Case Study: Utilizing OpenIDM with an External AJAX Interface
Upcoming SlideShare
Loading in...5
×
 

Case Study: Utilizing OpenIDM with an External AJAX Interface

on

  • 585 views

Breakout Session presented by Rob Jackson, Identity Solutions Architect at Nulli at the 2014 IRM Summit in Phoenix, Arizona

Breakout Session presented by Rob Jackson, Identity Solutions Architect at Nulli at the 2014 IRM Summit in Phoenix, Arizona

Statistics

Views

Total Views
585
Views on SlideShare
342
Embed Views
243

Actions

Likes
0
Downloads
12
Comments
0

5 Embeds 243

http://www.nulli.com 169
http://nulli.com 55
http://www.slideee.com 16
http://nullisecundus.com 2
http://plus.url.google.com 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Case Study: Utilizing OpenIDM with an External AJAX Interface Case Study: Utilizing OpenIDM with an External AJAX Interface Presentation Transcript

  • Human Information Identity Management Identity Solution Architects Case Study: Utilizing OpenIDM with an External AJAX Interface 6/4/2014
  • Introduction Nulli oForgeRock Strategic Partner oOpenSource Contributors oIAM Specialists since 1997 oHQ in Calgary, AB, Canada Servicing North America
  • Whitepaper Consumer facing trend Available for download nulli.com blog Authored by Hadi Ahmadi / Sandeep Chaturvedi Based on current Customer o Requirements  IDP for public sector applications  Registration/verification  Self-service user functions o Detailed design was already complete o Interested in lightweight AJAX UI with REST API (Internet-facing)
  • CREST (Commons REST) Common REST API between products: oOpenIdM oOpenDJ oOpenAM
  • Implementing CREST Which API? oOverlap of functionality oStrong points Security? oInternet-facing? Middle Tier? oRequired? Gotchas
  • Which API? Overlap Example Create User • OpenAM »../json/users/?_action=regi ster • OpenIdM »../managed/user/ • OpenDJ »../users/newuser
  • Which API? CREST API Registration ProvisionLDAP Provision (Multiple Password PasswordReset OTP Auth’n& Customizable Workflow Policy/Validati Configuration SelfService Data Federation OpenAM X X X X X X X X X OpenIdM X X X X X X X X X X X OpenDJ X X X X
  • Which API? - Summary OpenIdM oWorkflow oMultiple Data Stores oMost Flexible OpenAM oAuthentication/Authorization OpenDJ oMore System->System
  • Security? Reverse Proxy/Secure Gateway o Reduce ‘Attack’ Surface o Control generalized API patterns POST ../?action=something API Policies (OpenIdM) Authenticated vs Anonymous o Token/UID+PWD o OpenIdM protected by OpenAM XSS/CORS JSON Sanitization (embedded scripts, etc)
  • Middle Tier? Business Logic oMultiple calls behind Token authentication DMZ presence Anonymous links from emails Host non-identity contents oCountry/city lists, etc oLanding pages/UI host CAPTCHA
  • Gotchas OpenIdM (Jetty) Protected by OpenAM oCan’t use OOTB Anonymous user Returning detailed user status from OpenAM Authentication REST API (Active/Inactive) oMultiple calls oAuthentication plugin? Functionality in OpenAM not as flexible oOpenIdM custom end points
  • Architecture
  • P C Robert Jackson Identity Architect rjackson@nulli.com (403) 869-3313 (403) 648-0909 Questions?