Submit Search
Upload
OpenID in the Fedora Services
•
Download as ODP, PDF
•
0 likes
•
257 views
P
Patrick Uiterwijk
Follow
Technology
Business
Report
Share
Report
Share
1 of 22
Download now
Recommended
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11
Nov Matake
エンタープライズの視点からFIDOとFederationのビジネスを考える
エンタープライズの視点からFIDOとFederationのビジネスを考える
Masaru Kurahayashi
Flipbook social media
Flipbook social media
stephanieburrows
Unidad de aprendizaje 2
Unidad de aprendizaje 2
Get18
Psicología Organizada y Formación en Psicología
Psicología Organizada y Formación en Psicología
Marcelo Urra
Master Ski Program Registration
Master Ski Program Registration
krisung
Sintesis informativa 05 12 2011
Sintesis informativa 05 12 2011
megaradioexpress
Openid+Opensocial
Openid+Opensocial
Sebastiano Merlino (eTr)
Recommended
OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11
Nov Matake
エンタープライズの視点からFIDOとFederationのビジネスを考える
エンタープライズの視点からFIDOとFederationのビジネスを考える
Masaru Kurahayashi
Flipbook social media
Flipbook social media
stephanieburrows
Unidad de aprendizaje 2
Unidad de aprendizaje 2
Get18
Psicología Organizada y Formación en Psicología
Psicología Organizada y Formación en Psicología
Marcelo Urra
Master Ski Program Registration
Master Ski Program Registration
krisung
Sintesis informativa 05 12 2011
Sintesis informativa 05 12 2011
megaradioexpress
Openid+Opensocial
Openid+Opensocial
Sebastiano Merlino (eTr)
OpenID Tutorials
OpenID Tutorials
Nao Haida
An Introduction to OpenID
An Introduction to OpenID
Max Manders
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger Indy
Tracy Kuhrt
2010 - Fédération des identités et OpenID
2010 - Fédération des identités et OpenID
Cyber Security Alliance
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Sylvain Maret
OpenID and OAuth
OpenID and OAuth
Andrea Chiodoni
Open id & OAuth
Open id & OAuth
Paul Fryer
Review on OpenID Authentication Framework
Review on OpenID Authentication Framework
ijsrd.com
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
Graham Charters
Holt "Working with Scholarly APIs: A NISO Training Series, Session Two: ORCID"
Holt "Working with Scholarly APIs: A NISO Training Series, Session Two: ORCID"
National Information Standards Organization (NISO)
WAFFLE: Windows Authentication in Java
WAFFLE: Windows Authentication in Java
Daniel Doubrovkine
OpenId Connect Protocol
OpenId Connect Protocol
Michael Furman
Proxy log review and use cases
Proxy log review and use cases
Mostafa Yahia
SWXG 2010.6.9 v2
SWXG 2010.6.9 v2
Paul Trevithick
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity Server
WSO2
Sso with the wso2 identity server
Sso with the wso2 identity server
sureshattanayake
Lecture 20101124
Lecture 20101124
Anderson Liang
Using OAuth with PHP
Using OAuth with PHP
David Ingram
Practical Federated Identity
Practical Federated Identity
WSO2
OpenDDR
OpenDDR
Werner Keil
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
More Related Content
Similar to OpenID in the Fedora Services
OpenID Tutorials
OpenID Tutorials
Nao Haida
An Introduction to OpenID
An Introduction to OpenID
Max Manders
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger Indy
Tracy Kuhrt
2010 - Fédération des identités et OpenID
2010 - Fédération des identités et OpenID
Cyber Security Alliance
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Sylvain Maret
OpenID and OAuth
OpenID and OAuth
Andrea Chiodoni
Open id & OAuth
Open id & OAuth
Paul Fryer
Review on OpenID Authentication Framework
Review on OpenID Authentication Framework
ijsrd.com
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
Graham Charters
Holt "Working with Scholarly APIs: A NISO Training Series, Session Two: ORCID"
Holt "Working with Scholarly APIs: A NISO Training Series, Session Two: ORCID"
National Information Standards Organization (NISO)
WAFFLE: Windows Authentication in Java
WAFFLE: Windows Authentication in Java
Daniel Doubrovkine
OpenId Connect Protocol
OpenId Connect Protocol
Michael Furman
Proxy log review and use cases
Proxy log review and use cases
Mostafa Yahia
SWXG 2010.6.9 v2
SWXG 2010.6.9 v2
Paul Trevithick
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity Server
WSO2
Sso with the wso2 identity server
Sso with the wso2 identity server
sureshattanayake
Lecture 20101124
Lecture 20101124
Anderson Liang
Using OAuth with PHP
Using OAuth with PHP
David Ingram
Practical Federated Identity
Practical Federated Identity
WSO2
OpenDDR
OpenDDR
Werner Keil
Similar to OpenID in the Fedora Services
(20)
OpenID Tutorials
OpenID Tutorials
An Introduction to OpenID
An Introduction to OpenID
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger Indy
2010 - Fédération des identités et OpenID
2010 - Fédération des identités et OpenID
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...
