SlideShare a Scribd company logo

Single sign on using WSO2 identity server

WSO2
WSO2
1 of 34
Download to read offline
Single  sign-­‐on     using     WSO2  Iden1ty  Server   S.Uthaiyashankar   shankar@wso2.com   VP,  Engineering  
About  WSO2   •  Providing  the  only  complete  open  source  componen=zed  cloud   pla?orm   –  Dedicated  to  removing  all  the  stumbling  blocks  to  enterprise  agility   –  Enabling  you  to  focus  on  business  logic  and  business  value     •  Recognized  by  leading  analyst  firms  as  visionaries  and  leaders   –  Gartner  cites  WSO2  as  visionaries  in  all  3  categories  of    applica=on   infrastructure   –  Forrester  places  WSO2  in  top  2  for  API  Management     •  Global  corpora=on  with  offices  in  USA,  UK  &  Sri  Lanka   –  200+  employees  and  growing   •  Business  model  of  selling  comprehensive  support  &  maintenance   for  our  products  
150+  globally  posi1oned  support  customers  
Topics  Covered…   •  Importance  of  Single  Sign-­‐On   •  Single  Sign-­‐On  paWerns   •  Single  Sign-­‐On  support  in  WSO2  Iden=ty   Server  
The  Story  Begins…  
That  is  not  the  End…  
Problems…   •  User  Perspec=ve:   –  Different  username,  password  for  different   systems   •  Preferred  username  is  already  taken   •  Using  same  username/password  might  become  a   security  risk   –  Too  many  username,  password   –  Loosing  possible  collabora=ons  
Problems…   •  IT  Perspec=ve:   –  Provisioning/De-­‐provisioning  users   –  Audi=ng  user  ac=vi=es   –  No  single  view  of  user   –  Deploying  new  applica=ons  
Shared  User  Store  -­‐  Possible  Solu1on?  
Problems…   •  Mul=ple  logins   •  Cloud  Services  and  3rd  party  applica=ons  
Solu1on   •  Federated  Iden=ty  and  Single  Sign-­‐On   Authen1ca1on   Iden=ty  Provider   Trust   Service  Consump1on   Service  Providers   Service  Providers   Service  Providers   Service  Providers  
Single  Sign-­‐On  and  Federated  Iden1ty  
Single  Sign-­‐On  and  Federated  Iden1ty   •  Single  Iden=ty   •  Possibility  of  Collabora=on  between   applica=ons     •  User  Convenience   •  Login  only  once  and  can  access  any  services   •  Easy  administra=on     –  Provisioning,  de-­‐provisioning,  forget  password  
WSO2  Iden1ty  Server  
Key  Requirements  For  Iden1ty  Federa1on   Iden1ty  Management  and  Authen1ca1on     •  Authen=ca=on   –  Mul=-­‐Factor  Authen=ca=on   •  Iden=ty  Management   –  AWributes  /  Claims  
Key  Requirements  For  Iden1ty  Federa1on   Trust  Between  Domains   •  Trust   –  Pre-­‐established     •  Common  in  Enterprise  scenarios   –  Established  only  when  accessing  the  service     •  Common  in  web  scenarios   •  Iden=ty  Provider  Discovery  
Key  Requirements  For  Iden1ty  Federa1on   Iden1ty  and  ARribute  Mapping   •  Mapping  user  iden=ty  of  one  system  to   another   –  Username   –  Out  of  Band   –  Pseudonym   •  Transient   •  Persistent   •  Mapping  aWribute  names  in  different  systems   •  Mapping  aWribute  values  in  different  systems  
Key  Requirements  For  Iden1ty  Federa1on   ARribute  Exchange   •  One  system  reques=ng  addi=onal  aWributes   from  another  system  
Protocols  and  Standards   •  •  •  •  OpenID   SAML2  Web  Browser  SSO   WS-­‐Trust  &  WS-­‐Federa=on   Kerberos  
OpenID   hWp://openid.net/get-­‐an-­‐openid/  
OpenID  Iden1fiers   •  Google   –  hWps://profiles.google.com/YourGoogleID   •  Blogger   –  hWp://blogname.blogspot.com/   •  MySpace   –  hWp://www.myspace.com/username  
OpenID   7 1 vic  to  Ser  Access Allow e  Ope Provid 4 e   2 Discover  Provider  (XRI   Resolu1on,  Yadis,  HTML   Based  Discovery)   Service  Provider  A   Relying  Party   nID      to  IdP direct ser  Re Brow 3 Create  shared  secret   6 5 4 Iden=ty  Provider   Single  Sign-­‐On   Service  
SAML2  Web  Browser  SSO  
SAML2  Web  Browser  SSO   7 1 vic  to  Ser  Access Allow e   Service  Provider  A   Asser=on   Consumer  Service   rvice   ess  Se Acc 3    to  IdP direct ser  Re Brow 6 2 Select  Iden1ty  Provider   Trust   5 4 Iden=ty  Provider   Single  Sign-­‐On   Service  
WS-­‐Trust   1 .)   9/etc e/x50 m serna on  (U n1ca1 Authe ken   rity  To Secu Iden=ty  Provider   Security  Token   Service   2 Trust   3 4 5 Verify  Token     (e.g.:  Check  signature)   Service  Provider  A  
WS-­‐Federa1on   1 Authen1ca1on  (Username/x509/etc.)   Security  Token  A   2 Iden=ty  Provider  A   Security  Token   Service   Trust   3 5 6 8 Domain  A   Domain  B   Iden=ty  Provider  B   Security  Token   Service   Trust   4 Verify  Token  A     (e.g.:  Check   signature)   Service  Provider  B   Verify  Token  B     7 (e.g.:  Check  signature)  
Kerberos   1 Session  Key  +  Ticket  Gran1ng  Ticket   3 Iden=ty  Provider  (Key   Distribu=on  Center)   UserName   2 Ticket  Gran1ng  Ticket  +  Authen1cator   5 Authen=ca=on   Service   Ticket  Gran=ng   Service   4 Security  Token   Verify  Authen1cator   6 8 Service  Shared  Key   Service  Provider   Verify  Security  Token   7  
Some  Federa1on  PaRerns  Using   WSO2  Iden1ty  Server  
Token  Exchange  
IdP  Proxy  PaRern  
IdP  Proxy  PaRern  
IdP  Proxy  PaRern  
Ques1ons?  
Engage  with  WSO2   •  Helping  you  get  the  most  out  of  your  deployments   •  From  project  evalua=on  and  incep=on  to  development  and  going   into  produc=on,  WSO2  is  your  partner  in  ensuring  100%  project   success  

