OpenID Connect: The new standard for connecting to your Customers, Partners, Apps, and Devices Webinar
Upcoming SlideShare
Loading in...5
×
 

OpenID Connect: The new standard for connecting to your Customers, Partners, Apps, and Devices Webinar

on

  • 2,645 views

With the proliferation of cloud applications, mobile devices, and the need to connect to external users, IT organizations are increasingly challenged with how to manage and gain transparency into user ...

With the proliferation of cloud applications, mobile devices, and the need to connect to external users, IT organizations are increasingly challenged with how to manage and gain transparency into user access to systems and applications. As your organization looks to deploy Identity in the cloud, it’s critical that this is backed by open-standards.

In this webinar, Chuck Mortimore, Pat Patterson, and Ian Glazer will give you a broad overview of how OpenID Connect can help better connect you with your customers, partners, apps, and devices

Key Takeaways
Get introduced to OpenID Connect, learn how it builds on top of OAuth, and discover why it’s an important new standard for your organization
Consume OpenID Connect from popular Identity providers with Social Sign-On
Provide a single, branded Identity to your own users and applications using OpenID Connect
Use OpenID Connect to easily build Identity-enabled mobile applications
Plan for the next generation of connected devices

Intended Audience
This webinar is aimed at a technical audience of administrators, developers, architects and business analysts who are wishing to learn more about Identity and Standards

Statistics

Views

Total Views
2,645
Views on SlideShare
1,203
Embed Views
1,442

Actions

Likes
11
Downloads
76
Comments
0

5 Embeds 1,442

https://developer.salesforce.com 1218
http://events.developerforce.com 116
https://twitter.com 105
http://developer.salesforce.com 2
https://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

OpenID Connect: The new standard for connecting to your Customers, Partners, Apps, and Devices Webinar OpenID Connect: The new standard for connecting to your Customers, Partners, Apps, and Devices Webinar Presentation Transcript

