Successfully reported this slideshow.
Your SlideShare is downloading. ×

Auth experience - vol 1.0

Jul. 11, 2021
0 likes 340 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony Financial
Loading in …3
×

Check these out next

Presentation
Laxman Kumar
Developing custom claim providers to enable authorization in share point an...
AntonioMaio2
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CloudIDSummit
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
Single Sign On with OAuth and OpenID
Gasperi Jerome
Claim based authentaication
Sean Xiong
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2
Integrando Azure AD B2C con Xamarin.Forms
César Jesús Angulo Gasco
1 of 35 Ad

Auth experience - vol 1.0

Jul. 11, 2021
0 likes 340 views

Download to read offline

Technology

Authentiaction & Autorization flows

Authentiaction & Autorization flows

Technology
Advertisement

Recommended

Cloud Native Journey in Synchrony Financial
VMware Tanzu
1.5k views
11 slides
Stateless Auth using OAUTH2 & JWT
Mobiliya
959 views
73 slides
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
Salesforce Developers
12.1k views
41 slides
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
15.2k views
202 slides
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
AntonioMaio2
3.1k views
32 slides
CIS14: OAuth and OpenID Connect in Action
CloudIDSummit
611 views
31 slides
Understanding Claim based Authentication
Mohammad Yousri
5.5k views
20 slides
End-to-End Identity Management
WSO2
926 views
35 slides
Advertisement

More Related Content

Slideshows for you (20)

Presentation
Laxman Kumar
1.9k views
Developing custom claim providers to enable authorization in share point an...
AntonioMaio2
12.9k views
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CloudIDSummit
1.1k views
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
22.6k views
Single Sign On with OAuth and OpenID
Gasperi Jerome
5.2k views
Claim based authentaication
Sean Xiong
459 views
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2
3.1k views
Integrando Azure AD B2C con Xamarin.Forms
César Jesús Angulo Gasco
239 views
Creating a Sign On with Open id connect
Derek Binkley
1.4k views
SharePoint Access Control and Claims Based Authentication
Jonathan Schultz
2k views
SSO Strategy Implementation Considerations
John Bauer
4.6k views
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
215 views
OpenID Connect: An Overview
Pat Patterson
13.1k views
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
Xamarin
3.3k views
Authentication through Claims-Based Authentication
ijtsrd
43 views
Deciphering 'Claims-based Identity'
Oliver Pfaff
1.1k views
OpenID Connect vs. OpenID 1 & 2
Mike Schwartz
10.3k views
O auth2 with angular js
Bixlabs
420 views
Understanding OpenID
Prabath Siriwardena
11.8k views
Claims Based Authentication A Beginners Guide
Phuong Nguyen
3.7k views
Presentation
Laxman Kumar
1.9k views
27 slides
Developing custom claim providers to enable authorization in share point an...
AntonioMaio2
12.9k views
42 slides
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CloudIDSummit
1.1k views
19 slides
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
22.6k views
30 slides
Single Sign On with OAuth and OpenID
Gasperi Jerome
5.2k views
23 slides
Claim based authentaication
Sean Xiong
459 views
10 slides

Similar to Auth experience - vol 1.0 (20)

Stateless Auth using OAuth2 & JWT
Gaurav Roy
11.4k views
OAuth 2.0 and OpenID Connect
Jacob Combs
197 views
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CloudIDSummit
1.5k views
OAuth with Salesforce - Demystified
Calvin Noronha
2k views
Identity Federation on JBossAS
Roger CARHUATOCTO
1k views
Single-Page-Application & REST security
Igor Bossenko
21k views
OAuth in the Real World featuring Webshell
CA API Management
4.4k views
OAuth
Iván Fernández Perea
2.3k views
[WSO2Con EU 2018] Identity APIs is the New Black
WSO2
296 views
Demystifying OAuth 2.0
Yury Roa
136 views
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Vinay Manglani
241 views
API Security with OAuth2.0.
Kellton Tech Solutions Ltd
2k views
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
NCCOMMS
2.1k views
OAuth 2
ChrisWood262
229 views
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
4k views
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
Good Dog Labs, Inc.
2.2k views
Introduction to OAuth2.0
Oracle Corporation
3.3k views
[WSO2Con USA 2018] Identity APIs is the New Black
WSO2
221 views
When and Why Would I use Oauth2?
Dave Syer
4.2k views
Intro to OAuth2 and OpenID Connect
LiamWadman
56 views
Stateless Auth using OAuth2 & JWT
Gaurav Roy
11.4k views
73 slides
OAuth 2.0 and OpenID Connect
Jacob Combs
197 views
21 slides
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CloudIDSummit
1.5k views
32 slides
OAuth with Salesforce - Demystified
Calvin Noronha
2k views
35 slides
Identity Federation on JBossAS
Roger CARHUATOCTO
1k views
28 slides
Single-Page-Application & REST security
Igor Bossenko
21k views
43 slides
Advertisement

More from Haggai Philip Zagury (20)

DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
Haggai Philip Zagury
7 views
Kube Security Shifting left | Scanners & OPA
Haggai Philip Zagury
17 views
TechRadarCon 2022 | Have you built your platform yet ?
Haggai Philip Zagury
17 views
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
147 views
DevEx | there’s no place like k3s
Haggai Philip Zagury
227 views
Git ops & Continuous Infrastructure with terra*
Haggai Philip Zagury
372 views
Linux intro
Haggai Philip Zagury
132 views
Auth experience
Haggai Philip Zagury
45 views
Kubexperience intro session
Haggai Philip Zagury
1.2k views
Scaling i/o bound Microservices
Haggai Philip Zagury
254 views
The 2nd half. Scaling to the next^2
Haggai Philip Zagury
81 views
Terraform 101
Haggai Philip Zagury
676 views
Chaos is a ladder !
Haggai Philip Zagury
246 views
Natively clouded Journey
Haggai Philip Zagury
373 views
Deep Learning - Continuous Operations
Haggai Philip Zagury
156 views
Terraform 101
Haggai Philip Zagury
427 views
Helm intro
Haggai Philip Zagury
2.6k views
Machine Learning - Continuous operations
Haggai Philip Zagury
286 views
Whats all the FaaS About
Haggai Philip Zagury
721 views
Modern Monitoring [ with Prometheus ]
Haggai Philip Zagury
1.6k views
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
Haggai Philip Zagury
7 views
50 slides
Kube Security Shifting left | Scanners & OPA
Haggai Philip Zagury
17 views
38 slides
TechRadarCon 2022 | Have you built your platform yet ?
Haggai Philip Zagury
17 views
49 slides
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
147 views
37 slides
DevEx | there’s no place like k3s
Haggai Philip Zagury
227 views
36 slides
Git ops & Continuous Infrastructure with terra*
Haggai Philip Zagury
372 views
42 slides

Recently uploaded (20)

Q5.pdf
Diego Armando Guzmán
30 views
Connecting Digital Ecosystems
JuanLungA
4 views
Q6.pdf
Diego Armando Guzmán
27 views
Transcript: New from BookNet Canada for 2022: Loan Stars - Tech Forum 2023
BookNet Canada
10 views
PTZOptics - 2023 Presentation.pdf
Paul Richards
7 views
Embedding GAMP Compliance into Digital Health Software - The Case of SpiraPlan
Inflectra
0 views
drones-06-00258-v2.pdf
BorchalaDareje
0 views
REMOTE INFRASTRUCTURE MANAGEMENT SERVICES Is Bound To Make An Impact On Your ...
HEX64
0 views
OS ASSIGNMENT.pptx
SrishtiManchanda5
0 views
Rapid-Prototyping.pdf
AmitavaDatta9
0 views
huawei-lte-handover-events.pdf
ariyantohari
3 views
Digital.docx
MuhammadKhalil502533
0 views
CNE Microproject Report.pdf
Nehaam3
0 views
ppt.pptx
Revati Devrat
9 views
Dell APEX Private Cloud can provide faster application response times in a VD...
Principled Technologies
3 views
ChatGPT and Mulesoft.pptx
shiva310211
0 views
Learn How to Turbocharge Your AI/ML Data Workflows with Data Enrichment
Precisely
5 views
Operation Technology.docx
MuhammadKhalil502533
4 views
Research Presentation.pptx
TinaRivera12
0 views
Comparison Chat of PTFE By Rohit Damodaran
Rohit Damodaran
3 views
Q5.pdf
Diego Armando Guzmán
30 views
4 slides
Connecting Digital Ecosystems
JuanLungA
4 views
10 slides
Q6.pdf
Diego Armando Guzmán
27 views
4 slides
Transcript: New from BookNet Canada for 2022: Loan Stars - Tech Forum 2023
BookNet Canada
10 views
2 slides
PTZOptics - 2023 Presentation.pdf
Paul Richards
7 views
52 slides
Embedding GAMP Compliance into Digital Health Software - The Case of SpiraPlan
Inflectra
0 views
24 slides
Advertisement

