SlideShare a Scribd company logo
1 of 42
Download to read offline
@SFLinux
@clementoudot
The wonderful story of Web
Authentication and Single Sign On
2
@SFLinux
@clementoudot
● Founded in 1999
● >100 persons
● Montréal, Quebec City, Toronto, Paris
● ISO 9001:2004 / ISO 14001:2008
● contact@savoirfairelinux.com
Clément OUDOT
@clementoudot
http://sflx.ca/coudot
3
@SFLinux
@clementoudot
What is Single Sing On?
4
@SFLinux
@clementoudot
Single Sign On
Singing a Song
5
@SFLinux
@clementoudot
Imagine SSOng
Imagine there are no passwords
Or maybe just only one
A single secured form
To access our applications
Imagine all the users
Loving security
Imagine applications
No more storing passwords
Relying on a token
Even for authorizations
Imagine all developers
Loving security
Imagine some protocols
Made by clever people
CAS, OpenID or SAML
Even WS Federation
Imagine authentication
Interoperability
You may say
I'm a hacker
But I'm not the only one
I hope one day
You will log in
Using the Single Sign On
© John Lennon
6
@SFLinux
@clementoudot
Authentication on the web
7
@SFLinux
@clementoudot
The HTTP protocol
● 1989: first versions of HTTP, not documented
● 1991: HTTP/0.9
● 1996: HTTP/1.0
● 1997: HTTP/1.1 (updated in 1999)
● 2015: HTTP/2
8
@SFLinux
@clementoudot
Basic authentication
Base64(coudot:secret)
GET /index.html HTTP/1.1
Host: www.example.com
GET /index.html HTTP/1.1
Host: www.example.com
Authorization: Basic Y291ZG90OnNlY3JldA==
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="EXAMPLE"
9
@SFLinux
@clementoudot
Digest authentication
GET /index.html HTTP/1.1
Host: www.example.com
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest realm="EXAMPLE",
qop="auth,auth-int",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
10
@SFLinux
@clementoudot
Digest authentication
GET /index.html HTTP/1.1
Host: www.example.com
Authorization: Digest username="coudot",
realm="EXAMPLE",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="/index.html",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="d2156c87fd5a1d75d23106edeecb232d",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
11
@SFLinux
@clementoudot
Digest authentication
HA1 = MD5( "coudot:EXAMPLE:secret" )
= 8d1a89700d53c9383402f0ac3b24eff9
HA2 = MD5( "GET:/index.html" )
= 5f751b15eae8c79635edae8bf3b92354
Response = MD5( "8d1a89700d53c9383402f0ac3b24eff9:
dcd98b7102dd2f0e8b11d0f600bfb0c093:
00000001:0a4f113b:auth:
5f751b15eae8c79635edae8bf3b92354" )
= d2156c87fd5a1d75d23106edeecb232d
12
@SFLinux
@clementoudot
Cookies
GET /index.html HTTP/1.1
Host: www.example.com
GET /index.html HTTP/1.1
Host: www.example.com
Cookie: name=value
HTTP/1.1 200 OK
Set-cookie: name=value
13
@SFLinux
@clementoudot
Cookies
● Maximal size: 4 ko
● Expiration :
– Session cookie: when browser is closed
– Persistent cookie: at a specific date
●
Path and domain: scope of the cookie
● Flags:
– Secure: only sent over HTTPS
– HttpOnly: not readable by Javascript
14
@SFLinux
@clementoudot
Web Application Authentication portal
First access
Redirection for
authentication
Token
generation
Token
sent
Token validation
Access to identity
Authentication service
15
@SFLinux
@clementoudot
Single Sign On Protocols
16
@SFLinux
@clementoudot
CoSign
● Created by University of
Michigan
● Relies on cookies with
back-link verifications
● http://weblogin.org/
17
@SFLinux
@clementoudot
Pubcookie
● Created by University of
Washington
● Relies on cookies
(granting cookie and login
cookie) with signatures
● http://www.pubcookie.org
18
@SFLinux
@clementoudot
Webauth
● Created by University of Stanford
● Relies on cookies/token
● Authentication portal is called WebKDC
● XML messages between applications and WebKDC
● http://webauth.stanford.edu/
19
@SFLinux
@clementoudot
CAH
● Created by University of
Minnesota in 1998
● Central Authentication
Hub
● https://it.umn.edu/about-
central-authentication-hu
b
20
@SFLinux
@clementoudot
CAS
● Created by University of Yale
● Central Authentication Service
● Proxy mode since v2.0
● Attributes sharing since v3.0
● https://www.apereo.org/projects/cas
21
@SFLinux
@clementoudot
CAS client CAS client
First access
Redirection for
authentication
Service
Ticket
Service
Ticket
Service ticket validation
Access to identity
22
@SFLinux
@clementoudot
First step
● From client to server, trough browser:
https://auth.example.com/cas/login?
service=http://appli.example.com/
● From server to client, trough browser:
http://appli.example.com/?ticket=ST-
6096f5d3ddb33df6fd79529e2d626a6d
23
@SFLinux
@clementoudot
Second step
● From client to server, direct link:
https://auth.example.com/cas/serviceValidate?
service=http://appli.example.com/&ticket=ST-
6096f5d3ddb33df6fd79529e2d626a6d
● From server to client, direct link:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>coudot</cas:user>
</cas:authenticationSuccess>
</cas:serviceResponse> 
24
@SFLinux
@clementoudot
WebID
● FOAF + SSL
● Made by W3C
● Uses client
certificates
● https://www.w3.o
rg/wiki/WebID
25
@SFLinux
@clementoudot
BrowserID
● Created by Mozilla in 2011
