CIS13: Mobile Single Sign-On: Extending SSO Out to the Client
Upcoming SlideShare
Loading in...5
×
 

CIS13: Mobile Single Sign-On: Extending SSO Out to the Client

on

  • 674 views

Scott Morrison, Chief Technology Officer, Layer7 ...

Scott Morrison, Chief Technology Officer, Layer7
Think SSO is just about reducing logins across servers? Think again. In the mobile world, the new twist is sharing sessions across mobile apps on a device. Learn how technologies like OAuth and OpenID Connect can be leveraged by native apps to achieve MSSO.

Statistics

Views

Total Views
674
Views on SlideShare
674
Embed Views
0

Actions

Likes
0
Downloads
15
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

CIS13: Mobile Single Sign-On: Extending SSO Out to the Client CIS13: Mobile Single Sign-On: Extending SSO Out to the Client Presentation Transcript

  • Mobile  Single  Sign-­‐On:   Extending  SSO  Out  To   The  Client   July  11,  2013   K.  Sco'  Morrison   Senior  Vice  President  and  DisDnguished  Engineer  
  • Copyright © 2013 CA. All rights reserved.   Our  Problem:  Secure  Mobile  Access  to  Apps  and  Data   How Do We Make APIs Available? ü  Secure Transmission ü  Authentication, Authorization & SSO ü  Firewall mazes ü  Diversity of back end systems ü  Clients and servers change at different rates Enterprise Network API/Service Client API/Service Servers Firewall 2 Firewall 1 Internet Directory
  • Copyright © 2013 CA. All rights reserved.   We  Want  Classic  SSO  In  An  Ac;ve  Profile  For  REST   Could leverage WS-Fed here ü  SAML’s second act? API/Service Servers Apps making RESTful API calls Internet Directory View slide
  • Copyright © 2013 CA. All rights reserved.   But  We  Also  Want  Local  App  SSO   Single Sign On App Group (these apps will share sign- on sessions) A B C API/Service Servers So now it’s getting interesting… View slide
  • Copyright © 2013 CA. All rights reserved.   App  layer   Persistence  layer   Mobile  OS  Isola;on  is  an  issue   Silos  
  • Layer  7  Technologies  Overview   Mo;va;ons:  Many  of  our  customers  have  architectures  like   this   Gateway Cluster at Edge of Network ü  DMZ deployment ü  Hardware appliance, virtual appliance or software Enterprise Network API/Service Servers … Firewall 2 Firewall 1 Partners Mobile Devices Cloud SSG Cluster API/Service Client Directory
  • Layer  7  Technologies  Overview   Na;ve  Single  Sign-­‐On  SDK  For  Mobile  Developers   Enterprise Network iPhone Android iPad App-sharable Secure Key Store One time PIN SMS, APNS, call API Servers Strong Security for Mobile Apps ü  Cross-platform and built for a consumer or BYOD world ü  100% Standards-based using OAuth+OpenID Connect ü  X-app SSO with multi-factor auth & secure channel ü  X.509 Certificate provisioning for strong auth and transaction signing Standards-based
  • Copyright © 2013 CA. All rights reserved.   Three  Importance  En;;es   A A B C Device   App   User  
  • Layer  7  Technologies  Overview   Self  Service:  User  should  be  able  to  log  out  if  device  is  lost   or  stolen   Copyright  ©  2012  CA.  All  rights  reserved.  
  • Layer  7  Technologies  Overview   Strategy   A B C username/password   ID  Token   Access  Token/ Refresh  Token   Per  app   Authorization Server OAuth + OpenID Connect ü  Profiled for mobile ü  Clear distinction between device, user and app
  • Layer  7  Technologies  Overview   Overall  Architecture   Copyright  ©  2012  CA.  All  rights  reserved.  
  • Copyright © 2013 CA. All rights reserved.   Register  device,  streamlined,  first  usage  
  • Copyright © 2013 CA. All rights reserved.   Request  an  access_token  using  JWT  (SSO)  
  • Copyright © 2013 CA. All rights reserved.   Administra;on  of  Tokens  
  • Demo  
  • QuesDons?   K.  ScoT  Morrison     smorrison@layer7.com   (604)  681-­‐9377