Building an SSO platform         Ivo Jansch (@ijansch) - Egeniq         March 31, 2011 - Zend WebinarThursday, March 31, 2...
About Egeniq               Startup               Mobile               Tech               Knowledge               Geeks    ...
About Me               @ijansch               Developer               Author               Entreprenerd               PHPT...
Single Sign On         Why do we need it?Thursday, March 31, 2011
We use many applications                             Your        Your other                           corporate     corpor...
Across devices and locations                             Your        Your other                           corporate     co...
A quick pollThursday, March 31, 2011
Level 0 - One Password         To Rule Them AllThursday, March 31, 2011
1 password to rule them all                             Your        Your other                           corporate     cor...
Level 1 - Shared Identity         Using a single authentication backend for appsThursday, March 31, 2011
Shared Identity                                         LDAP                                         Server               ...
Level 2 - OpenID         Using OpenID for external Identity ManagementThursday, March 31, 2011
OpenID Flow                            OpenID    OpenID                           Consumer   ProviderThursday, March 31, 2...
OpenID Demo                            OpenID                           Consumer                           login.php      ...
Protecting the secretThursday, March 31, 2011
Delegate to OpenID providerThursday, March 31, 2011
Consume the responseThursday, March 31, 2011
Caveats               OpenID providers hesitant to be OpenID consumers               No trust establishment between consum...
Level 3 - OAuth         Using OAuth for external IDM and authorizationThursday, March 31, 2011
OAuth Flow                            OAuth      OAuth                           Consumer   ProviderThursday, March 31, 2011
Landing adjusted for OAuthThursday, March 31, 2011
OAuth ConfigurationThursday, March 31, 2011
Delegate auth to TwitterThursday, March 31, 2011
Consuming the responseThursday, March 31, 2011
Level 4 - SAML         Creating our own Identity ProviderThursday, March 31, 2011
SAML               Security Assertion Markup Language               XML standard by OASIS               Assertions contain...
SAML Flow                                 Auth                                                 Backend                    ...
SimpleSAMLphp                                          Auth                                                              B...
IDP SimpleSAMLphp setupThursday, March 31, 2011
IDP Auth Source ConfigurationThursday, March 31, 2011
IDP Hosted ConfigurationThursday, March 31, 2011
IDP Remote ConfigurationThursday, March 31, 2011
IDP Virtual Host Apache ConfigThursday, March 31, 2011
Testing the IDPThursday, March 31, 2011
SP SimpleSAMLphp setupThursday, March 31, 2011
SP Auth Source ConfigurationThursday, March 31, 2011
SP Remote ConfigurationThursday, March 31, 2011
Back to our landing pageThursday, March 31, 2011
Delegate auth to the IDPThursday, March 31, 2011
Integrating 3d party apps         Simplesamlphp is easy to integrateThursday, March 31, 2011
Wordpress               Plugin:                     http://wordpress.org/extend/plugins/simplesamlphp-authentication/Thurs...
MediaWiki               Plugin:                     http://www.mediawiki.org/wiki/Extension:SAMLAuthThursday, March 31, 2011
SugarCRM               Plugin: didn’t work               Problem: auth structure               Solution: hacking the sourc...
Google Apps               Requires Premier or Education Edition               Configure SAML endpoint => Done!             ...
Google AppsThursday, March 31, 2011
Making apps SSO ready                           Application           Auth Plugin                              Start      ...
Making apps SSO ready                           Application           Auth Plugin                              Start      ...
Making apps SSO ready                           Application                    Auth Plugin                               S...
Making apps SSO ready                           Application               Auth Plugin                               Start ...
Conclusion         What should you take away from this talk?Thursday, March 31, 2011
In your next project...                            You will NOT create more userids !!                            You WILL...
Thank You         ivo@egeniq.com    http://www.egeniq.com         @ijansch          @egeniqThursday, March 31, 2011
Credits          Pictures used in this presentation are creative commons attribution licensed pictures.          Here are ...
Upcoming SlideShare
Loading in...5
×

Building an SSO platform in PHP (Zend Webinar Edition)

12,706

Published on

I did a Webinar for Zend on March 31st, 2011 about Single Sign On. In this presentation I covered openid, oauth and saml as suitable implementations for single sign on to web applications.