● Presented at RMLL in 2013
● Abandoned in 2014
● Uses email as principal
identity
● https://developer.mozilla.o
rg/en-US/Persona
26
@SFLinux
@clementoudot
SAML
● Created by OASIS organization
● Security Assertion Markup Language
● Version 1.0 in 2002
● Version 1.1 in 2003
● Version 2.0 in 2005 merging SAML, Shibboleth and ID-FF
(Liberty Alliance)
27
@SFLinux
@clementoudot
Service Provider (SP) Identity Provider (IDP)
First access
IDP choice
Authentication
request
Authentication
response
Authentication
response
Signature verification
Read assertion
28
@SFLinux
@clementoudot
SAML Authn Request
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="ONELOGIN_809707f0030a5d00620c9d9df97f627afe9dcc24" Version="2.0" ProviderName="SP test"
IssueInstant="2014-07-16T23:52:45Z" Destination="http://idp.example.com/SSOService.php"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="http://sp.example.com/demo1/index.php?acs">
<saml:Issuer>http://sp.example.com/demo1/metadata.php</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
AllowCreate="true"/>
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:Auth
nContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
29
@SFLinux
@clementoudot
SAML Authn Response
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" Version="2.0" IssueInstant="2014-
07-17T01:01:48Z" Destination="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685">
<saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_d71a3a8e9fcc45c9e9d248ef7049393fc8f04e5f75" Version="2.0" IssueInstant="2014-
07-17T01:01:48Z">
<saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
<saml:Subject>
<saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" Recipient="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-07-17T01:01:18Z" NotOnOrAfter="2024-01-18T06:21:48Z">
<saml:AudienceRestriction>
<saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" SessionNotOnOrAfter="2024-07-17T09:01:48Z" SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
30
@SFLinux
@clementoudot
WS-*
● WS-Security: extension to SOAP to secure Web Services,
publshed by OASIS
● WS-Trust/WS-Federation: developed by companies
(including IBM, BEA, Microsoft) and standardized by
OASIS in 2007
● STS: Secure Token Service
31
@SFLinux
@clementoudot
SAML 1.0
WS-*
ID-FF 1.2
ID-WSF 1.2
Shibboleth 1
SAML 2.0
ID-WSF 2.0
32
@SFLinux
@clementoudot
● Created in may 2005
● First known as Yadis (Yet another distributed identity
system)
● Version 2.0 in 2006 introducing attributes exchange
● Uses URL as identifier
● Abandoned in 2014
33
@SFLinux
@clementoudot
OpenID 1.0 OpenID 2.0 OpenID Connect
34
@SFLinux
@clementoudot
OpenID Connect
● Created in 2014
● Presented at RMLL in 2015
● Based on OAuth 2.0, REST, JSON, JWT, JOSE
● Adapted to web browser and native mobile applications
● Attributes sharing trough UserInfo endpoint
35
@SFLinux
@clementoudot
Relying Party (RP) OpenID Provider (OP)
First access
OP choice
Authentication
request
JWT
JWT
Signature verification
Read JWT
Get UserInfo
36
@SFLinux
@clementoudot
RPRP OPOP
http://auth.example.com/oauth2.pl?
openidconnectcallback=1;
code=f6267efe92d0fc39bf2761c29de44286;
state=ABCDEFGHIJKLMNOPQRSTUVWXXZ
37
@SFLinux
@clementoudot
RPRP OPOP
POST /oauth2/token HTTP/1.1
Host: auth.example.com
Authorization: Basic xxxx
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&code=f6267efe92d0fc39bf2761c29de44286
&redirect_uri=http%3A%2F%2Fauth.example.com
%2Foauth2.pl%3Fopenidconnectcallback%3D1
38
@SFLinux
@clementoudot
RPRP OPOP
{"id_token" :"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ
9.eyJhY3IiOiJsb2EtMiIsImF1dGhfdGltZSI6MTQzMjEx
MzU5MywiaWF0IjoxNDMyMTEzOTY2LCJhdF9oYXNo
IjoiOWF4enNOaTlwTkRrNXpXZWZLc002QSIsImlzcy
I6Imh0dHA6Ly9hdXRoLmV4YW1wbGUuY29tLyIsIm
V4cCI6IjM2MDAiLCJhenAiOiJsZW1vbmxkYXAiLCJub
25jZSI6IjEyMzQ1Njc4OTAiLCJzdWIiOiJjb3Vkb3RAbG
luYWdvcmEuY29tIiwiYXVkIjpbImxlbW9ubGRhcCJdf
Q==.daYGlzIr37dC1R0biIwdvQLM1LlCMsBFFcEufe
MZtXsZvCiiAm-1LFJwJJJDHFOhd-
WQnc9_GvtP3gTabXB8U4gQ2IW-
bPNLUsjT24njmBPYunHy8YTQ5PV-
QnQI5EK5WrrTS04AF86U5Qu6m3b27yWKFXkIuGI7
EUvvByv8L1Anh1gPG3il5cEOnMFHIUzAaC6PkJiy1sj
SBM53nLRAf9NQ6eux4iCVBIRwl26CCgmRTsTRy-
iTxB3bf0LrILohUlAR_-
HPWGseaIAMvqUpGeaovgGDPt4Zip9KERo7368ykg
Qc09VFlLvZIwyMTWQdVBIYdW0oY6eI9ZHjofn0mg"
, "expires_in" : "3600","access_token" :
"512cdb7b97e073d0656ac9684cc715fe",
"token_type" : "Bearer"}
39
@SFLinux
@clementoudot
{
"acr": "loa-2",
"auth_time": 1432113593,
"iat": 1432113966,
"at_hash": "9axzsNi9pNDk5zWefKsM6A",
"iss": "http://auth.example.com/",
"exp": "3600",
"azp": "lemonldap",
"nonce": "1234567890",
"sub": "clement@oudot.me",
"aud": [
"lemonldap"
]
}
ID Token payload
40
@SFLinux
@clementoudot
RPRP OPOP
POST /oauth2/userinfo HTTP/1.1
Host: auth.example.com
Authorization: Bearer 512cdb7b97e073d0656ac9684cc715fe
Content-Type: application/x-www-form-urlencoded
41
@SFLinux
@clementoudot
RPRP OPOP
{
"name": "Clément OUDOT",
"email": "clement@oudot.me",
"sub": "clement@oudot.me"
}
42
@SFLinux
@clementoudot
Thanks for your attention
Blog : http://slfx.ca/coudot
Twitter : @clementoudot

