SlideShare a Scribd company logo

Identity and Client Management using OpenID Connect and SAML

Download as PPTX, PDF
P
pqrs1234

Introduction To API Security Security Threats and Vulnerabilities Identity Management – SAML and OpenID Connect Client Management – Dynamic Client Registration

Education
1 of 20
[8th May 2021] [Coimbatore] MuleSoft Meetup Group Identity and Client Management With MuleSoft
Organizers 2
3 Speakers Jitendra Bafna Senior Solution Architect Capgemini About the speaker:  Working as Senior Solution Architect at Capgemini.  MuleSoft Ambassador  Surat MuleSoft Meetup Leader.  12.5+ Years of Experience in Integrations and API Technologies.  Certified MuleSoft Integration Architect and platform Architect.
CHEERS..!! We have prizes to give away! 3 Winners a special prize is ready 4 A SHOW OF HANDS: New Members With Us.!!
5 Agenda Introduction To API Security Security Threats and Vulnerabilities Identity Management – SAML and OpenID Connect Client Management – Dynamic Client Registration Live Demonstration Trivia Quiz
What is API Security?
7 API Security is an essentials elements of the applications, especially in regards to APIs where you have hundreds or thousands of calls on daily basis. Everyday new threats and vulnerabilities are created and in such case it is very important to secure the APIs. MuleSoft provided the API manager which can minimize the risks from attacks like DDoS, DoS or any security vulnerabilities. API manager provides option for creating the API proxy for the backend API running on Anypoint platform and thereby secures requests coming into the platform again the API. What is API Security?
8 Different Types of API Attacks API Threats Denial Of Service Distributed Denial Of Service Parameter Tampering CORS/XSS Injection Attacks Sensitive Data Exposure
9 ⮚ Digital Signatures. ⮚ Cryptography like PGP, JCE and XML. ⮚ JWT OAuth or Token Based Authentication ⮚ API Manager Policies like Rate Limiting, XML Threat Protection, JWT Validation etc. ⮚ Anypoint Security and Web Application Firewall in case of Runtime Fabric. ⮚ Identity Management and Client Management Ways to achieve API Security API Security OAuth Rate Limiting Digital Signatures Cryptography Policies like XML Threat Protection, Rate Limiting, CORS etc. Anypoint Security Anypoint API Policies (Security) JWT Validation Policies Basic Authentication – Simple and LDAP XML/JSON Threat Protection Policies IP Whitelisting/Blacklisting Tokenization/Detokenization
10 OAuth Providers Grant Types OAuth Providers & Grant Types OKTA PING OPEN AM Keycloak AWS Cognito Azure IdP Auth0 Google Box GitHub Authorization Code Client Credentials Refresh Token Password Implicit Code
11 OAuth JWT – Authorization Code
12 OAuth JWT – Implicit Code
13 OAuth JWT – Client Credentials
SAML 2.0 Identity Management SAML is stand for Security Assertion Mark-up Language and it is mainly designed to authenticate the users and provide identity data for access control and communication method for user identity. SAML is XML-based open standards for transferring data between two parties, Identity Provider (IP) and Service Provider (SP). ● Identity Provider is basically performs the authentication and transfer user identity to the Service Provider. ● Service Provide one who trusts the Identity Provider and authorized the user to access requested resources. 14
SAML 2.0 Identity Management 15
16 OpenID Connect extends OAuth 2.0. The OAuth 2.0 protocol provides API security via scoped access tokens, and OpenID Connect provides user authentication and single sign-on (SSO) functionality. As the Anypoint Platform organization administrator, you can configure identity management in Anypoint Platform to set up users for single sign-on (SSO). Configure identity management using one of the following single sign-on standards: ● OpenID Connect: End user identity verification by an authorization server including SSO. ● SAML 2.0: Web-based authorization including cross-domain SSO. OpenID Connect Identity Management
17 SAML (SAML 1.0 and 2.0) and OpenID Connect (OIDC) are identity protocols, designed to authenticate users, and provide identity data for access control and as a communication method for a user’s identity. Mainly used for Enterprise and Government applications, SAML 2.0 is a mature technology dating from 2005 and supports a wide range of identity functionality. SAML uses XML for its identity data format and simple HTTP or SOAP for data transport mechanisms. A relatively new protocol, continuously evolving, OIDC was designed with web and mobile applications in mind. Designed to be easy to adopt and use, OIDC is an extension of OAuth2, with data structures in JSON format (JWT), and simple HTTPS flows for transport. SAML V/S OpenID Connect
18 Dynamic Client Registration allows you to register third party applications dynamically. This feature is based on the OpenID Connect Dynamic Client Registration specification. The OKTA Dynamic Client Registration API provides operations to register and manage client applications for use with Okta's OAuth 2.0 and OpenID Connect endpoints. Client Management – Dynamic Client Registration
Demonstration 1. Identity Management With OpenID Connect 2. Client Management With OpenID Connect – Dynamic Client Registration 3. Identity Management With SAML
Thank you!

