Uploaded byGluu
PPTX, PDF564 views

Recipe for a reverse proxy using saml and uma

We at Gluu have been working on a solution for a healthcare SaaS provider for a “reverse proxy” to help them migrate from a home grown web access management solution.

Embed presentation

Download to read offline
RECIPE FOR A REVERSE PROXY USING SAML AND UMA We at Gluu have been working on a solution for a healthcare SaaS provider for a “reverse proxy” to help them migrate from a home grown web access management solution. The driver for the integration was supporting an important customer who required SAML authentication. However, SAML was not enough. The SaaS provider used the proxy as the policy enforcement point to ensure data privacy for their multitenant system. So the reverse proxy had to enforce URL access control, not just enforce that all users were authenticated. I admit, it seems a little weird to use SAML and UMA together. One of my questions about this solution is how the OX Authorization Server (AS) will be able to make polcies based on “user claims” (“attributes” in SAML jargon). How would the AS even get the attributes? Another bothersome question, if the Person is using a SAML IDP, where is the UMA Relying Party (i.e. the client). The solution we derived was to build a proxy application that acts as the Relying Party, and passes the user attributes in the HTTP Request.
Of course, we don’t want to write any SAML code, so we actually use the Shibboleth SAML SP and Apache to handle the authentication and SAML attribute request. If you think about the flow: http://example.com –> Shib authentication http://example.com/oxProx –> Oauth2 session established web access management solution http://example.com/oxProx/App1 –> UMA policy enforcement via the Resource Server The AS could also handle “enrollment” of new users for “just-in-time” provisioning. Article Resource:-http://gluu.jimdo.com/gluu-blog/recipe-for-a-reverse-proxy-using-samland-uma/

More Related Content

PPTX
Building a Common Message Solution with MongoDB at Vertafore
byMongoDB
 
PPSX
Gluu server for educational institutions
byGluu
 
PPTX
Pr from our recent nstic pilot award
byGluu
 
PPTX
The currency of identifiers
byGluu
 
PPTX
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...
byGluu
 
PPTX
Gluu sxsw 2015 interactive picks
byGluu
 
PPTX
17 recommended requirements for an identity and access management poc
byGluu
 
PPTX
Top 10 applications for multi factor authentication in higher education
byGluu
 
Building a Common Message Solution with MongoDB at Vertafore
byMongoDB
 
Gluu server for educational institutions
byGluu
 
Pr from our recent nstic pilot award
byGluu
 
The currency of identifiers
byGluu
 
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...
byGluu
 
Gluu sxsw 2015 interactive picks
byGluu
 
17 recommended requirements for an identity and access management poc
byGluu
 
Top 10 applications for multi factor authentication in higher education
byGluu
 

More from Gluu

PPTX
First o auth 2.0 and saml identity federation platform to be shown by gluu
byGluu
 
PPTX
How & why gluu’s open source authorization and authentication platform was ch...
byGluu
 
PPTX
East hackathon api’s for art
byGluu
 
PPTX
Gluu’s vision
byGluu
 
PPTX
Gluu and canonical to demonstrate instant application security using ubuntu j...
byGluu
 
PPTX
Currency of identifiers ii
byGluu
 
PPTX
Shibboleth identity provider (idp) what it is, and why you should consider a ...
byGluu
 
PPTX
Federated identity and open id connect why higher ed needs ox
byGluu
 
PPTX
Web access management using o auth2 and saml – wam 2.0
byGluu
 
PPTX
Packt publishing book proposal api and mobile access management
byGluu
 
PPTX
Gluu oscon submission
byGluu
 
PPTX
Go west young federation
byGluu
 
PPTX
 Use case for asimba as saml proxy
byGluu
 
PPTX
Postcard from identity next 2013
byGluu
 
First o auth 2.0 and saml identity federation platform to be shown by gluu
byGluu
 
How & why gluu’s open source authorization and authentication platform was ch...
byGluu
 
East hackathon api’s for art
byGluu
 
Gluu’s vision
byGluu
 
Gluu and canonical to demonstrate instant application security using ubuntu j...
byGluu
 
Currency of identifiers ii
byGluu
 
Shibboleth identity provider (idp) what it is, and why you should consider a ...
byGluu
 
Federated identity and open id connect why higher ed needs ox
byGluu
 
Web access management using o auth2 and saml – wam 2.0
byGluu
 
Packt publishing book proposal api and mobile access management
byGluu
 
Gluu oscon submission
byGluu
 
Go west young federation
byGluu
 
 Use case for asimba as saml proxy
byGluu
 
Postcard from identity next 2013
byGluu
 

Recently uploaded

PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
December Patch Tuesday
byIvanti
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
AI Technology important knowledge ......
byutkarshj2007
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
The year in review - MarvelClient in 2025
bypanagenda
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 

Recipe for a reverse proxy using saml and uma

  • 1.
    RECIPE FOR AREVERSE PROXY USING SAML AND UMA We at Gluu have been working on a solution for a healthcare SaaS provider for a “reverse proxy” to help them migrate from a home grown web access management solution. The driver for the integration was supporting an important customer who required SAML authentication. However, SAML was not enough. The SaaS provider used the proxy as the policy enforcement point to ensure data privacy for their multitenant system. So the reverse proxy had to enforce URL access control, not just enforce that all users were authenticated. I admit, it seems a little weird to use SAML and UMA together. One of my questions about this solution is how the OX Authorization Server (AS) will be able to make polcies based on “user claims” (“attributes” in SAML jargon). How would the AS even get the attributes? Another bothersome question, if the Person is using a SAML IDP, where is the UMA Relying Party (i.e. the client). The solution we derived was to build a proxy application that acts as the Relying Party, and passes the user attributes in the HTTP Request.
  • 2.
    Of course, wedon’t want to write any SAML code, so we actually use the Shibboleth SAML SP and Apache to handle the authentication and SAML attribute request. If you think about the flow: http://example.com –> Shib authentication http://example.com/oxProx –> Oauth2 session established web access management solution http://example.com/oxProx/App1 –> UMA policy enforcement via the Resource Server The AS could also handle “enrollment” of new users for “just-in-time” provisioning. Article Resource:-http://gluu.jimdo.com/gluu-blog/recipe-for-a-reverse-proxy-using-samland-uma/