Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AOEconf17: Single Sign On via an OpenID Provider

546 views

Published on

On his AOE conference talk, Sebastian Rose sketches the idea of an Identity and Access Management platform using single sign-on for services provided to employees and customers.

https://www.aoe.com

Published in: Software
  • Be the first to comment

AOEconf17: Single Sign On via an OpenID Provider

  1. 1. AOE Single Sign-On via an OpenID Provider
  2. 2. Disclaimer All characters and events depicted in this film are entirely fictitious. Any similarity to actual events or persons, living or dead, is purely coincidental. All uses of software products and configurations depicted in this presentation are entirely fictitious. Any similarity to actually used software products or existing configurations at AOE, now or in the past, is purely coincidental.
  3. 3. Services for all our needs
  4. 4. Authentication required User = john.doe User = jdoe
  5. 5. Motivation - Summary No Single Sign-On Users/Personal data sets are distributed Permissions are managed in a distributed way LDAP User/password is given to different services
  6. 6. Solution Trusted authority for identity based on standards
  7. 7. Solution - Standards </SAML> openid.net
  8. 8. Solution - Products …
  9. 9. Solution - Required steps UI Customizing Permissions Groups & Roles Operations General setup
  10. 10. Solution - Architecture OpenID Provider (Keycloak) LDAP
  11. 11. Solution - Architecture II OpenID Provider (Keycloak) Service A Service B Service C
  12. 12. Solution - Ready for Integration
  13. 13. Solution - Summary Single-Sign-On Users/Personal data sets only in one place, editable by the user Permissions are only in one place LDAP User/password is only handled by trusted identity provider
  14. 14. Demo
  15. 15. Solution - Summary (add-on) Existing software (products) problem: If there is some kind of integration as a client: roles and permissions are missing No problem being Authentication Provider; being Client is not a first class feature
  16. 16. Questions?

×