Recommended

WSO2 Identity Server
WSO2 Identity Server WSO2 Identity Server
WSO2 Identity Server WSO2
 
Bring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity ServerBring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity ServerWSO2
 
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
WSO2 - Identity Server & API Manager - TeamOpenBravo - IF4050
WSO2 - Identity Server & API Manager - TeamOpenBravo - IF4050WSO2 - Identity Server & API Manager - TeamOpenBravo - IF4050
WSO2 - Identity Server & API Manager - TeamOpenBravo - IF4050Mochammad Dikra Prasetya
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in PracticeForgeRock
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 

Recommended

WSO2 Identity Server
WSO2 Identity Server WSO2 Identity Server
WSO2 Identity Server WSO2
 
Bring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity ServerBring your own Identity (BYOID) with WSO2 Identity Server
Bring your own Identity (BYOID) with WSO2 Identity ServerWSO2
 
WSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2 Identity Server 5.3.0 - Product Release Webinar
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2
 
SSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerSSO with the WSO2 Identity Server
SSO with the WSO2 Identity ServerWSO2
 
WSO2 - Identity Server & API Manager - TeamOpenBravo - IF4050
WSO2 - Identity Server & API Manager - TeamOpenBravo - IF4050WSO2 - Identity Server & API Manager - TeamOpenBravo - IF4050
WSO2 - Identity Server & API Manager - TeamOpenBravo - IF4050Mochammad Dikra Prasetya
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in PracticeForgeRock
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...Mike Schwartz
 
Access control patterns
Access control patterns Access control patterns
Access control patterns WSO2
 
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101Mike Schwartz
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study ForgeRock
 
OpenAM Survival Tips
OpenAM Survival TipsOpenAM Survival Tips
OpenAM Survival TipsForgeRock
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible IdentityForgeRock
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentForgeRock
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthMike Schwartz
 
Open Identity Stack Roadmap
Open Identity Stack RoadmapOpen Identity Stack Roadmap
Open Identity Stack RoadmapForgeRock
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorMifrazMurthaja
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on systemSwati Sinha
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ONShambhavi Sahay
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-Onelliando dias
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 
Sso with the wso2 identity server
Sso with the wso2 identity serverSso with the wso2 identity server
Sso with the wso2 identity serversureshattanayake
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity WSO2
 

More Related Content

What's hot

WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...Mike Schwartz
 
Access control patterns
Access control patterns Access control patterns
Access control patterns WSO2
 
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study ForgeRock
 
OpenAM Survival Tips
OpenAM Survival TipsOpenAM Survival Tips
OpenAM Survival TipsForgeRock
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible IdentityForgeRock
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentForgeRock
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthMike Schwartz
 
Open Identity Stack Roadmap
Open Identity Stack RoadmapOpen Identity Stack Roadmap
Open Identity Stack RoadmapForgeRock
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorMifrazMurthaja
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on systemSwati Sinha
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-Onelliando dias
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCloudIDSummit
 

What's hot (20)

WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...
 
