Building an SSO platform in PHP (Zend Webinar Edition)

  • 11,852 views
Uploaded on

I did a Webinar for Zend on March 31st, 2011 about Single Sign On. In this presentation I covered openid, oauth and saml as suitable implementations for single sign on to web applications.

I did a Webinar for Zend on March 31st, 2011 about Single Sign On. In this presentation I covered openid, oauth and saml as suitable implementations for single sign on to web applications.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • 16% of people took a first name as a password, often their own or one of their children, according to the study published by Information Week. Another 14% relied on the easiest keyboard combination to remember such as “1234” or “12345678”. But there is a safer way.

    Check www.smartsignin.com
    Are you sure you want to
    Your message goes here
  • If you're interested in the recording of this webinar, you can find it here: http://bit.ly/oYbMuL
    Are you sure you want to
    Your message goes here
  • I was expecting to see one ZF plugin to connect to saml.
    Symfony and other CMS are having this plugins.

    When are we going to have it into ZF???
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
11,852
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
0
Comments
3
Likes
22

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Building an SSO platform Ivo Jansch (@ijansch) - Egeniq March 31, 2011 - Zend WebinarThursday, March 31, 2011
  • 2. About Egeniq Startup Mobile Tech Knowledge Geeks DevelopmentThursday, March 31, 2011
  • 3. About Me @ijansch Developer Author Entreprenerd PHPThursday, March 31, 2011
  • 4. Single Sign On Why do we need it?Thursday, March 31, 2011
  • 5. We use many applications Your Your other corporate corporate application applicationThursday, March 31, 2011
  • 6. Across devices and locations Your Your other corporate corporate application applicationThursday, March 31, 2011
  • 7. A quick pollThursday, March 31, 2011
  • 8. Level 0 - One Password To Rule Them AllThursday, March 31, 2011
  • 9. 1 password to rule them all Your Your other corporate corporate application applicationThursday, March 31, 2011
  • 10. Level 1 - Shared Identity Using a single authentication backend for appsThursday, March 31, 2011
  • 11. Shared Identity LDAP Server Your Your other corporate corporate application applicationThursday, March 31, 2011
  • 12. Level 2 - OpenID Using OpenID for external Identity ManagementThursday, March 31, 2011
  • 13. OpenID Flow OpenID OpenID Consumer ProviderThursday, March 31, 2011
  • 14. OpenID Demo OpenID Consumer login.php OpenID Provider consume index.php .phpThursday, March 31, 2011
  • 15. Protecting the secretThursday, March 31, 2011
  • 16. Delegate to OpenID providerThursday, March 31, 2011
  • 17. Consume the responseThursday, March 31, 2011
  • 18. Caveats OpenID providers hesitant to be OpenID consumers No trust establishment between consumer and providerThursday, March 31, 2011
  • 19. Level 3 - OAuth Using OAuth for external IDM and authorizationThursday, March 31, 2011
  • 20. OAuth Flow OAuth OAuth Consumer ProviderThursday, March 31, 2011
  • 21. Landing adjusted for OAuthThursday, March 31, 2011
  • 22. OAuth ConfigurationThursday, March 31, 2011
  • 23. Delegate auth to TwitterThursday, March 31, 2011
  • 24. Consuming the responseThursday, March 31, 2011
  • 25. Level 4 - SAML Creating our own Identity ProviderThursday, March 31, 2011
  • 26. SAML Security Assertion Markup Language XML standard by OASIS Assertions contain: Proof of Identity Attributes Supports XML signatures and encryptionThursday, March 31, 2011
