Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

FIWARE Identity Manager Exercises

550 views

Published on

FIWARE Identity Manager Exercises

Published in: Software
  • Be the first to comment

  • Be the first to like this

FIWARE Identity Manager Exercises

  1. 1. Adding Identity Management and Access Control to your Application - Exercises Joaquin Salvachúa -Álvaro Alonso UPM – DIT Security Chapter. FIWARE joaquin.salvachua@upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso  
  2. 2. Exercises index •  Sec-1. Creating a FIWARE account •  Sec-2. Managing organizations •  Sec-3. Registering an application •  Sec-4. Adding OAuth2 to your application (based on our Node.js template) •  Sec-5. Adding OAuth2 to your application (using an OAuth2 library) •  Sec-6. Securing your backend Authentication •  Sec-7. Securing your backend Basic Authorization •  Sec-8. Securing your backend Advanced Authorization
  3. 3. Sec-1. Creating a FIWARE account •  Prerequisite –  To have an Internet connection J •  Steps –  Go to https://account.lab.fiware.org –  Click in “Sign Up” –  Fill your data –  Confirm your account from the email confirmation •  Hints –  If you don’t receive the email confirmation… check your spam Easy  
  4. 4. Sec-2. Managing organizations •  Prerequisite –  To have a FIWARE account •  Steps –  Go to https://account.lab.fiware.org –  Sign In –  Create an Organization –  Add members to it •  Hints –  To manage an organization you have to switch to it using the dropdown in the upper right corner. Easy  
  5. 5. Sec-3. Registering an application •  Prerequisite –  To have a FIWARE account •  Steps –  Go to https://account.lab.fiware.org –  Sign In –  Register an application •  Hints –  You have to set: •  URL: the url where your app will run •  Callback URL: the url where Account Portal will redirect your users once authenticated Easy  
  6. 6. Sec-4 (1). Adding OAuth2 to your application (based on our Node.js template) •  Prerequisites –  To have an application registered in the Account Portal –  To learn how OAuth2 works •  Steps –  Clone our demo example: •  https://github.com/ging/oauth2-example-client –  Follow the instructions in the README •  You will find client_secret and client_id in the application detail: Easy  
  7. 7. Sec-4 (2). Adding OAuth2 to your application (based on our Node.js template) •  Hints –  Learn about OAuth2: •  http://oauth.net/2/ –  FIWARE Account flows: •  http://es.slideshare.net/alvaroalonsogonzalez/id-m-andac –  FIWARE Account OAuth2 docs •  https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance –  Advanced courses: •  http://edu.fi-ware.org/course/view.php?id=79 •  http://edu.fi-ware.org/course/view.php?id=63 Easy  
  8. 8. Sec-5. Adding OAuth2 to your application (using an OAuth2 library) •  Prerequisite –  To have an application registered in the Account Portal –  To have your own application •  Steps –  Include an OAuth2 library in your app –  Configure it using the OAuth credentials generated in the Account Portal –  Follow the library instructions to use it •  Hints –  OAuth2 libraries •  http://oauth.net/2/ Medium  
  9. 9. Sec-6. Securing your backend Authentication •  Prerequisite –  To have a frontend app using OAuth and FIWARE Account –  To have a REST-based backend service •  Steps –  Clone our PEP-Proxy Wilma •  https://github.com/ging/fi-ware-pep-proxy –  Configure it following the README •  app_host and app_port are the coordinates of your backend REST API –  Now your requests to your backend •  Has to be sent to the proxy •  Has to include “X-Auth-Token” header with the OAuth2 access token •  Hints –  Wilma docs •  http://catalogue.fiware.org/enablers/pep-proxy-wilma Medium  
  10. 10. Sec-7. Securing your backend Basic Authorization •  Prerequisite –  To have a Wilma deployed on top of your backend •  Steps –  Enable the “check_permissions” option in Wilma’s config –  Edit your application in Account Portal •  Create a new role •  Create a new permission with –  HTTP action – GET, POST, PUT, DELETE –  REST resource – the url of your resource •  Assign the role to a user •  Check the request in your App •  Hints –  AuthZForce docs •  http://catalogue.fiware.org/enablers/authorization-pdp-authzforce Hard  
  11. 11. Sec-8. Securing your backend Advanced Authorization •  Prerequisite –  To have a Wilma deployed on top of your backend •  Steps –  Modify Wilma in order to manage XACML Requests •  You can check request params such as body, headers… –  Edit your application in Account Portal •  Create a new role •  Create a new permission with an advanced rule (XACML) •  Assign the role to a user •  Check the request in your App •  Hints –  AuthZForce docs •  http://catalogue.fiware.org/enablers/authorization-pdp-authzforce –  XACML •  https://www.oasis-open.org/committees/xacml/ Hard  
  12. 12. Adding Identity Management and Access Control to your Application - Exercises Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso  

×