Mobile	
  Single	
  Sign-­‐On:	
  
Extending	
  SSO	
  Out	
  To	
  
The	
  Client	
  
July	
  11,	
  2013	
  
K.	
  Sco'	...
Copyright © 2013 CA. All rights reserved. 	
  
Our	
  Problem:	
  Secure	
  Mobile	
  Access	
  to	
  Apps	
  and	
  Data	...
Copyright © 2013 CA. All rights reserved. 	
  
We	
  Want	
  Classic	
  SSO	
  In	
  An	
  Ac;ve	
  Profile	
  For	
  REST	...
Copyright © 2013 CA. All rights reserved. 	
  
But	
  We	
  Also	
  Want	
  Local	
  App	
  SSO	
  
Single Sign On App Gro...
Copyright © 2013 CA. All rights reserved. 	
  
App	
  layer	
  
Persistence	
  layer	
  
Mobile	
  OS	
  Isola;on	
  is	
 ...
Layer	
  7	
  Technologies	
  Overview	
  
Mo;va;ons:	
  Many	
  of	
  our	
  customers	
  have	
  architectures	
  like	
...
Layer	
  7	
  Technologies	
  Overview	
  
Na;ve	
  Single	
  Sign-­‐On	
  SDK	
  For	
  Mobile	
  Developers	
  
Enterpri...
Copyright © 2013 CA. All rights reserved. 	
  
Three	
  Importance	
  En;;es	
  
A A B C
Device	
  
App	
  
User	
  
Layer	
  7	
  Technologies	
  Overview	
  
Self	
  Service:	
  User	
  should	
  be	
  able	
  to	
  log	
  out	
  if	
  d...
Layer	
  7	
  Technologies	
  Overview	
  
Strategy	
  
A B C
username/password	
  
ID	
  Token	
  
Access	
  Token/
Refre...
Layer	
  7	
  Technologies	
  Overview	
  
Overall	
  Architecture	
  
Copyright	
  ©	
  2012	
  CA.	
  All	
  rights	
  r...
Copyright © 2013 CA. All rights reserved. 	
  
Register	
  device,	
  streamlined,	
  first	
  usage	
  
Copyright © 2013 CA. All rights reserved. 	
  
Request	
  an	
  access_token	
  using	
  JWT	
  (SSO)	
  
Copyright © 2013 CA. All rights reserved. 	
  
Administra;on	
  of	
  Tokens	
  
Demo	
  
QuesDons?	
  
K.	
  ScoT	
  Morrison	
  
	
  
smorrison@layer7.com	
  
(604)	
  681-­‐9377	
  
	
  
Upcoming SlideShare
Loading in...5
×

CIS13: Mobile Single Sign-On: Extending SSO Out to the Client

646

Published on

Scott Morrison, Chief Technology Officer, Layer7
Think SSO is just about reducing logins across servers? Think again. In the mobile world, the new twist is sharing sessions across mobile apps on a device. Learn how technologies like OAuth and OpenID Connect can be leveraged by native apps to achieve MSSO.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
646
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CIS13: Mobile Single Sign-On: Extending SSO Out to the Client

  1. 1. Mobile  Single  Sign-­‐On:   Extending  SSO  Out  To   The  Client   July  11,  2013   K.  Sco'  Morrison   Senior  Vice  President  and  DisDnguished  Engineer  
  2. 2. Copyright © 2013 CA. All rights reserved.   Our  Problem:  Secure  Mobile  Access  to  Apps  and  Data   How Do We Make APIs Available? ü  Secure Transmission ü  Authentication, Authorization & SSO ü  Firewall mazes ü  Diversity of back end systems ü  Clients and servers change at different rates Enterprise Network API/Service Client API/Service Servers Firewall 2 Firewall 1 Internet Directory
  3. 3. Copyright © 2013 CA. All rights reserved.   We  Want  Classic  SSO  In  An  Ac;ve  Profile  For  REST   Could leverage WS-Fed here ü  SAML’s second act? API/Service Servers Apps making RESTful API calls Internet Directory
  4. 4. Copyright © 2013 CA. All rights reserved.   But  We  Also  Want  Local  App  SSO   Single Sign On App Group (these apps will share sign- on sessions) A B C API/Service Servers So now it’s getting interesting…
  5. 5. Copyright © 2013 CA. All rights reserved.   App  layer   Persistence  layer   Mobile  OS  Isola;on  is  an  issue   Silos  
  6. 6. Layer  7  Technologies  Overview   Mo;va;ons:  Many  of  our  customers  have  architectures  like   this   Gateway Cluster at Edge of Network ü  DMZ deployment ü  Hardware appliance, virtual appliance or software Enterprise Network API/Service Servers … Firewall 2 Firewall 1 Partners Mobile Devices Cloud SSG Cluster API/Service Client Directory
  7. 7. Layer  7  Technologies  Overview   Na;ve  Single  Sign-­‐On  SDK  For  Mobile  Developers   Enterprise Network iPhone Android iPad App-sharable Secure Key Store One time PIN SMS, APNS, call API Servers Strong Security for Mobile Apps ü  Cross-platform and built for a consumer or BYOD world ü  100% Standards-based using OAuth+OpenID Connect ü  X-app SSO with multi-factor auth & secure channel ü  X.509 Certificate provisioning for strong auth and transaction signing Standards-based
  8. 8. Copyright © 2013 CA. All rights reserved.   Three  Importance  En;;es   A A B C Device   App   User  
  9. 9. Layer  7  Technologies  Overview   Self  Service:  User  should  be  able  to  log  out  if  device  is  lost   or  stolen   Copyright  ©  2012  CA.  All  rights  reserved.  
  10. 10. Layer  7  Technologies  Overview   Strategy   A B C username/password   ID  Token   Access  Token/ Refresh  Token   Per  app   Authorization Server OAuth + OpenID Connect ü  Profiled for mobile ü  Clear distinction between device, user and app
  11. 11. Layer  7  Technologies  Overview   Overall  Architecture   Copyright  ©  2012  CA.  All  rights  reserved.  
  12. 12. Copyright © 2013 CA. All rights reserved.   Register  device,  streamlined,  first  usage  
  13. 13. Copyright © 2013 CA. All rights reserved.   Request  an  access_token  using  JWT  (SSO)  
  14. 14. Copyright © 2013 CA. All rights reserved.   Administra;on  of  Tokens  
  15. 15. Demo  
  16. 16. QuesDons?   K.  ScoT  Morrison     smorrison@layer7.com   (604)  681-­‐9377    
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×