More Related Content

What's hot

What's hot (9)

Exploration note - none windows based authentication for WCF
Exploration note - none windows based authentication for WCFExploration note - none windows based authentication for WCF
Exploration note - none windows based authentication for WCF
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
 
Saml v2-OpenAM
Saml v2-OpenAMSaml v2-OpenAM
Saml v2-OpenAM
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorization
 
Accessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) webAccessing APIs using OAuth on the federated (WordPress) web
Accessing APIs using OAuth on the federated (WordPress) web
 
Authenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity ServerAuthenticator and provisioning connector in wso2 Identity Server
Authenticator and provisioning connector in wso2 Identity Server
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound Authenticator
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 

Viewers also liked

Matinée Pour Comprendre LinID - Retour d'expérience de l'AFNIC
Matinée Pour Comprendre LinID - Retour d'expérience de l'AFNICMatinée Pour Comprendre LinID - Retour d'expérience de l'AFNIC
Matinée Pour Comprendre LinID - Retour d'expérience de l'AFNIC
Clément OUDOT
 
Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...
Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...
Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...
Clément OUDOT
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorization
Alexandru Pasaila
 
Web authentication
Web authenticationWeb authentication
Web authentication
Pradeep J V
 
Matinée Pour Comprendre LinID - Mise en place de la fédération des identités...
Matinée Pour Comprendre LinID -  Mise en place de la fédération des identités...Matinée Pour Comprendre LinID -  Mise en place de la fédération des identités...
Matinée Pour Comprendre LinID - Mise en place de la fédération des identités...
Clément OUDOT
 