OpenID and OAuth
OpenID and OAuth
Open id & OAuth
Open id & OAuth
Review on OpenID Authentication Framework
Review on OpenID Authentication Framework
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
Holt "Working with Scholarly APIs: A NISO Training Series, Session Two: ORCID"
Holt "Working with Scholarly APIs: A NISO Training Series, Session Two: ORCID"
WAFFLE: Windows Authentication in Java
WAFFLE: Windows Authentication in Java
OpenId Connect Protocol
OpenId Connect Protocol
Proxy log review and use cases
Proxy log review and use cases
SWXG 2010.6.9 v2
SWXG 2010.6.9 v2
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity Server
Sso with the wso2 identity server
Sso with the wso2 identity server
Lecture 20101124
Lecture 20101124
Using OAuth with PHP
Using OAuth with PHP
Practical Federated Identity
Practical Federated Identity
OpenDDR
OpenDDR
Recently uploaded
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Zilliz
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
SeasiaInfotech2
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
The Digital Insurer
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
RankYa
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
Recently uploaded
(20)
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
OpenID in the Fedora Services
1.
In the Fedora
services Patrick Uiterwijk Presented by Intern, Red Hat, Inc. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. OpenID
2.
Today's Topics 1. What
isOpenID? 2. Howdoesitwork? 3. Extensionsweuse 4. Deploymentstatus
3.
What is OpenID?
4.
Federatedauthentication URLisidentity SayingWHOyouare,ratherthanWHATyouare What is OpenID?
5.
How does it
work?
6.
Provider Theserverthatverifiedanidentity RelyingParty(RP) Thewebsitewheretheuseristryingtologin Endpoint TheURLoftheproviderwhichacceptsandhandlesOpenIDprotocolmessages ClaimedIdentifier TheidentityoftheuserverifiedbytheProvider Some terminology
7.
1. TheuserbrowsestoanOpenIDRelyingParty website(e.g.ask.fedoraproject.org) 2.
TheuserclicksontheLogInbutton 3. Theuserenterhis/heridentityURL(puiterwijk.id.fedoraproject.org) 4. Theconsumerredirectstheusertotheprovider(id.fedoraproject.org) 5. Theuserauthenticatestotheprovider 6. Theuserisredirectedbacktotheoriginalwebsite,beingauthenticated Simple process
8.
But..... It's not that
simple (though this is all the user sees)
9.
Howdoestheconsumerknowwheretoredirecttheuserforauthentication? Howdoestheconsumerknowforsurethattheuserdidn'tjustbrowsetoitsreturnpage,sayingit's authenticated? Some issues
10.
ConsumerdoesarequesttotheURLtheuserprovided ReturnedHTMLcontainseitherofthefollowing: HTMLtagsayingwheretheendpointis HTMLtagsayingwheretofindthediscoveryinfo HTTPheadersayingwheretofindthediscoveryinfo Nowwearereadytoredirecttheuser,right? Well,maybe.. Discovery
11.
Stateful Afterdiscovery,theRelyingPartyexchangesacryptographickeywiththeproviderwhichisusedforverifyingthe claimatreturn. Stateless Thekeyisgeneratedbytheproviderandreturnedintheresponse. Whateverhappens,theresponseisvalidatedbyrequestingacheckagainsttheprovider. Two operational modes
12.
Extensions we use
13.
ProvidesomebasicinformationabouttheusertotheRelyingparty: Nickname Emailaddress Timezone Usedbylotsofrelyingpartiestopre-fillregistrationformsafterauthenticatingwithOpenID. Simple Registration
14.
Provideaccesstowhattypeofauthenticationwasusedtoverifytheuser: Username/password OTPtoken Tamper-proofOTPtoken Also,theRelyingPartycanrequireanyspecifictypetobeusedforauthenticationtobesuccessful,orhave theauthenticationtimeout. Provider Authentication
15.
ProvidegroupmembershipinformationtotheRelyingParty Relyingpartysendslistofgroupsitwouldliketoknowiftheuserisamemberof Theserverreturnsalistofgroupstheuserisactuallyamemberof NamedteamsbecausethespecwaswrittenbyLaunchpadteam Teams
16.
ProvideinformationtotheRelyingPartywhetherornottheuserhassignedaContributorLicenseAgreement (oranyotherformoflicenseagreement) DifferentURLbasesfordifferentOpenIDproviders Extensionsdefinedbyus,Fedorateam CLA
17.
Deployment status
18.
OpenID-providerwasrewrittenfromscratch HadbeenpartoftheFedoraAccountSystemformanyyears,butwasnotfollowingthestandardscompletely, sonotcompatiblewithsomeRelyingParties Addedtheteams,CLAandPAPEextensions Hasbeenliveforaboutayearnow,withoutmajorincidents Current provider
19.
FedoraHostedtraclogin COPR Tagger Hyperkitty Jenkins Services migrated
20.
Bodhi Pkgdb Elections Wiki Fedocal Blockerbugs ..... Services being migrated
21.
OpenIDisbeingusedtocentralizeourauthentication LesscustomcodebecauseFASbackendsarelesscommonthanOpenIDbackends BusymovingallservicesovertousingOpenID Lastbutnotleast:wesupportotherpeopleusinganyoftheextensions! Summary
22.
Questions? ThisworkislicensedunderaCreativeCommonsAttribution-ShareAlike3.0UnportedLicense. patrick@fedoraproject.org Contact:
Download now