Single sign on using WSO2 identity server

Like this? Share it with your network

Share

Single sign on using WSO2 identity server

  • 1,601 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,601
On Slideshare
1,425
From Embeds
176
Number of Embeds
2

Actions

Shares
Downloads
48
Comments
0
Likes
1

Embeds 176

http://wso2.com 175
https://twitter.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Single  sign-­‐on     using     WSO2  Iden1ty  Server   S.Uthaiyashankar   shankar@wso2.com   VP,  Engineering  
  • 2. About  WSO2   •  Providing  the  only  complete  open  source  componen=zed  cloud   pla?orm   –  Dedicated  to  removing  all  the  stumbling  blocks  to  enterprise  agility   –  Enabling  you  to  focus  on  business  logic  and  business  value     •  Recognized  by  leading  analyst  firms  as  visionaries  and  leaders   –  Gartner  cites  WSO2  as  visionaries  in  all  3  categories  of    applica=on   infrastructure   –  Forrester  places  WSO2  in  top  2  for  API  Management     •  Global  corpora=on  with  offices  in  USA,  UK  &  Sri  Lanka   –  200+  employees  and  growing   •  Business  model  of  selling  comprehensive  support  &  maintenance   for  our  products  
  • 3. 150+  globally  posi1oned  support  customers  
  • 4. Topics  Covered…   •  Importance  of  Single  Sign-­‐On   •  Single  Sign-­‐On  paWerns   •  Single  Sign-­‐On  support  in  WSO2  Iden=ty   Server  
  • 5. The  Story  Begins…  
  • 6. That  is  not  the  End…  
  • 7. Problems…   •  User  Perspec=ve:   –  Different  username,  password  for  different   systems   •  Preferred  username  is  already  taken   •  Using  same  username/password  might  become  a   security  risk   –  Too  many  username,  password   –  Loosing  possible  collabora=ons  
  • 8. Problems…   •  IT  Perspec=ve:   –  Provisioning/De-­‐provisioning  users   –  Audi=ng  user  ac=vi=es   –  No  single  view  of  user   –  Deploying  new  applica=ons  
  • 9. Shared  User  Store  -­‐  Possible  Solu1on?  
  • 10. Problems…   •  Mul=ple  logins   •  Cloud  Services  and  3rd  party  applica=ons  
  • 11. Solu1on   •  Federated  Iden=ty  and  Single  Sign-­‐On   Authen1ca1on   Iden=ty  Provider   Trust   Service  Consump1on   Service  Providers   Service  Providers   Service  Providers   Service  Providers  
  • 12. Single  Sign-­‐On  and  Federated  Iden1ty  
  • 13. Single  Sign-­‐On  and  Federated  Iden1ty   •  Single  Iden=ty   •  Possibility  of  Collabora=on  between   applica=ons     •  User  Convenience   •  Login  only  once  and  can  access  any  services   •  Easy  administra=on     –  Provisioning,  de-­‐provisioning,  forget  password  
  • 14. WSO2  Iden1ty  Server  
  • 15. Key  Requirements  For  Iden1ty  Federa1on   Iden1ty  Management  and  Authen1ca1on     •  Authen=ca=on   –  Mul=-­‐Factor  Authen=ca=on   •  Iden=ty  Management   –  AWributes  /  Claims  
  • 16. Key  Requirements  For  Iden1ty  Federa1on   Trust  Between  Domains   •  Trust   –  Pre-­‐established     •  Common  in  Enterprise  scenarios   –  Established  only  when  accessing  the  service     •  Common  in  web  scenarios   •  Iden=ty  Provider  Discovery  
  • 17. Key  Requirements  For  Iden1ty  Federa1on   Iden1ty  and  ARribute  Mapping   •  Mapping  user  iden=ty  of  one  system  to   another   –  Username   –  Out  of  Band   –  Pseudonym   •  Transient   •  Persistent   •  Mapping  aWribute  names  in  different  systems   •  Mapping  aWribute  values  in  different  systems  
  • 18. Key  Requirements  For  Iden1ty  Federa1on   ARribute  Exchange   •  One  system  reques=ng  addi=onal  aWributes   from  another  system  
  • 19. Protocols  and  Standards   •  •  •  •  OpenID   SAML2  Web  Browser  SSO   WS-­‐Trust  &  WS-­‐Federa=on   Kerberos  
  • 20. OpenID   hWp://openid.net/get-­‐an-­‐openid/  
  • 21. OpenID  Iden1fiers   •  Google   –  hWps://profiles.google.com/YourGoogleID   •  Blogger   –  hWp://blogname.blogspot.com/   •  MySpace   –  hWp://www.myspace.com/username  
  • 22. OpenID   7 1 vic  to  Ser  Access Allow e  Ope Provid 4 e   2 Discover  Provider  (XRI   Resolu1on,  Yadis,  HTML   Based  Discovery)   Service  Provider  A   Relying  Party   nID      to  IdP direct ser  Re Brow 3 Create  shared  secret   6 5 4 Iden=ty  Provider   Single  Sign-­‐On   Service  
  • 23. SAML2  Web  Browser  SSO  
  • 24. SAML2  Web  Browser  SSO   7 1 vic  to  Ser  Access Allow e   Service  Provider  A   Asser=on   Consumer  Service   rvice   ess  Se Acc 3    to  IdP direct ser  Re Brow 6 2 Select  Iden1ty  Provider   Trust   5 4 Iden=ty  Provider   Single  Sign-­‐On   Service  
  • 25. WS-­‐Trust   1 .)   9/etc e/x50 m serna on  (U n1ca1 Authe ken   rity  To Secu Iden=ty  Provider   Security  Token   Service   2 Trust   3 4 5 Verify  Token     (e.g.:  Check  signature)   Service  Provider  A  
  • 26. WS-­‐Federa1on   1 Authen1ca1on  (Username/x509/etc.)   Security  Token  A   2 Iden=ty  Provider  A   Security  Token   Service   Trust   3 5 6 8 Domain  A   Domain  B   Iden=ty  Provider  B   Security  Token   Service   Trust   4 Verify  Token  A     (e.g.:  Check   signature)   Service  Provider  B   Verify  Token  B     7 (e.g.:  Check  signature)  
  • 27. Kerberos   1 Session  Key  +  Ticket  Gran1ng  Ticket   3 Iden=ty  Provider  (Key   Distribu=on  Center)   UserName   2 Ticket  Gran1ng  Ticket  +  Authen1cator   5 Authen=ca=on   Service   Ticket  Gran=ng   Service   4 Security  Token   Verify  Authen1cator   6 8 Service  Shared  Key   Service  Provider   Verify  Security  Token   7  
  • 28. Some  Federa1on  PaRerns  Using   WSO2  Iden1ty  Server  
  • 29. Token  Exchange  
  • 30. IdP  Proxy  PaRern  
  • 31. IdP  Proxy  PaRern  
  • 32. IdP  Proxy  PaRern  
  • 33. Ques1ons?  
  • 34. Engage  with  WSO2   •  Helping  you  get  the  most  out  of  your  deployments   •  From  project  evalua=on  and  incep=on  to  development  and  going   into  produc=on,  WSO2  is  your  partner  in  ensuring  100%  project   success