JDLL 2014 - Introduction aux annuaires LDAP
JDLL 2014 - Introduction aux annuaires LDAPJDLL 2014 - Introduction aux annuaires LDAP
JDLL 2014 - Introduction aux annuaires LDAP
Clément OUDOT
 

Viewers also liked (20)

[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect
 
The guide of Security Jerk
The guide of Security JerkThe guide of Security Jerk
The guide of Security Jerk
 
Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016
 
Le Guide du Connard du Logiciel Libre
Le Guide du Connard du Logiciel LibreLe Guide du Connard du Logiciel Libre
Le Guide du Connard du Logiciel Libre
 
KR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideKR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard Guide
 
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGS2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
 
Matinée Pour Comprendre LinID - Retour d'expérience de l'AFNIC
Matinée Pour Comprendre LinID - Retour d'expérience de l'AFNICMatinée Pour Comprendre LinID - Retour d'expérience de l'AFNIC
Matinée Pour Comprendre LinID - Retour d'expérience de l'AFNIC
 
Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...
Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...
Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...
 
RMLL 2014 - Site statique avec Templer, Bootstrap et Git
RMLL 2014 - Site statique avec Templer, Bootstrap et GitRMLL 2014 - Site statique avec Templer, Bootstrap et Git
RMLL 2014 - Site statique avec Templer, Bootstrap et Git
 
RMLL 2014 - LDAP Synchronization Connector
RMLL 2014 - LDAP Synchronization ConnectorRMLL 2014 - LDAP Synchronization Connector
RMLL 2014 - LDAP Synchronization Connector
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorization
 
Web authentication
Web authenticationWeb authentication
Web authentication
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 
Analyse OpenLDAP logs with ELK
Analyse OpenLDAP logs with ELKAnalyse OpenLDAP logs with ELK
Analyse OpenLDAP logs with ELK
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
 
Matinée Pour Comprendre LinID - Mise en place de la fédération des identités...
Matinée Pour Comprendre LinID -  Mise en place de la fédération des identités...Matinée Pour Comprendre LinID -  Mise en place de la fédération des identités...
Matinée Pour Comprendre LinID - Mise en place de la fédération des identités...
 
RMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyRMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policy
 
JDLL 2014 - Introduction aux annuaires LDAP
JDLL 2014 - Introduction aux annuaires LDAPJDLL 2014 - Introduction aux annuaires LDAP
JDLL 2014 - Introduction aux annuaires LDAP
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SET
 
Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011
 

Similar to The wonderful story of Web Authentication and Single-Sign On

WSO2 Identity Server
WSO2 Identity Server WSO2 Identity Server
WSO2 Identity Server
WSO2
 
Defcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityDefcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-security
Priyanka Aash
 
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSOOpen Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
elliando dias
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
WSO2
 

Similar to The wonderful story of Web Authentication and Single-Sign On (20)

OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
 
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
 
WSO2 Identity Server
WSO2 Identity Server WSO2 Identity Server
WSO2 Identity Server
 
Authenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 isAuthenticator and provisioning connector in wso2 is
Authenticator and provisioning connector in wso2 is
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleRMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?
 
PyConWeb - 2019 Auditing websites & apps for privacy leaks.
PyConWeb - 2019 Auditing websites & apps for privacy leaks.PyConWeb - 2019 Auditing websites & apps for privacy leaks.
PyConWeb - 2019 Auditing websites & apps for privacy leaks.
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
 
Defcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityDefcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-security
 
Lecture 20101124
Lecture 20101124Lecture 20101124
Lecture 20101124
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
Open Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSOOpen Source Identity Integration with OpenSSO
Open Source Identity Integration with OpenSSO
 
Implementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking SiteImplementing OpenID for Your Social Networking Site
Implementing OpenID for Your Social Networking Site
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
 
6 - Web Application Security.pptx
6 - Web Application Security.pptx6 - Web Application Security.pptx
6 - Web Application Security.pptx
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
Introduction to Kubernetes Security
Introduction to Kubernetes SecurityIntroduction to Kubernetes Security
Introduction to Kubernetes Security
 
Introduction To Open Web Protocols
Introduction To Open Web ProtocolsIntroduction To Open Web Protocols
Introduction To Open Web Protocols
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 

More from Clément OUDOT

More from Clément OUDOT (11)

[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project
 
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
 
[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre
 
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités ![OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
 
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
 
[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre
 
[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017
 
[RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités ![RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités !
 
[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG
 
[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre
 

Recently uploaded

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 

Recently uploaded (20)

Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 

The wonderful story of Web Authentication and Single-Sign On