Auth experience - vol 1.0

  1. 1. AuthExperienc e Modern authentication practices Haggai Philip Zagury | DevOps Group & Tech Lead | 2021
  2. 2. AGENDA Before the Cloud & Web Services The evolution of Authentication systems OAuth2.0 & JWT OAuth2.0 - the server side OIDC - Generic Understanding of Actors OIDC Flows - Behind the Scenes SAML SAML - Behind the Scenes What’s SSO got to do with it ? AuthExpereince
  3. 3. Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping)
  4. 4. Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping)
  5. 5. Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping) 
 Common Solution LDAP -Lightweight Directory Access Protocol Identify the User in the directory, Identi fi cation is Based on the Location in the Directory tree
  6. 6. Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping) 
 Common Solution LDAP -Lightweight Directory Access Protocol Identify the User in the directory, Identi fi cation is Based on the Location in the Directory tree Problem Security is internal (we trust our DC,LDAP) Organizations start consuming 3rd party services How do we manage our Customer / Client DB What if I don’t know his ID ? Origin ? 
 (Onboarding Issue all over Again)
  7. 7. Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping) 
 Common Solution LDAP -Lightweight Directory Access Protocol Identify the User in the directory, Identi fi cation is Based on the Location in the Directory tree Problem Security is internal (we trust our DC,LDAP) Organizations start consuming 3rd party services How do we manage our Customer / Client DB What if I don’t know his ID ? Origin ? 
 (Onboarding Issue all over Again) SSO - Single Sign On / Use your corporate e-mail
  8. 8. Before the Cloud 1 user per application Onboarding was an issue … Grouping (Scoping) 
 Common Solution LDAP -Lightweight Directory Access Protocol Identify the User in the directory, Identi fi cation is Based on the Location in the Directory tree Problem Security is internal (we trust our DC,LDAP) Organizations start consuming 3rd party services How do we manage our Customer / Client DB What if I don’t know his ID ? Origin ? 
 (Onboarding Issue all over Again) SSO - Single Sign On / Use your corporate e-mail “Social” Login
  9. 9. OAUTH Misconception #1: OAUTH != Auth0 
 Misconception #2: It is used to AUTHORIZE not Identify 
 Purpose: Provide temporary access to your information Method: JWT - Json Web Token AuthExpereince
  10. 10. OAuth2.0 Usage Resource Owner (You!) Standard web login (username / password) Client / Application Authorization Server
  11. 11. OAuth2.0 Usage Resource Owner (You!) Standard web login (username / password) Client / Application Can we please import your contacts Authorization Server
  12. 12. OAuth2.0 Usage Resource Owner (You!) Standard web login (username / password) Client / Application Can we please import your contacts Authorization Server
  13. 13. OAuth2.0 Usage Resource Owner (You!) Client / Application Authorization Server User CONSENT
  14. 14. OAuth2.0 Usage Resource Owner (You!) Client / Application Authorization Server User CONSENT token GRANT
  15. 15. Client / Application ID A way for the identity provider to Identify the Client / Application Client Secret A unique identi fi er of that application ID OAuth2.0 - Behind the scenes zero trust policy
  16. 16. Client / Application ID A way for the identity provider to Identify the Client / Application Client Secret A unique identi fi er of that application ID OAuth2.0 - Behind the scenes zero trust policy Grant A token proving the ID is valid
  17. 17. Client / Application ID A way for the identity provider to Identify the Client / Application Client Secret A unique identi fi er of that application ID OAuth2.0 - Behind the scenes zero trust policy Grant A token proving the ID is valid
  18. 18. Client / Application ID A way for the identity provider to Identify the Client / Application Client Secret A unique identi fi er of that application ID OAuth2.0 - Behind the scenes zero trust policy CONCENT A token proving the ID is valid GRANT Based on the Scope the App/Client ID 
 has permissions to access
  19. 19. OAuth = Authorization (a.k.a access) grants access to a resource ! Identifying the user is the application / client’s job ! grants are provided via token tokens expire ! 
 
 We want to limit the duration / validity of the grant token
  20. 20. The Client Application has no record of the user How he logged in When he logged-in or logged-out 
 
 Only the authorization server u with the resource owner ! OAuth = Authorization (a.k.a access)
  21. 21. OIDC Purpose: Identity & Authentication layer for OAuth Method: 
 1. Dedicated Service Endpoints 2. JWT - Json Web Token AuthExpereince
  22. 22. OIDC FLOWS Purpose: Identity & Authentication layer for OAuth Method: 
 1. Dedicated Service Endpoints 2. JWT - Json Web Token AuthExpereince
  23. 23. Haggai Philip Zagury | DevOps Group & Tech Lead | 2021 OpenID Connect Adding the Identity Layer to OAuth
  24. 24. OpenIDC - OpenID Connect Resource Owner (You!) Endpoints Scopes Claims ID Token
  25. 25. Resource Owner (You!) Client / Application 
 Relaying Party Authorization Server Authorization 
 endpoint 1 2 3 Token 
 endpoint
  26. 26. Subject Issuing Authority Audience Issue Date Expiration Date ID Token
  27. 27. Security Assertion Markup Language
  28. 28. Goal 1 Goal 2 Goal 3 Goal 4
  29. 29. Resource Owner (You!)
  30. 30. Resource Owner (You!) Client / Application Content Server
  31. 31. Authorization Server (IDP) Resource Owner (You!) Client / Application Content Server { Token } { Scopes }
  32. 32. Kiryat Atidim, Building 7 , 3rd Floor POB 5826 9 Tel Aviv 6158102 IsraeL (+972) 3 6488618 info@tikalk.co m
  33. 33. Goal Infographics Marketing is the study and management of exchange relationships. Marketing is the business process of creating relationships with and satisfying customers. To get your company’s name out there, you need to make sure to get your company’s name out there. Goal 1 To get your company’s name out there, you need to make sure to get your company’s name out there. Goal 2 To get your company’s name out there, you need to make sure to get your company’s name. Goal 3 To get your company’s name out there, you need to make sure to get. Goal 4

×