  • OpenID Connect The new standard for connecting to your Customers, Partners, Apps, and Devices April 9, 2014
  • #forcewebinar Safe Harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of intellectual property and other litigation, risks associated with possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non- salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-Q for the most recent fiscal quarter ended July 31, 2012. This documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
  • #forcewebinar Speakers Pat Patterson Developer Evangelist Architect @metadaddy Chuck Mortimore Vice President, Identity @cmort Ian Glazer Senior Director, Identity @iglazer
  • #forcewebinar Follow Developer Force for the Latest News @forcedotcom / #forcewebinar Developer Force – Force.com Community +Developer Force – Force.com Community Developer Force Developer Force Group
  • #forcewebinar Agenda §  Introduction §  Overview §  Demo §  Protocol §  Roadmap
  • #forcewebinar Have Questions? §  We have an expert support team at the ready to answer your questions during the webinar. §  Ask your questions via the GoToWebinar Questions Pane. §  The speaker(s) will chose top questions to answer live at the end of the webinar. §  Please post your questions as we go along! §  Only post your question once; we’ll get to it as we go down the list.
  • Introduction: Ian Glazer
  • OpenID Connect: What is it?
  • #forcewebinar Chapter 1: OpenID Connect §  Authenticate users without having to get your hands dirty with passwords §  Learn about the person using your service using modern identity tools §  Informed by a long history of identity standards §  Based on OAuth2
  • #forcewebinar Why should I care about OpenID Connect? Identity Professionals Developers Business § Focus on business enablement § OIDC is SAML for our RESTful web-oriented architecture world § Support use cases the business cares about including mobile and social § Focus on the awesome – the user journey § Don’t have to deal with username, passwords, PKI, and LDAP § Strong credentials without all the mess § Engage with internal and external customers § Make it easier for customers to interact with you § Avoids having to issue your customers yet another set of credentials
  • #forcewebinar Where identity and access management got started Identity
  • #forcewebinar Identity And then cloud and mobile happened
  • #forcewebinar Identity Customers Partners Products Where we must go
  • #forcewebinar Use-Cases Mobile Apps & Connected ProductsSocial Sign-On
  • OpenID Connect Stack
  • OpenID Connect Stack
  • Too much? Start with the Basic Client Just read this: http://openid.net/specs/openid-connect-basic-1_0.html
  • Or better yet… just use the Salesforce1 platform OpenID Connect Relying Party Authentication Provider (the Client Side) OpenID Connect Provider Connected Apps (the Server Side)
  • OpenID Connect: How Does it Work?
  • #forcewebinar OpenID Connect – Basic Client Profile End-UserClient Auth Server Authorization Request https://login.salesforce.com/services/oauth2/authorize?! response_type=code&! client_id=3MVG9lKcPoNINVBLWJnB_Y...Lsn&! redirect_uri=https%3A%2F%2Fwww.example.com%2Foauth %2Fcallback&! state=BLAH_BLAH_BLAH! Redirect with Authz Request
  • #forcewebinar OpenID Connect – Basic Client Profile End-UserClient Auth Server Authenticate End-User Credentials/Constent Redirect to Client Authorization Response Redirect with Authz Request Authorization Request https://www.example.com/oauth/callback/?! state=BLAH_BLAH_BLAH&! code=aPrxsmIEeqM9PiSOCErbySxQvb...5sdWyjE.DG_TNeow==!
  • #forcewebinar OpenID Connect – Basic Client Profile End-UserClient Auth Server Authenticate End-User Credentials/Constent Redirect to Client Authorization Response Token Request Redirect with Authz Request POST /services/oauth2/token HTTP/1.1! Host: login.salesforce.com! Content-Type: application/x-www-form-urlencoded! ! grant_type=authorization_code&! code=aPrxsmIEeqM9PiSOCErbySxQvb...5sdWyjE.DG_TNeow==&! client_id=3MVG9lKcPoNINVBLWJnB_Y...Lsn&! client_secret={client_secret}&! redirect_uri=https%3A%2F%2Fwww.example.com%2Foauth %2Fcallback!
  • #forcewebinar OpenID Connect – Basic Client Profile End-UserClient Auth Server Authenticate End-User Credentials/Constent Redirect to Client Authorization Response Token Request Token Response Redirect with Authz Request Authorization Request {! "id": "https://login.salesforce.com/id/ 00Dx0000000A9y0EAC/005x0000000UnYmAAK",! "issued_at": "1396919485288",! "scope": "id full api openid refresh_token chatter_api",! "instance_url": "https://na1.salesforce.com",! "token_type": "Bearer",! "access_token": "00D...u7Bpj72Q.SVBtEBjMK9kLPJWQibME_5M”, ! "refresh_token": "5Aep8614iLM.D...1UAD1OoIkStoE7T",! "id_token": "eyJ...fDXFOfHr0h02sn32pkyN6UPkQr.n_3YkyGEar
 GSlP5ptcTaroqMxZJvodKc1Y693SJPL2u...CeS8x.1F_zeFx8cEA6HEK",! "signature": "z9F5OBkazrIOy/i7mQ7kZwBkEVHBxjb8+5XPvnlk=",! }!
  • #forcewebinar OpenID Connect – Basic Client Profile End-UserClient Auth Server Authenticate End-User Credentials/Constent Redirect to Client Authorization Response Token Request Token Response Redirect with Authz Request Authorization Request {! "exp": 1396919605,! "sub": "https://login.salesforce.com/id/ 00Dx0000000A9y0EAC/005x0000000UnYmAAK",! "aud": "3MVG9lKcPoNINVBLWJnB_Y...Lsn",! "iss": "https://login. salesforce.com",! "iat": 1396919485! }!
  • #forcewebinar OpenID Connect – Basic Client Profile End-UserClient Auth Server Authenticate End-User Credentials/Constent Redirect to Client Authorization Response Token Request Token Response UserInfo Request Redirect with Authz Request Authorization Request GET /services/oauth2/userinfo HTTP/1.1! Host: login.salesforce.com! Authorization: Bearer 00D...u7Bpj72Q.SBtEBjMK9kLPJWQibME_5M!
  • #forcewebinar OpenID Connect – Basic Client Profile End-UserClient Auth Server Authenticate End-User Credentials/Constent Redirect to Client Authorization Response Token Request Token Response UserInfo Request UserInfo Response Redirect with Authz Request Authorization Request {! "sub": "https://login.salesforce.com/id/00Dx0000000A9y0EAC/ 005x0000000UnYmAAK",! "user_id": "005x0000000UnYmAAK",! "organization_id": "00Dx0000000A9y0EAC",! "preferred_username": ”user@example.com",! "nickname": ”user",! "name": "Pat Patterson",! "email": "user@example.com",! "email_verified": true,! "given_name": "Pat",! "family_name": "Patterson",! ...! }!
  • OpenID Connect: How do I get started?
  • #forcewebinar OpenID Connect Stack within Salesforce Auth. Providers ConnectedApps § Client side implementation –  Oauth & OpenID Connect § Configure our client, to become your app, with any provider § Fine-grained control over –  just-in-time provisioning –  account linking § Server Side Implementation §  Oauth & OpenID Connect (and SAML and Canvas) § Configure your client, to talk to our services, using your brand or ours § Fine-grained control over –  Authorization –  Authentication Levels –  Refresh Token Decay –  Application Policy –  Attributes
  • OpenID Connect: What can I build?
  • Acquire Customers With Social Sign-On
  • Run your own Social Sign-On
  • Rapidly Build & Deploy Mobile Apps
  • OpenID Connect: What’s New?
  • #forcewebinar What’s New? §  OpenID Connect Services –  Standard schema via User Profile service –  Signature based client authentication –  Custom Attributes §  ID Tokens –  Signed JWT –  Key Endpoint
  • OpenID Connect: What’s Next?
  • #forcewebinar What’s Next? §  Custom Permissions –  Define your own Permissions –  Manage your Authorization Model using Profile and Permission Sets §  Customizable ID Tokens –  Identity for the Internet of Things –  Combine Device Identity with Customer Identity –  Design Center •  Scalable •  Offline •  Spectrum of Authentication •  Fine Scoping and Delegation
  • OpenID Connect: How do I learn more?
  • #forcewebinar Resources §  Digging Deeper into Oauth 2.0 on Force.com –  http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com §  Inside OpenID Connect –  http://wiki.developerforce.com/page/Inside_OpenID_Connect_on_Force.com §  OpenID Connect Playground –  https://openidconnect.herokuapp.com §  Videos: –  Social Sign-On: http://www.youtube.com/watch?v=D0YUTb-w1Yc –  Mobile Access Management: http://www.youtube.com/watch?v=UYDdmWhiwYw
  • Survey Your feedback is crucial to the success of our webinar programs. Thank you! http://bit.ly/openidsurvey #forcewebinar
  • Q & A #forcewebinar Pat Patterson Developer Evangelist Architect @metadaddy Chuck Mortimore Vice President, Identity @cmort Ian Glazer Senior Director, Identity @iglazer