  • 27. SAML Flow Auth Backend (LDAP, ...) Service Identity Provider ProviderThursday, March 31, 2011
  • 28. SimpleSAMLphp Auth Backend (LDAP, ...) Identity Provider Simple Service SAML Provider SimpleSAMLPHP PHPThursday, March 31, 2011
  • 29. IDP SimpleSAMLphp setupThursday, March 31, 2011
  • 30. IDP Auth Source ConfigurationThursday, March 31, 2011
  • 31. IDP Hosted ConfigurationThursday, March 31, 2011
  • 32. IDP Remote ConfigurationThursday, March 31, 2011
  • 33. IDP Virtual Host Apache ConfigThursday, March 31, 2011
  • 34. Testing the IDPThursday, March 31, 2011
  • 35. SP SimpleSAMLphp setupThursday, March 31, 2011
  • 36. SP Auth Source ConfigurationThursday, March 31, 2011
  • 37. SP Remote ConfigurationThursday, March 31, 2011
  • 38. Back to our landing pageThursday, March 31, 2011
  • 39. Delegate auth to the IDPThursday, March 31, 2011
  • 40. Integrating 3d party apps Simplesamlphp is easy to integrateThursday, March 31, 2011
  • 41. Wordpress Plugin: http://wordpress.org/extend/plugins/simplesamlphp-authentication/Thursday, March 31, 2011
  • 42. MediaWiki Plugin: http://www.mediawiki.org/wiki/Extension:SAMLAuthThursday, March 31, 2011
  • 43. SugarCRM Plugin: didn’t work Problem: auth structure Solution: hacking the source Options: Contact me if you need to get SugarCRM to do SSO :-) Wait for SugarCRM 6.1, it contains a working SAML plugin (/via @smalyshev)Thursday, March 31, 2011
  • 44. Google Apps Requires Premier or Education Edition Configure SAML endpoint => Done! Docs: http://code.google.com/googleapps/domain/sso/ saml_reference_implementation.htmlThursday, March 31, 2011
  • 45. Google AppsThursday, March 31, 2011
  • 46. Making apps SSO ready Application Auth Plugin Start Logged in? Yes No Show Login Authenticate Site FormThursday, March 31, 2011
  • 47. Making apps SSO ready Application Auth Plugin Start Logged in? Yes No Show Login Authenticate Site FormThursday, March 31, 2011
  • 48. Making apps SSO ready Application Auth Plugin Start Logged in? Yes No Show Login Site Form AuthenticateThursday, March 31, 2011
  • 49. Making apps SSO ready Application Auth Plugin Start Logged in? No Yes Login Form Show Login Site Form AuthenticateThursday, March 31, 2011
  • 50. Conclusion What should you take away from this talk?Thursday, March 31, 2011
  • 51. In your next project... You will NOT create more userids !! You WILL use standard protocols !!Thursday, March 31, 2011
  • 52. Thank You ivo@egeniq.com http://www.egeniq.com @ijansch @egeniqThursday, March 31, 2011
  • 53. Credits Pictures used in this presentation are creative commons attribution licensed pictures. Here are the owners and the URLS where the originals can be found: ‘Multiple Padlock Farm Gate’ by Mike Baird - http://www.flickr.com/photos/mikebaird/2354116406/ ‘Love Locks’ by James Manners - http://www.flickr.com/photos/jmanners/443421045/ ‘Seguridad’ by Juan J. Martinez - http://www.flickr.com/photos/reidrac/4696900602/ ‘Hotel Keys by Henri Bergius - http://www.flickr.com/photos/bergie/3468886680/ ‘OAuth Shiny’ by Chris Messina - http://www.flickr.com/photos/factoryjoe/3343062926/ ‘Take a number please’ by Andres Rueda - http://www.flickr.com/photos/andresrueda/3259487071/ ’38/365 Puzzled’ by Mykl Roventine - http://www.flickr.com/photos/myklroventine/3261364899/ ‘Visiting Portage’ by Jeremy Bronson - http://www.flickr.com/photos/jbrons/4444017497/ ‘_dsc8037’ by Sergey Vladimirov - http://www.flickr.com/photos/vlsergey/4138735474/ Application logo’s and other icons have been used under the assumption that use of them in this context is considered fair use.Thursday, March 31, 2011