Published in: Technology
3 Comments
24 Likes
Statistics
Notes
  • 16% of people took a first name as a password, often their own or one of their children, according to the study published by Information Week. Another 14% relied on the easiest keyboard combination to remember such as “1234” or “12345678”. But there is a safer way.

    Check www.smartsignin.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • If you're interested in the recording of this webinar, you can find it here: http://bit.ly/oYbMuL
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • I was expecting to see one ZF plugin to connect to saml.
    Symfony and other CMS are having this plugins.

    When are we going to have it into ZF???
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
12,706
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
3
Likes
24
Embeds 0
No embeds

No notes for slide

Building an SSO platform in PHP (Zend Webinar Edition)

  1. 1. Building an SSO platform Ivo Jansch (@ijansch) - Egeniq March 31, 2011 - Zend WebinarThursday, March 31, 2011
  2. 2. About Egeniq Startup Mobile Tech Knowledge Geeks DevelopmentThursday, March 31, 2011
  3. 3. About Me @ijansch Developer Author Entreprenerd PHPThursday, March 31, 2011
  4. 4. Single Sign On Why do we need it?Thursday, March 31, 2011
  5. 5. We use many applications Your Your other corporate corporate application applicationThursday, March 31, 2011
  6. 6. Across devices and locations Your Your other corporate corporate application applicationThursday, March 31, 2011
  7. 7. A quick pollThursday, March 31, 2011
  8. 8. Level 0 - One Password To Rule Them AllThursday, March 31, 2011
  9. 9. 1 password to rule them all Your Your other corporate corporate application applicationThursday, March 31, 2011
  10. 10. Level 1 - Shared Identity Using a single authentication backend for appsThursday, March 31, 2011
  11. 11. Shared Identity LDAP Server Your Your other corporate corporate application applicationThursday, March 31, 2011
  12. 12. Level 2 - OpenID Using OpenID for external Identity ManagementThursday, March 31, 2011
  13. 13. OpenID Flow OpenID OpenID Consumer ProviderThursday, March 31, 2011
  14. 14. OpenID Demo OpenID Consumer login.php OpenID Provider consume index.php .phpThursday, March 31, 2011
  15. 15. Protecting the secretThursday, March 31, 2011
  16. 16. Delegate to OpenID providerThursday, March 31, 2011
  17. 17. Consume the responseThursday, March 31, 2011
  18. 18. Caveats OpenID providers hesitant to be OpenID consumers No trust establishment between consumer and providerThursday, March 31, 2011
  19. 19. Level 3 - OAuth Using OAuth for external IDM and authorizationThursday, March 31, 2011
  20. 20. OAuth Flow OAuth OAuth Consumer ProviderThursday, March 31, 2011
  21. 21. Landing adjusted for OAuthThursday, March 31, 2011
  22. 22. OAuth ConfigurationThursday, March 31, 2011
  23. 23. Delegate auth to TwitterThursday, March 31, 2011
  24. 24. Consuming the responseThursday, March 31, 2011
  25. 25. Level 4 - SAML Creating our own Identity ProviderThursday, March 31, 2011
  26. 26. SAML Security Assertion Markup Language XML standard by OASIS Assertions contain: Proof of Identity Attributes Supports XML signatures and encryptionThursday, March 31, 2011
  27. 27. SAML Flow Auth Backend (LDAP, ...) Service Identity Provider ProviderThursday, March 31, 2011
  28. 28. SimpleSAMLphp Auth Backend (LDAP, ...) Identity Provider Simple Service SAML Provider SimpleSAMLPHP PHPThursday, March 31, 2011
