Submit Search
Upload
DAY_ONE_2017AM_SingleSignOn_II.ppsx
•
Download as PPSX, PDF
•
0 likes
•
2 views
K
KasaTiga
Follow
single sign on tutorial
Read less
Read more
Technology
Report
Share
Report
Share
1 of 20
Download now
Recommended
UserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
guestd5dde6
Presentation
Presentation
Laxman Kumar
Introduction to OAuth2.0
Introduction to OAuth2.0
Oracle Corporation
DIWD Concordia
DIWD Concordia
Paul Madsen
Integrating services with OAuth
Integrating services with OAuth
Luca Mearelli
Auth experience - vol 1.0
Auth experience - vol 1.0
Haggai Philip Zagury
What the Heck is OAuth and OpenID Connect - DOSUG 2018
What the Heck is OAuth and OpenID Connect - DOSUG 2018
Matt Raible
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
Nordic APIs
Recommended
UserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
guestd5dde6
Presentation
Presentation
Laxman Kumar
Introduction to OAuth2.0
Introduction to OAuth2.0
Oracle Corporation
DIWD Concordia
DIWD Concordia
Paul Madsen
Integrating services with OAuth
Integrating services with OAuth
Luca Mearelli
Auth experience - vol 1.0
Auth experience - vol 1.0
Haggai Philip Zagury
What the Heck is OAuth and OpenID Connect - DOSUG 2018
What the Heck is OAuth and OpenID Connect - DOSUG 2018
Matt Raible
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
Nordic APIs
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
aminmesbahi
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
CA API Management
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
Single-Page-Application & REST security
Single-Page-Application & REST security
Igor Bossenko
What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017
Matt Raible
Open Id, O Auth And Webservices
Open Id, O Auth And Webservices
Myles Eftos
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
Securing RESTful API
Securing RESTful API
Muhammad Zbeedat
APIs_ An Introduction.pptx
APIs_ An Introduction.pptx
AkashThorat25
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
CloudIDSummit
JHipster and Okta - JHipster Virtual Meetup December 2020
JHipster and Okta - JHipster Virtual Meetup December 2020
Matt Raible
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Vinay Manglani
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CloudIDSummit
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
rlsoft
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
APIsecure_ Official
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
Hitachi, Ltd. OSS Solution Center.
Web Application Technologies
Web Application Technologies
Sehan Lee
OAuth2
OAuth2
SPARK MEDIA
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
More Related Content
Similar to DAY_ONE_2017AM_SingleSignOn_II.ppsx
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
aminmesbahi
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
CA API Management
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
Single-Page-Application & REST security
Single-Page-Application & REST security
Igor Bossenko
What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017
Matt Raible
Open Id, O Auth And Webservices
Open Id, O Auth And Webservices
Myles Eftos
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
Securing RESTful API
Securing RESTful API
Muhammad Zbeedat
APIs_ An Introduction.pptx
APIs_ An Introduction.pptx
AkashThorat25
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
CloudIDSummit
JHipster and Okta - JHipster Virtual Meetup December 2020
JHipster and Okta - JHipster Virtual Meetup December 2020
Matt Raible
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Vinay Manglani
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CloudIDSummit
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
rlsoft
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
APIsecure_ Official
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
Hitachi, Ltd. OSS Solution Center.
Web Application Technologies
Web Application Technologies
Sehan Lee
OAuth2
OAuth2
SPARK MEDIA
Similar to DAY_ONE_2017AM_SingleSignOn_II.ppsx
(20)
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
Single-Page-Application & REST security
Single-Page-Application & REST security
What the Heck is OAuth and OpenID Connect - RWX 2017
What the Heck is OAuth and OpenID Connect - RWX 2017
Open Id, O Auth And Webservices
Open Id, O Auth And Webservices
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
Securing RESTful API
Securing RESTful API
APIs_ An Introduction.pptx
APIs_ An Introduction.pptx
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
JHipster and Okta - JHipster Virtual Meetup December 2020
JHipster and Okta - JHipster Virtual Meetup December 2020
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
Web Application Technologies
Web Application Technologies
OAuth2
OAuth2
Recently uploaded
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
V3cube
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Recently uploaded
(20)
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
DAY_ONE_2017AM_SingleSignOn_II.ppsx
1.
S S O
T E C H N O L O G I E S & T H E S I F 3 I N F R AS T R U C T U R E Addressing the Beast: Single Sign-On II © Access 4 Learning (A4L) Community
2.
What do we
want? SSO – When using other Single or Same Sign On technologies the chosen standard must be followed. If you would like to include an indicator for the SSO standard of your choice, please submit it (along with justification as to why it is the appropriate indicator) so it may be included in the specification. Additionally providing a guidance document for others on how to consistent use the chosen SSO solution is desirable. © Access 4 Learning (A4L) Community
3.
What do we
have? © Access 4 Learning (A4L) Community OAuth 2.0 Password Grant Bearer Token
4.
How does it
work? © Access 4 Learning (A4L) Community POST: Credentials to one URL. 200: Authentication Token + GET*: Request to another URL with Bearer Token 200: Data • Other operations supported.
5.
OAuth 2.0 Service Provider User with Device Identity Provider Request Unauthenticated Request
/w Token Data
6.
How does it
work? © Access 4 Learning (A4L) Community Token creation. Password Grant Username Password Client Secret
7.
© Access 4
Learning (A4L) Community
8.
How does it
work? © Access 4 Learning (A4L) Community We get a JSON payload in response. It must include the token and type. We must keep the token to reuse for access. The type must be bearer. Note: When leveraging OAuth 2.0 the proper capitalization when providing a token in either an Authorization header or authenticationMethod query parameter is “Bearer.” However when returned as the token_type (by the OAuth 2.0 server) it MUST be treated as case insensitive and will often be all lower case.
9.
© Access 4
Learning (A4L) Community
10.
How does it
work? © Access 4 Learning (A4L) Community Now the token is used verbatim. It can go in one of two places. The Authorization header with a Bearer qualifier (preferred). The access_token query parameter (more likely to be logged). Note: Production applications should be prepared for token expiration.
11.
© Access 4
Learning (A4L) Community
12.
How does it
work? © Access 4 Learning (A4L) Community Now we get the Response. Hopefully data. Could be an error*. * Cannot count on getting a SIF 3 error in the HTTP body.
13.
How does it
work? © Access 4 Learning (A4L) Community
14.
© Access 4
Learning (A4L) Community
15.
What is missing? ©
Access 4 Learning (A4L) Community Mechanism to confirm supplied token. It is not A4L, it is missing from OAuth 2.0.
16.
Trusted 3rd Party Service Provider User
with Device Identity Provider Request Unauthenticated Request /w Token Data
17.
How will we
fill the gap? © Access 4 Learning (A4L) Community Open ID Connect http://openid.net/connect/ Google Does It https://developers.google.com/identity/protocols/OpenIDConn ect
18.
What is next? ©
Access 4 Learning (A4L) Community SAML (Shibboleth) OpenID Connect (OAuth+) SSL/TLS (Certificate Authority) Kerberos (Active Directory)
19.
How can you
help? © Access 4 Learning (A4L) Community Help lead the Identity Management Group. Share your expertise within the group. Contribute your preferences and priorities.
20.
Contact Information: John
W. Lovell jlovell@a4l.org
Download now