Recommended

Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API SecurityMuleSoft
 
Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0shyamraj55
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...
MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...
MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...Manish Kumar Yadav
 
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Amazon Web Services
 
Microservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudMicroservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudEberhard Wolff
 
Cloudhub 2.0
Cloudhub 2.0Cloudhub 2.0
Cloudhub 2.0Christopher Co
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 

Recommended

Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API SecurityMuleSoft
 
Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0shyamraj55
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...
MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...
MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...Manish Kumar Yadav
 
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Amazon Web Services
 
Microservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudMicroservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudEberhard Wolff
 
Cloudhub 2.0
Cloudhub 2.0Cloudhub 2.0
Cloudhub 2.0Christopher Co
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
MuleSoft Sizing Guidelines - VirtualMuleys
MuleSoft Sizing Guidelines - VirtualMuleysMuleSoft Sizing Guidelines - VirtualMuleys
MuleSoft Sizing Guidelines - VirtualMuleysAngel Alberici
 
Introduction to CloudHub 2.0
Introduction to CloudHub 2.0Introduction to CloudHub 2.0
Introduction to CloudHub 2.0NeerajKumar1965
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API GatewayAmazon Web Services
 
Introduction to Tekton
Introduction to TektonIntroduction to Tekton
Introduction to TektonVictor Iglesias
 
DevOps - A Gentle Introduction
DevOps - A Gentle IntroductionDevOps - A Gentle Introduction
DevOps - A Gentle IntroductionCodeOps Technologies LLP
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API GatewayYohann Ciurlik
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide Isabelle Mauny
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM IntroductionAmazon Web Services
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerAmazon Web Services
 
Integration patterns in AEM 6
Integration patterns in AEM 6Integration patterns in AEM 6
Integration patterns in AEM 6Yuval Ararat
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security LifecycleApigee | Google Cloud
 
MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...
MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...
MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...Jitendra Bafna
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptxMohammadSaif904342
 
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...Amazon Web Services
 
DevOps for beginners
DevOps for beginnersDevOps for beginners
DevOps for beginnersPradeep Patel, PMP®
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets ManagerAmazon Web Services
 
Swagger APIs for Humans and Robots (Gluecon)
Swagger APIs for Humans and Robots (Gluecon)Swagger APIs for Humans and Robots (Gluecon)
Swagger APIs for Humans and Robots (Gluecon)Tony Tam
 
Developer Tools at AWS 2018.pdf
Developer Tools at AWS 2018.pdfDeveloper Tools at AWS 2018.pdf
Developer Tools at AWS 2018.pdfAmazon Web Services
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftJitendra Bafna
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensForgeRock
 

More Related Content

What's hot

MuleSoft Sizing Guidelines - VirtualMuleys
MuleSoft Sizing Guidelines - VirtualMuleysMuleSoft Sizing Guidelines - VirtualMuleys
MuleSoft Sizing Guidelines - VirtualMuleysAngel Alberici
 
