Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Single Sign On with OAuth and OpenID
Jérôme Gasperi
WGISS-36
ESA/ESRIN - Frascati, Italy - September 19th, 2013
OpenID is an open standard for authentication.
Model is based on confidence links between Service
Providers and Authenticat...
OAuth is an open standard for authorization.
It provides a method for clients to access server
resources on behalf of a re...
OAuth is an open standard for authorization.
It provides a method for clients to access server
resources on behalf of a re...
Experiment

Filter access to Kalideos (i.e. SPOT) data
through a secured WMS server using OpenID
Connect (i.e. OpenID over...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Sen...
OpenID Connect planned to be used in Theia
(i.e. French Land Surface Thematic Center)
Single Sign On with OAuth and OpenID
Upcoming SlideShare
Loading in …5
×

Single Sign On with OAuth and OpenID

5,003 views

Published on

CEOS WGISS 36 - Frascati, Italy - 2013.09.19

Single Sign On with OAuth and OpenID used for Kalideos project and to be used within the French Land Surface Thematic Center

Published in: Technology

Single Sign On with OAuth and OpenID

  1. 1. Single Sign On with OAuth and OpenID Jérôme Gasperi WGISS-36 ESA/ESRIN - Frascati, Italy - September 19th, 2013
  2. 2. OpenID is an open standard for authentication. Model is based on confidence links between Service Providers and Authentication Providers (i.e. OpenID providers) to achieve Single Sign On authentication
  3. 3. OAuth is an open standard for authorization. It provides a method for clients to access server resources on behalf of a resource owner
  4. 4. OAuth is an open standard for authorization. It provides a method for clients to access server resources on behalf of a resource owner etc...
  5. 5. Experiment Filter access to Kalideos (i.e. SPOT) data through a secured WMS server using OpenID Connect (i.e. OpenID over OAuth)
  6. 6. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  7. 7. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  8. 8. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  9. 9. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  10. 10. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  11. 11. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  12. 12. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  13. 13. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  14. 14. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  15. 15. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  16. 16. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  17. 17. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  18. 18. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  19. 19. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  20. 20. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  21. 21. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  22. 22. OpenID Connect planned to be used in Theia (i.e. French Land Surface Thematic Center)

×