Successfully reported this slideshow.

Shoot Me a Token: OpenAM as an OAuth2 Provider

7

Share

Upcoming SlideShare
Federation in Practice
Federation in Practice
Loading in …3
×
1 of 21
1 of 21

Shoot Me a Token: OpenAM as an OAuth2 Provider

7

Share

Download to read offline

Presented by Victor Ake, OpenAM Product Manager and ForgeRock Co-Founder at ForgeRock Open Stack Identity Summit. June 2013

Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/

Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/

Presented by Victor Ake, OpenAM Product Manager and ForgeRock Co-Founder at ForgeRock Open Stack Identity Summit. June 2013

Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/

Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/

More Related Content

More from ForgeRock

Related Books

Free with a 14 day trial from Scribd

See all

Related Audiobooks

Free with a 14 day trial from Scribd

See all

Shoot Me a Token: OpenAM as an OAuth2 Provider

  1. 1. Open Identity Summit Shoot me a TOKEN OpenAM OAuth2 Provider Víctor Aké Product Manager for OpenAM ForgeRock
  2. 2. Open Identity Summit New Paradigm for the Modern Web !  Converged Cloud creates new identity challenges for the enterprise !  Mobile devices proliferate new granular identity dimension !  As Big Data volumes grow, identity within high value data subsets vital !  Social moves the web identity experience from “anonymous” to “personal” Mobile Social Cloud Enterprise Things
  3. 3. Open Identity Summit ForgeRock Open Identity Stack
  4. 4. Open Identity Summit The Good, The Bad and The Ugly “You see, in this world there's two kinds of APIs, my friend: Those that are lightweight and those that make you dig”
  5. 5. Open Identity Summit On-Premise vs Cloud/Social/Mobile SOAP XML REST JSON
  6. 6. Open Identity Summit OAuth2, OpenID Connect, REST REST Endpoints Mobile Social Cloud Enterprise Things OpenAM Core HTTP(s) JSON AuthN AuthZ Session Validation Identity Management OAuth2 Realm Mgmt OpenID Connect Logging
  7. 7. Open Identity Summit
  8. 8. Open Identity Summit OAuth2 !  Authorization protocol !  Grant access to third parties !  Parties do not share sensitive user information, i.e. no credentials are shared !  Used to grant limited access during limited time to specific resources !  Developed by the IETF Working group
  9. 9. Open Identity Summit Who is using OAuth2
  10. 10. Open Identity Summit How does it work !  Authorization Code Flow Grant !  Implicit flow Grant !  Resource Owner Password Use Case: For Web Applications Use Case: For Mobile Applications !  Client Credentials Flow !  SAML2 Token Insertion Use Case: For Application to Application
  11. 11. Open Identity Summit Authorization Code Flow 2 3 4 5 6 Client Provider Protected Resource 1 7
  12. 12. Open Identity Summit Resource Owner Password Flow 3 Client Provider Protected Resource 1 4 2
  13. 13. Open Identity Summit OAuth2 Tokens Access Token REFRESH Token Used to access a protected resource. Obtained through one of the grant flows Life time short (minutes, hours) Used to obtain a new access token Obtained through one of the grant flows Life time long (days, weeks, months)
  14. 14. Open Identity Summit Web App Native App Native App Web App Login App REST/OAuth2/OpenIDConnect Authentication Authorization Attribute Delivery Federation SSO Token Persistence Session Mgmt OAuth2 Provider OpenAM Cloud Enterprise
  15. 15. Open Identity Summit “You see, in this world there's two kinds of APIs, my friend: Those that are lightweight and those that make you dig” Demo
  16. 16. Open Identity Summit 2 Applications in the iPhone SSO Demo Obtains an OAuth2 Refresh and Access Token using the Authorization Code Grant and then stores it locally in the iPhone keyring Access User Profile info with the Access Token Refreshes the Access Token when it expires using the refresh token Oauth2 Demo Retrieves the Access Token from the iPhone keyring Access User Profile info with the Access Token
  17. 17. Open Identity Summit
  18. 18. Open Identity Summit
  19. 19. Open Identity Summit
  20. 20. Open Identity Summit
  21. 21. Q&A

×