CIS13: Mobile Single Sign-On: Extending SSO Out to the Client

  • 560 views
Uploaded on

Scott Morrison, Chief Technology Officer, Layer7 …

Scott Morrison, Chief Technology Officer, Layer7
Think SSO is just about reducing logins across servers? Think again. In the mobile world, the new twist is sharing sessions across mobile apps on a device. Learn how technologies like OAuth and OpenID Connect can be leveraged by native apps to achieve MSSO.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
560
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
20
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Mobile  Single  Sign-­‐On:   Extending  SSO  Out  To   The  Client   July  11,  2013   K.  Sco'  Morrison   Senior  Vice  President  and  DisDnguished  Engineer  
  • 2. Copyright © 2013 CA. All rights reserved.   Our  Problem:  Secure  Mobile  Access  to  Apps  and  Data   How Do We Make APIs Available? ü  Secure Transmission ü  Authentication, Authorization & SSO ü  Firewall mazes ü  Diversity of back end systems ü  Clients and servers change at different rates Enterprise Network API/Service Client API/Service Servers Firewall 2 Firewall 1 Internet Directory
  • 3. Copyright © 2013 CA. All rights reserved.   We  Want  Classic  SSO  In  An  Ac;ve  Profile  For  REST   Could leverage WS-Fed here ü  SAML’s second act? API/Service Servers Apps making RESTful API calls Internet Directory
  • 4. Copyright © 2013 CA. All rights reserved.   But  We  Also  Want  Local  App  SSO   Single Sign On App Group (these apps will share sign- on sessions) A B C API/Service Servers So now it’s getting interesting…
  • 5. Copyright © 2013 CA. All rights reserved.   App  layer   Persistence  layer   Mobile  OS  Isola;on  is  an  issue   Silos  
  • 6. Layer  7  Technologies  Overview   Mo;va;ons:  Many  of  our  customers  have  architectures  like   this   Gateway Cluster at Edge of Network ü  DMZ deployment ü  Hardware appliance, virtual appliance or software Enterprise Network API/Service Servers … Firewall 2 Firewall 1 Partners Mobile Devices Cloud SSG Cluster API/Service Client Directory
  • 7. Layer  7  Technologies  Overview   Na;ve  Single  Sign-­‐On  SDK  For  Mobile  Developers   Enterprise Network iPhone Android iPad App-sharable Secure Key Store One time PIN SMS, APNS, call API Servers Strong Security for Mobile Apps ü  Cross-platform and built for a consumer or BYOD world ü  100% Standards-based using OAuth+OpenID Connect ü  X-app SSO with multi-factor auth & secure channel ü  X.509 Certificate provisioning for strong auth and transaction signing Standards-based
  • 8. Copyright © 2013 CA. All rights reserved.   Three  Importance  En;;es   A A B C Device   App   User  
  • 9. Layer  7  Technologies  Overview   Self  Service:  User  should  be  able  to  log  out  if  device  is  lost   or  stolen   Copyright  ©  2012  CA.  All  rights  reserved.  
  • 10. Layer  7  Technologies  Overview   Strategy   A B C username/password   ID  Token   Access  Token/ Refresh  Token   Per  app   Authorization Server OAuth + OpenID Connect ü  Profiled for mobile ü  Clear distinction between device, user and app
  • 11. Layer  7  Technologies  Overview   Overall  Architecture   Copyright  ©  2012  CA.  All  rights  reserved.  
  • 12. Copyright © 2013 CA. All rights reserved.   Register  device,  streamlined,  first  usage  
  • 13. Copyright © 2013 CA. All rights reserved.   Request  an  access_token  using  JWT  (SSO)  
  • 14. Copyright © 2013 CA. All rights reserved.   Administra;on  of  Tokens  
  • 15. Demo  
  • 16. QuesDons?   K.  ScoT  Morrison     smorrison@layer7.com   (604)  681-­‐9377