Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Shoot Me a Token: OpenAM as an OAuth2 Provider


Published on

Presented by Victor Ake, OpenAM Product Manager and ForgeRock Co-Founder at ForgeRock Open Stack Identity Summit. June 2013

Learn more about ForgeRock Access Management:

Learn more about ForgeRock Identity Management:

Published in: Technology, Spiritual
  • Dating for everyone is here: ♥♥♥ ♥♥♥
    Are you sure you want to  Yes  No
    Your message goes here
  • Follow the link, new dating source: ❤❤❤ ❤❤❤
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi Victor, are the sample applications for the iPhone available for download somewhere?
    Are you sure you want to  Yes  No
    Your message goes here

Shoot Me a Token: OpenAM as an OAuth2 Provider

  1. 1. Open Identity SummitShoot me a TOKENOpenAM OAuth2 ProviderVíctor AkéProduct Manager for OpenAMForgeRock
  2. 2. Open Identity SummitNew Paradigm for the Modern Web!  Converged Cloud creates new identity challenges for the enterprise!  Mobile devices proliferate new granular identity dimension!  As Big Data volumes grow, identity within high value data subsetsvital!  Social moves the web identity experience from “anonymous” to“personal”Mobile Social Cloud Enterprise Things
  3. 3. Open Identity SummitForgeRock Open Identity Stack
  4. 4. Open Identity SummitThe Good, The Bad and The Ugly“You see, in this worldtheres two kinds ofAPIs, my friend:Those that arelightweight and thosethat make you dig”
  5. 5. Open Identity SummitOn-Premise vs Cloud/Social/MobileSOAPXMLRESTJSON
  6. 6. Open Identity SummitOAuth2, OpenID Connect, RESTREST EndpointsMobile Social Cloud Enterprise ThingsOpenAM CoreHTTP(s)JSONAuthN AuthZSessionValidationIdentityManagementOAuth2RealmMgmtOpenIDConnectLogging
  7. 7. Open Identity Summit
  8. 8. Open Identity SummitOAuth2!  Authorization protocol!  Grant access to third parties!  Parties do not share sensitive user information, i.e. nocredentials are shared!  Used to grant limited access during limited time to specificresources!  Developed by the IETF Working group
  9. 9. Open Identity SummitWho is using OAuth2
  10. 10. Open Identity SummitHow does it work!  Authorization Code Flow Grant!  Implicit flow Grant!  Resource Owner PasswordUse Case: For Web ApplicationsUse Case: For Mobile Applications!  Client Credentials Flow!  SAML2 Token InsertionUse Case: For Application to Application
  11. 11. Open Identity SummitAuthorization Code Flow23456ClientProviderProtectedResource17
  12. 12. Open Identity SummitResource Owner Password Flow3ClientProviderProtectedResource142
  13. 13. Open Identity SummitOAuth2 TokensAccess TokenREFRESH TokenUsed to access a protected resource.Obtained through one of the grant flowsLife time short (minutes, hours)Used to obtain a new access tokenObtained through one of the grant flowsLife time long (days, weeks, months)
  14. 14. Open Identity SummitWebAppNativeAppNativeAppWebAppLoginAppREST/OAuth2/OpenIDConnectAuthenticationAuthorizationAttribute DeliveryFederationSSOToken PersistenceSession MgmtOAuth2 ProviderOpenAMCloudEnterprise
  15. 15. Open Identity Summit“You see, in thisworld theres twokinds of APIs, myfriend: Those thatare lightweightand those thatmake you dig”Demo
  16. 16. Open Identity Summit2 Applications in the iPhoneSSO DemoObtains an OAuth2 Refresh and Access Token using theAuthorization Code Grant and then stores it locally in the iPhonekeyringAccess User Profile info with the Access TokenRefreshes the Access Token when it expires using the refresh tokenOauth2 DemoRetrieves the Access Token from the iPhone keyringAccess User Profile info with the Access Token
  17. 17. Open Identity Summit
  18. 18. Open Identity Summit
  19. 19. Open Identity Summit
  20. 20. Open Identity Summit
  21. 21. Q&A