Access control patterns
Access control patterns Access control patterns
Access control patterns
 
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
 
OpenAM Survival Tips
OpenAM Survival TipsOpenAM Survival Tips
OpenAM Survival Tips
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible Identity
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
 
OpenAM as Flexible Integration Component
OpenAM as Flexible Integration ComponentOpenAM as Flexible Integration Component
OpenAM as Flexible Integration Component
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
 
Open Identity Stack Roadmap
Open Identity Stack RoadmapOpen Identity Stack Roadmap
Open Identity Stack Roadmap
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound Authenticator
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ON
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
 
CIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in ActionCIS14: OAuth and OpenID Connect in Action
CIS14: OAuth and OpenID Connect in Action
 

Similar to Single sign on using WSO2 identity server

Sso with the wso2 identity server
Sso with the wso2 identity serverSso with the wso2 identity server
Sso with the wso2 identity serversureshattanayake
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity WSO2
 
unit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxunit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxzmulani8
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupEPC Group
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...NCCOMMS
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns WSO2
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerNovell
 
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign OnHelp! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign OnSaloni Shah
 
FIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG HackathonFIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG HackathonKi-Eun Shin
 
AssureBridge - SSO to Many B2B Service Providers - Marketing presentation
AssureBridge - SSO to Many B2B Service Providers - Marketing presentationAssureBridge - SSO to Many B2B Service Providers - Marketing presentation
AssureBridge - SSO to Many B2B Service Providers - Marketing presentationAssureBridge
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?Scott Hoag
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialPrabath Siriwardena
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 

Similar to Single sign on using WSO2 identity server (20)

Sso with the wso2 identity server
Sso with the wso2 identity serverSso with the wso2 identity server
Sso with the wso2 identity server
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity
 
unit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptxunit 1 Federated Identity Management_4.pptx
unit 1 Federated Identity Management_4.pptx
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security Avalanche
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 
Presentation
PresentationPresentation
Presentation
 
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign OnHelp! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
 
FIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG HackathonFIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG Hackathon
 
AssureBridge - SSO to Many B2B Service Providers - Marketing presentation
AssureBridge - SSO to Many B2B Service Providers - Marketing presentationAssureBridge - SSO to Many B2B Service Providers - Marketing presentation
AssureBridge - SSO to Many B2B Service Providers - Marketing presentation
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server Tutorial
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 

