Human Information
Identity Management
Identity Solution Architects
Case Study: Utilizing OpenIDM
with an External AJAX Int...
Introduction
Nulli
oForgeRock Strategic Partner
oOpenSource Contributors
oIAM Specialists since 1997
oHQ in Calgary, AB, C...
Whitepaper
Consumer facing trend
Available for download nulli.com blog
Authored by Hadi Ahmadi / Sandeep
Chaturvedi
Based ...
CREST (Commons REST)
Common REST API between
products:
oOpenIdM
oOpenDJ
oOpenAM
Implementing CREST
Which API?
oOverlap of functionality
oStrong points
Security?
oInternet-facing?
Middle Tier?
oRequired?...
Which API?
Overlap Example
Create User
• OpenAM
»../json/users/?_action=regi
ster
• OpenIdM
»../managed/user/
• OpenDJ
»....
Which API?
CREST
API
Registration
ProvisionLDAP
Provision
(Multiple
Password
PasswordReset
OTP
Auth’n&
Customizable
Workfl...
Which API? - Summary
OpenIdM
oWorkflow
oMultiple Data Stores
oMost Flexible
OpenAM
oAuthentication/Authorization
OpenDJ
oM...
Security?
Reverse Proxy/Secure Gateway
o Reduce ‘Attack’ Surface
o Control generalized API patterns
POST ../?action=somet...
Middle Tier?
Business Logic
oMultiple calls behind
Token authentication
DMZ presence
Anonymous links from emails
Host non-...
Gotchas
OpenIdM (Jetty) Protected by
OpenAM
oCan’t use OOTB Anonymous user
Returning detailed user status from
OpenAM Auth...
Architecture
P
C
Robert Jackson
Identity Architect
rjackson@nulli.com
(403) 869-3313
(403) 648-0909
Questions?
Upcoming SlideShare
Loading in …5
×

Case Study: Utilizing OpenIDM with an External AJAX Interface

2,597 views

Published on

Breakout Session presented by Rob Jackson, Identity Solutions Architect at Nulli at the 2014 IRM Summit in Phoenix, Arizona

Published in: Software, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,597
On SlideShare
0
From Embeds
0
Number of Embeds
1,335
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Case Study: Utilizing OpenIDM with an External AJAX Interface

  1. 1. Human Information Identity Management Identity Solution Architects Case Study: Utilizing OpenIDM with an External AJAX Interface 6/4/2014
  2. 2. Introduction Nulli oForgeRock Strategic Partner oOpenSource Contributors oIAM Specialists since 1997 oHQ in Calgary, AB, Canada Servicing North America
  3. 3. Whitepaper Consumer facing trend Available for download nulli.com blog Authored by Hadi Ahmadi / Sandeep Chaturvedi Based on current Customer o Requirements  IDP for public sector applications  Registration/verification  Self-service user functions o Detailed design was already complete o Interested in lightweight AJAX UI with REST API (Internet-facing)
  4. 4. CREST (Commons REST) Common REST API between products: oOpenIdM oOpenDJ oOpenAM
  5. 5. Implementing CREST Which API? oOverlap of functionality oStrong points Security? oInternet-facing? Middle Tier? oRequired? Gotchas
  6. 6. Which API? Overlap Example Create User • OpenAM »../json/users/?_action=regi ster • OpenIdM »../managed/user/ • OpenDJ »../users/newuser
  7. 7. Which API? CREST API Registration ProvisionLDAP Provision (Multiple Password PasswordReset OTP Auth’n& Customizable Workflow Policy/Validati Configuration SelfService Data Federation OpenAM X X X X X X X X X OpenIdM X X X X X X X X X X X OpenDJ X X X X
  8. 8. Which API? - Summary OpenIdM oWorkflow oMultiple Data Stores oMost Flexible OpenAM oAuthentication/Authorization OpenDJ oMore System->System
  9. 9. Security? Reverse Proxy/Secure Gateway o Reduce ‘Attack’ Surface o Control generalized API patterns POST ../?action=something API Policies (OpenIdM) Authenticated vs Anonymous o Token/UID+PWD o OpenIdM protected by OpenAM XSS/CORS JSON Sanitization (embedded scripts, etc)
  10. 10. Middle Tier? Business Logic oMultiple calls behind Token authentication DMZ presence Anonymous links from emails Host non-identity contents oCountry/city lists, etc oLanding pages/UI host CAPTCHA
  11. 11. Gotchas OpenIdM (Jetty) Protected by OpenAM oCan’t use OOTB Anonymous user Returning detailed user status from OpenAM Authentication REST API (Active/Inactive) oMultiple calls oAuthentication plugin? Functionality in OpenAM not as flexible oOpenIdM custom end points
  12. 12. Architecture
  13. 13. P C Robert Jackson Identity Architect rjackson@nulli.com (403) 869-3313 (403) 648-0909 Questions?

×