SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 14 day free trial to unlock unlimited reading.
1.
Open Identity Summit
Shoot me a TOKEN
OpenAM OAuth2 Provider
Víctor Aké
Product Manager for OpenAM
ForgeRock
2.
Open Identity Summit
New Paradigm for the Modern Web
! Converged Cloud creates new identity challenges for the enterprise
! Mobile devices proliferate new granular identity dimension
! As Big Data volumes grow, identity within high value data subsets
vital
! Social moves the web identity experience from “anonymous” to
“personal”
Mobile Social Cloud Enterprise Things
3.
Open Identity Summit
ForgeRock Open Identity Stack
4.
Open Identity Summit
The Good, The Bad and The Ugly
“You see, in this world
there's two kinds of
APIs, my friend:
Those that are
lightweight and those
that make you dig”
5.
Open Identity Summit
On-Premise vs Cloud/Social/Mobile
SOAP
XML
REST
JSON
6.
Open Identity Summit
OAuth2, OpenID Connect, REST
REST Endpoints
Mobile Social Cloud Enterprise Things
OpenAM Core
HTTP(s)
JSON
AuthN AuthZ
Session
Validation
Identity
Management
OAuth2
Realm
Mgmt
OpenID
Connect
Logging
8.
Open Identity Summit
OAuth2
! Authorization protocol
! Grant access to third parties
! Parties do not share sensitive user information, i.e. no
credentials are shared
! Used to grant limited access during limited time to specific
resources
! Developed by the IETF Working group
10.
Open Identity Summit
How does it work
! Authorization Code Flow Grant
! Implicit flow Grant
! Resource Owner Password
Use Case: For Web Applications
Use Case: For Mobile Applications
! Client Credentials Flow
! SAML2 Token Insertion
Use Case: For Application to Application
13.
Open Identity Summit
OAuth2 Tokens
Access Token
REFRESH Token
Used to access a protected resource.
Obtained through one of the grant flows
Life time short (minutes, hours)
Used to obtain a new access token
Obtained through one of the grant flows
Life time long (days, weeks, months)
14.
Open Identity Summit
Web
App
Native
App
Native
App
Web
App
Login
App
REST/OAuth2/OpenIDConnect
Authentication
Authorization
Attribute Delivery
Federation
SSO
Token Persistence
Session Mgmt
OAuth2 Provider
OpenAM
Cloud
Enterprise
15.
Open Identity Summit
“You see, in this
world there's two
kinds of APIs, my
friend: Those that
are lightweight
and those that
make you dig”
Demo
16.
Open Identity Summit
2 Applications in the iPhone
SSO Demo
Obtains an OAuth2 Refresh and Access Token using the
Authorization Code Grant and then stores it locally in the iPhone
keyring
Access User Profile info with the Access Token
Refreshes the Access Token when it expires using the refresh token
Oauth2 Demo
Retrieves the Access Token from the iPhone keyring
Access User Profile info with the Access Token