More from WSO2

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 

More from WSO2 (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 

Single sign on using WSO2 identity server

  • 1. Single  sign-­‐on     using     WSO2  Iden1ty  Server   S.Uthaiyashankar   shankar@wso2.com   VP,  Engineering  
  • 2. About  WSO2   •  Providing  the  only  complete  open  source  componen=zed  cloud   pla?orm   –  Dedicated  to  removing  all  the  stumbling  blocks  to  enterprise  agility   –  Enabling  you  to  focus  on  business  logic  and  business  value     •  Recognized  by  leading  analyst  firms  as  visionaries  and  leaders   –  Gartner  cites  WSO2  as  visionaries  in  all  3  categories  of    applica=on   infrastructure   –  Forrester  places  WSO2  in  top  2  for  API  Management     •  Global  corpora=on  with  offices  in  USA,  UK  &  Sri  Lanka   –  200+  employees  and  growing   •  Business  model  of  selling  comprehensive  support  &  maintenance   for  our  products  
  • 3. 150+  globally  posi1oned  support  customers  
  • 4. Topics  Covered…   •  Importance  of  Single  Sign-­‐On   •  Single  Sign-­‐On  paWerns   •  Single  Sign-­‐On  support  in  WSO2  Iden=ty   Server  
  • 6. That  is  not  the  End…  
  • 7. Problems…   •  User  Perspec=ve:   –  Different  username,  password  for  different   systems   •  Preferred  username  is  already  taken   •  Using  same  username/password  might  become  a   security  risk   –  Too  many  username,  password   –  Loosing  possible  collabora=ons  
  • 8. Problems…   •  IT  Perspec=ve:   –  Provisioning/De-­‐provisioning  users   –  Audi=ng  user  ac=vi=es   –  No  single  view  of  user   –  Deploying  new  applica=ons  
  • 9. Shared  User  Store  -­‐  Possible  Solu1on?  
  • 10. Problems…   •  Mul=ple  logins   •  Cloud  Services  and  3rd  party  applica=ons  
  • 11. Solu1on   •  Federated  Iden=ty  and  Single  Sign-­‐On   Authen1ca1on   Iden=ty  Provider   Trust   Service  Consump1on   Service  Providers   Service  Providers   Service  Providers   Service  Providers  
  • 12. Single  Sign-­‐On  and  Federated  Iden1ty  
  • 13. Single  Sign-­‐On  and  Federated  Iden1ty   •  Single  Iden=ty   •  Possibility  of  Collabora=on  between   applica=ons     •  User  Convenience   •  Login  only  once  and  can  access  any  services   •  Easy  administra=on     –  Provisioning,  de-­‐provisioning,  forget  password  
  • 15. Key  Requirements  For  Iden1ty  Federa1on   Iden1ty  Management  and  Authen1ca1on     •  Authen=ca=on   –  Mul=-­‐Factor  Authen=ca=on   •  Iden=ty  Management   –  AWributes  /  Claims  
  • 16. Key  Requirements  For  Iden1ty  Federa1on   Trust  Between  Domains   •  Trust   –  Pre-­‐established     •  Common  in  Enterprise  scenarios   –  Established  only  when  accessing  the  service     •  Common  in  web  scenarios   •  Iden=ty  Provider  Discovery  
  • 17. Key  Requirements  For  Iden1ty  Federa1on   Iden1ty  and  ARribute  Mapping   •  Mapping  user  iden=ty  of  one  system  to   another   –  Username   –  Out  of  Band   –  Pseudonym   •  Transient   •  Persistent   •  Mapping  aWribute  names  in  different  systems   •  Mapping  aWribute  values  in  different  systems  
  • 18. Key  Requirements  For  Iden1ty  Federa1on   ARribute  Exchange   •  One  system  reques=ng  addi=onal  aWributes   from  another  system  
  • 19. Protocols  and  Standards   •  •  •  •  OpenID   SAML2  Web  Browser  SSO   WS-­‐Trust  &  WS-­‐Federa=on   Kerberos  
  • 21. OpenID  Iden1fiers   •  Google   –  hWps://profiles.google.com/YourGoogleID   •  Blogger   –  hWp://blogname.blogspot.com/   •  MySpace   –  hWp://www.myspace.com/username  
  • 22. OpenID   7 1 vic  to  Ser  Access Allow e  Ope Provid 4 e   2 Discover  Provider  (XRI   Resolu1on,  Yadis,  HTML   Based  Discovery)   Service  Provider  A   Relying  Party   nID      to  IdP direct ser  Re Brow 3 Create  shared  secret   6 5 4 Iden=ty  Provider   Single  Sign-­‐On   Service  
  • 24. SAML2  Web  Browser  SSO   7 1 vic  to  Ser  Access Allow e   Service  Provider  A   Asser=on   Consumer  Service   rvice   ess  Se Acc 3    to  IdP direct ser  Re Brow 6 2 Select  Iden1ty  Provider   Trust   5 4 Iden=ty  Provider   Single  Sign-­‐On   Service  
  • 25. WS-­‐Trust   1 .)   9/etc e/x50 m serna on  (U n1ca1 Authe ken   rity  To Secu Iden=ty  Provider   Security  Token   Service   2 Trust   3 4 5 Verify  Token     (e.g.:  Check  signature)   Service  Provider  A  
  • 26. WS-­‐Federa1on   1 Authen1ca1on  (Username/x509/etc.)   Security  Token  A   2 Iden=ty  Provider  A   Security  Token   Service   Trust   3 5 6 8 Domain  A   Domain  B   Iden=ty  Provider  B   Security  Token   Service   Trust   4 Verify  Token  A     (e.g.:  Check   signature)   Service  Provider  B   Verify  Token  B     7 (e.g.:  Check  signature)  
  • 27. Kerberos   1 Session  Key  +  Ticket  Gran1ng  Ticket   3 Iden=ty  Provider  (Key   Distribu=on  Center)   UserName   2 Ticket  Gran1ng  Ticket  +  Authen1cator   5 Authen=ca=on   Service   Ticket  Gran=ng   Service   4 Security  Token   Verify  Authen1cator   6 8 Service  Shared  Key   Service  Provider   Verify  Security  Token   7  
  • 28. Some  Federa1on  PaRerns  Using   WSO2  Iden1ty  Server  
  • 34. Engage  with  WSO2   •  Helping  you  get  the  most  out  of  your  deployments   •  From  project  evalua=on  and  incep=on  to  development  and  going   into  produc=on,  WSO2  is  your  partner  in  ensuring  100%  project   success