  29. 29. IDP SimpleSAMLphp setupThursday, March 31, 2011
  30. 30. IDP Auth Source ConfigurationThursday, March 31, 2011
  31. 31. IDP Hosted ConfigurationThursday, March 31, 2011
  32. 32. IDP Remote ConfigurationThursday, March 31, 2011
  33. 33. IDP Virtual Host Apache ConfigThursday, March 31, 2011
  34. 34. Testing the IDPThursday, March 31, 2011
  35. 35. SP SimpleSAMLphp setupThursday, March 31, 2011
  36. 36. SP Auth Source ConfigurationThursday, March 31, 2011
  37. 37. SP Remote ConfigurationThursday, March 31, 2011
  38. 38. Back to our landing pageThursday, March 31, 2011
  39. 39. Delegate auth to the IDPThursday, March 31, 2011
  40. 40. Integrating 3d party apps Simplesamlphp is easy to integrateThursday, March 31, 2011
  41. 41. Wordpress Plugin: http://wordpress.org/extend/plugins/simplesamlphp-authentication/Thursday, March 31, 2011
  42. 42. MediaWiki Plugin: http://www.mediawiki.org/wiki/Extension:SAMLAuthThursday, March 31, 2011
  43. 43. SugarCRM Plugin: didn’t work Problem: auth structure Solution: hacking the source Options: Contact me if you need to get SugarCRM to do SSO :-) Wait for SugarCRM 6.1, it contains a working SAML plugin (/via @smalyshev)Thursday, March 31, 2011
  44. 44. Google Apps Requires Premier or Education Edition Configure SAML endpoint => Done! Docs: http://code.google.com/googleapps/domain/sso/ saml_reference_implementation.htmlThursday, March 31, 2011
  45. 45. Google AppsThursday, March 31, 2011
  46. 46. Making apps SSO ready Application Auth Plugin Start Logged in? Yes No Show Login Authenticate Site FormThursday, March 31, 2011
  47. 47. Making apps SSO ready Application Auth Plugin Start Logged in? Yes No Show Login Authenticate Site FormThursday, March 31, 2011
  48. 48. Making apps SSO ready Application Auth Plugin Start Logged in? Yes No Show Login Site Form AuthenticateThursday, March 31, 2011
  49. 49. Making apps SSO ready Application Auth Plugin Start Logged in? No Yes Login Form Show Login Site Form AuthenticateThursday, March 31, 2011
  50. 50. Conclusion What should you take away from this talk?Thursday, March 31, 2011
  51. 51. In your next project... You will NOT create more userids !! You WILL use standard protocols !!Thursday, March 31, 2011
  52. 52. Thank You ivo@egeniq.com http://www.egeniq.com @ijansch @egeniqThursday, March 31, 2011
  53. 53. Credits Pictures used in this presentation are creative commons attribution licensed pictures. Here are the owners and the URLS where the originals can be found: ‘Multiple Padlock Farm Gate’ by Mike Baird - http://www.flickr.com/photos/mikebaird/2354116406/ ‘Love Locks’ by James Manners - http://www.flickr.com/photos/jmanners/443421045/ ‘Seguridad’ by Juan J. Martinez - http://www.flickr.com/photos/reidrac/4696900602/ ‘Hotel Keys by Henri Bergius - http://www.flickr.com/photos/bergie/3468886680/ ‘OAuth Shiny’ by Chris Messina - http://www.flickr.com/photos/factoryjoe/3343062926/ ‘Take a number please’ by Andres Rueda - http://www.flickr.com/photos/andresrueda/3259487071/ ’38/365 Puzzled’ by Mykl Roventine - http://www.flickr.com/photos/myklroventine/3261364899/ ‘Visiting Portage’ by Jeremy Bronson - http://www.flickr.com/photos/jbrons/4444017497/ ‘_dsc8037’ by Sergey Vladimirov - http://www.flickr.com/photos/vlsergey/4138735474/ Application logo’s and other icons have been used under the assumption that use of them in this context is considered fair use.Thursday, March 31, 2011

×