Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Identity federation with AWS Cognito

63 views

Published on

Talk by Kumaravel P, Software Development Engineer at Altran on the topic "Identity federation with AWS Cognito" at AWS Community Day, Bangalore 2018

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Identity federation with AWS Cognito

  1. 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. BENGALURU
  2. 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Federation with AWS Cognito Kumaravel Ponnusamy | 25-09-2018
  3. 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Objective • To share the knowledge and learnings in the Identity federation with Cognito. • Outlining the challenges and solutions pertaining to Single Sign On, IAM policies and securing the tokens. • Communicating with third party authentication provider and federating it with the help of Cognito identity pool to access the AWS resources in secure way of access to the AWS services.
  4. 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction • We developed a web based front end application, which would connect with AWS Serverless architecture. • We have implemented the application with a custom authentication & Authorization method to communicate with AWS.
  5. 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Over All Flow
  6. 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business case • Low cost of authentication and authorization. • Interoperability within AWS Services. • Secure communication with IoT Devices. • Managing secure tokens between user sessions. • Serverless application to achieve single-sign-on.
  7. 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Auth0 • AWS IAM • AWS Cognito federated identity • AWS Resources Tools & Components
  8. 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges: • Secured way of sharing the temporary credentials to front end. • Time expiry of temporary credentials from Cognito. • Attaching AWS Resource policies to the Authenticated identity. • Connecting MQTT to AWS IoT using temporary credentials based on RBAC.
  9. 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solutions • Auth0 connectivity with IAM • Adding Auth0 in IAM Identity provider using following params: • Client ID • Client secret • Identity provider URL
  10. 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solutions (Contd..) • Cognito Identity pool • Create federated identity which should be mapped with following params: • IAM Authenticated role • IAM Unauthenticated role • Identity provider in OpenID
  11. 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solutions (Contd..) • The session token and security key is passed to the front end using lambda. Using sigv4 and crypto libraries front end will connected to the AWS resources using temporary credentials. • The session token will get expired in a particular time period even the user in active mode. • To avoid that use the auto renewal token to get session token before it gets expired.
  12. 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions?
  13. 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you

×