9 Federation - all the old TFIM code with updates ISAM 9联合身份验证-所有带有更新的旧TFIM代码

old Tivoli Access Manager (TAM) -> new IBM Security Access Manager (ISAM) 旧的Tivoli Access Manager（TAM）->新的IBM Security Access Manager（ISAM）
old Tivoli Federated Identity Manager -> new ISAM v9 Federation 旧的Tivoli Federated Identity Manager->新的ISAM v9联合身份验证

I will elaborate a bit more since nzpcmad 's answer fails to address TFIM at all. 由于nzpcmad的答案根本无法解决TFIM，因此我将详细说明。

IBM Tivoli Access Manager ( now IBM Security Access Manager) handles the authentication and authorization part of your IAM infastructure. IBM Tivoli Access Manager（现在为IBM Security Access Manager）处理IAM基础结构的认证和授权部分。

IBM Tivoli Federated Identity Manager allows for federated and web Single Sign On. IBM Tivoli Federated Identity Manager允许进行联合和Web单点登录。 It can be used with ISAM, for example in a scenario that ISAM delegates the authentication part to TFIM for certain resources/cases. 它可以与ISAM一起使用，例如，在某些情况下，例如ISAM将身份验证部分委托给TFIM的情况下。

ISAM does not speak SAML by itself, but it can leverage TFIM that does. ISAM本身并不讲SAML，但它可以利用TFIM讲。

Other than that, you would have to ask something more specific in order to get concrete answers. 除此之外，您还必须问一些更具体的问题才能获得具体答案。

In general, an Identity Manager provisions users into an identity repository eg AD / LDAP. 通常，Identity Manager将用户置备到身份存储库中，例如AD / LDAP。 It also provides password self-service etc. The provisioning includes user attributes and roles. 它还提供密码自助服务等。供应包括用户属性和角色。

An Access Manager provides authentication (using the identity repository) and authorization based on the users attributes, roles and credentials provisioned by the Identity Manager. Access Manager根据Identity Manager提供的用户属性，角色和凭据提供身份验证（使用身份存储库）和授权。