Slide 1                                                                      Slide 1Authentication Server (OAuth2 or simil...
Slide 2AuthenticationServer        Abhishek Chikane
Slide 3  Story                           Active Directory       User Id- Password                       User InfoApp1     ...
Slide 4  Story – Current Activities                           Active Directory       User Id- Password                    ...
Slide 5Story – Protected Resources                        Active Directory    User Id- Password                      User ...
Slide 6      Scenario - OneCCI Connect is the name given to Authentication Server
Slide 7      Scenario - TwoCCI Connect is the name given to Authentication Server
Slide 8Scenario - Three
Slide 9  Why              ? Used for      Authentication   Authentication   Authorization To share         Identity       ...
Slide 10Why   1.0 ?              1.0
Slide 11Architecture               OAuth 1.0HTTP                         LDAP       App 1                     CCI         ...
Slide 12          Communication – First time loginBrowser                            App 1                          CCI Co...
Slide 13          Communication – Remembered UserBrowser                           App 1                          CCI Conn...
Slide 14Features     Security     • OAuth1.0     Control     • Centralized authentication process     • Centralized contro...
Slide 15Features in detail…     Security     • For each access third party app has to follow OAuth1.0       protocol     •...
Slide 16Technologies Used                              • CAS • Java based OAuth 1.0       • JOSSO   service provider libra...
Slide 22         Slide 17Thanks
Upcoming SlideShare
Loading in …5
×

Authentication Server

664 views

Published on

The objective of this presentation is to implement an Authentication provider that can be used simply to authenticate users only once. This may be like the one you use for authenticating yourself on Facebook, LinkedIn, or Google.

The authentication should be Web-based and/or API-based and should authenticate against our LDAP Server.

This provider should also remember which third-party systems are authorized to authenticate against this server and what information, if any, shared.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
664
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Authentication Server

  1. 1. Slide 1 Slide 1Authentication Server (OAuth2 or similar) The objective of this presentation is to implement an Authentication provider that can be used simply to authenticate users only once. This may be like the one you use for authenticating yourself on Facebook, LinkedIn, or Google. The authentication should be Web-based and/or API-based and should authenticate against our LDAP Server. This provider should also remember which third-party systems are authorized to authenticate against this server and what information, if any, shared. Authentication Client Once a user is authenticated, they should not be required to enter login details again in this system. If the user is not logged in, a login screen should be presented similar to Facebook connect or Google login. Authentication will be done on Authentication provider server and client will get no username/password ever.
  2. 2. Slide 2AuthenticationServer Abhishek Chikane
  3. 3. Slide 3 Story Active Directory User Id- Password User InfoApp1 App2 App3 Apps…
  4. 4. Slide 4 Story – Current Activities Active Directory User Id- Password User InfoApp1 App2 App3 Apps…
  5. 5. Slide 5Story – Protected Resources Active Directory User Id- Password User Info 21 App 3
  6. 6. Slide 6 Scenario - OneCCI Connect is the name given to Authentication Server
  7. 7. Slide 7 Scenario - TwoCCI Connect is the name given to Authentication Server
  8. 8. Slide 8Scenario - Three
  9. 9. Slide 9 Why ? Used for Authentication Authentication Authorization To share Identity Identity Data How it is Centralized Decentralized Centralized handled? Consumer Optional No Yesregistration
  10. 10. Slide 10Why 1.0 ? 1.0
  11. 11. Slide 11Architecture OAuth 1.0HTTP LDAP App 1 CCI Connect Active Directory App 2
  12. 12. Slide 12 Communication – First time loginBrowser App 1 CCI Connect Active Directory Login with CCI Connect Get Request Token Request Token Authorize Redirect to CCI Connect Auth. Page Send Username – Password for Auth. Authenticate User Auth. Result Access Token Access resources Resource data to Callback Redirect to App1 page OAuth 1.0 HTTP LDAP
  13. 13. Slide 13 Communication – Remembered UserBrowser App 1 CCI Connect Active Directory Login with CCI Connect Get Request Token Request Token Authorize Access Token Access resources Resource data to Callback Redirect to App1 page OAuth 1.0 HTTP LDAP
  14. 14. Slide 14Features Security • OAuth1.0 Control • Centralized authentication process • Centralized controlling of shared Active Directory protected resources Flexibility and Ease of Use • Third party apps can use any OAuth1.0 client API
  15. 15. Slide 15Features in detail… Security • For each access third party app has to follow OAuth1.0 protocol • Uses HMAC – SHA1 • No user password is shared with third party app Control • User can revoke access to remembered browsers from CCI connect • Third party apps can be registered or removed • Activity monitoring on CCI connect Flexibility and Ease of Use • No need to use HTTPS to implement OAuth protocol • All data returned from CCI connect is in JSON format in case of successful authentication
  16. 16. Slide 16Technologies Used • CAS • Java based OAuth 1.0 • JOSSO service provider library • Spring Security Framework Extension
  17. 17. Slide 22 Slide 17Thanks

×