Introduction to CloudHub 2.0
Introduction to CloudHub 2.0Introduction to CloudHub 2.0
Introduction to CloudHub 2.0NeerajKumar1965
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API GatewayYohann Ciurlik
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide Isabelle Mauny
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerAmazon Web Services
 
Integration patterns in AEM 6
Integration patterns in AEM 6Integration patterns in AEM 6
Integration patterns in AEM 6Yuval Ararat
 
MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...
MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...
MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...Jitendra Bafna
 
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...Amazon Web Services
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
Swagger APIs for Humans and Robots (Gluecon)
Swagger APIs for Humans and Robots (Gluecon)Swagger APIs for Humans and Robots (Gluecon)
Swagger APIs for Humans and Robots (Gluecon)Tony Tam
 

What's hot (20)

MuleSoft Sizing Guidelines - VirtualMuleys
MuleSoft Sizing Guidelines - VirtualMuleysMuleSoft Sizing Guidelines - VirtualMuleys
MuleSoft Sizing Guidelines - VirtualMuleys
 
Introduction to CloudHub 2.0
Introduction to CloudHub 2.0Introduction to CloudHub 2.0
Introduction to CloudHub 2.0
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
 
Introduction to Tekton
Introduction to TektonIntroduction to Tekton
Introduction to Tekton
 
DevOps - A Gentle Introduction
DevOps - A Gentle IntroductionDevOps - A Gentle Introduction
DevOps - A Gentle Introduction
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets Manager
 
Integration patterns in AEM 6
Integration patterns in AEM 6Integration patterns in AEM 6
Integration patterns in AEM 6
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security Lifecycle
 
MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...
MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...
MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
 
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
 
DevOps for beginners
DevOps for beginnersDevOps for beginners
DevOps for beginners
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
 
Swagger APIs for Humans and Robots (Gluecon)
Swagger APIs for Humans and Robots (Gluecon)Swagger APIs for Humans and Robots (Gluecon)
Swagger APIs for Humans and Robots (Gluecon)
 
Developer Tools at AWS 2018.pdf
Developer Tools at AWS 2018.pdfDeveloper Tools at AWS 2018.pdf
Developer Tools at AWS 2018.pdf
 

Similar to Identity and Client Management using OpenID Connect and SAML

MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftJitendra Bafna
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensForgeRock
 
Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Iwantha Lekamge
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?Mary Joy Sabal
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationSylvain Maret
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalOracleIDM
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Codit
 
GHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail QuestGHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail QuestPaulaPaulSlides
 
Uncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdfUncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdfPankaj Goyal
 
Uncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdfUncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdfPankajGoyal164048
 
Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practiceSanjay Roy
 
WSO2 Ecosystem platform for Connected Telco
WSO2 Ecosystem platform for Connected TelcoWSO2 Ecosystem platform for Connected Telco
WSO2 Ecosystem platform for Connected TelcoMifan Careem
 
Algorithm for Securing SOAP Based Web Services from WSDL Scanning Attacks
Algorithm for Securing SOAP Based Web Services from WSDL Scanning AttacksAlgorithm for Securing SOAP Based Web Services from WSDL Scanning Attacks
Algorithm for Securing SOAP Based Web Services from WSDL Scanning Attacksiosrjce
 
What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019IBM DataPower Gateway
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven IntegrationWSO2
 
Service Oriented Architecture Updated Luqman
Service Oriented Architecture Updated LuqmanService Oriented Architecture Updated Luqman
Service Oriented Architecture Updated Luqmanguesteb791b
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 

Similar to Identity and Client Management using OpenID Connect and SAML (20)

MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform Awakens
 
Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
 
GHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail QuestGHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail Quest
 
Uncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdfUncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdf
 
Uncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdfUncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdf
 
Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practice
 
WSO2 Ecosystem platform for Connected Telco
WSO2 Ecosystem platform for Connected TelcoWSO2 Ecosystem platform for Connected Telco
WSO2 Ecosystem platform for Connected Telco
 
F017353539
F017353539F017353539
F017353539
 
Algorithm for Securing SOAP Based Web Services from WSDL Scanning Attacks
Algorithm for Securing SOAP Based Web Services from WSDL Scanning AttacksAlgorithm for Securing SOAP Based Web Services from WSDL Scanning Attacks
Algorithm for Securing SOAP Based Web Services from WSDL Scanning Attacks
 
What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
 
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven Integration
 
Service Oriented Architecture Updated Luqman
Service Oriented Architecture Updated LuqmanService Oriented Architecture Updated Luqman
Service Oriented Architecture Updated Luqman
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 

More from pqrs1234

AWS Route 53 with Mulesoft
AWS Route 53 with Mulesoft AWS Route 53 with Mulesoft
AWS Route 53 with Mulesoft pqrs1234
 
Digital Transformation With MuleSoft : That Wins Customers
Digital Transformation With MuleSoft : That Wins CustomersDigital Transformation With MuleSoft : That Wins Customers
Digital Transformation With MuleSoft : That Wins Customerspqrs1234
 
What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?pqrs1234
 
Session on API auto scaling, monitoring and Log management
Session on API auto scaling, monitoring and Log managementSession on API auto scaling, monitoring and Log management
Session on API auto scaling, monitoring and Log managementpqrs1234
 
Power of salesforce LWC with Mulesoft using platform events
Power of salesforce LWC with Mulesoft using platform eventsPower of salesforce LWC with Mulesoft using platform events
Power of salesforce LWC with Mulesoft using platform eventspqrs1234
 
Api complete life cycle with api security
Api complete life cycle with api securityApi complete life cycle with api security
Api complete life cycle with api securitypqrs1234
 
Nagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using JenkinsNagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using Jenkinspqrs1234
 
Salesforce composite api mule soft connector
Salesforce composite api mule soft connectorSalesforce composite api mule soft connector
Salesforce composite api mule soft connectorpqrs1234
 
Coimbatore Second Mule Meetup on Error Handling in Mule 4
Coimbatore Second Mule Meetup on Error Handling in Mule 4Coimbatore Second Mule Meetup on Error Handling in Mule 4
Coimbatore Second Mule Meetup on Error Handling in Mule 4pqrs1234
 

More from pqrs1234 (9)

AWS Route 53 with Mulesoft
AWS Route 53 with Mulesoft AWS Route 53 with Mulesoft
AWS Route 53 with Mulesoft
 
Digital Transformation With MuleSoft : That Wins Customers
Digital Transformation With MuleSoft : That Wins CustomersDigital Transformation With MuleSoft : That Wins Customers
Digital Transformation With MuleSoft : That Wins Customers
 
What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?
 
Session on API auto scaling, monitoring and Log management
Session on API auto scaling, monitoring and Log managementSession on API auto scaling, monitoring and Log management
Session on API auto scaling, monitoring and Log management
 
Power of salesforce LWC with Mulesoft using platform events
Power of salesforce LWC with Mulesoft using platform eventsPower of salesforce LWC with Mulesoft using platform events
Power of salesforce LWC with Mulesoft using platform events
 
Api complete life cycle with api security
Api complete life cycle with api securityApi complete life cycle with api security
Api complete life cycle with api security
 
Nagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using JenkinsNagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using Jenkins
 
Salesforce composite api mule soft connector
Salesforce composite api mule soft connectorSalesforce composite api mule soft connector
Salesforce composite api mule soft connector
 
Coimbatore Second Mule Meetup on Error Handling in Mule 4
Coimbatore Second Mule Meetup on Error Handling in Mule 4Coimbatore Second Mule Meetup on Error Handling in Mule 4
Coimbatore Second Mule Meetup on Error Handling in Mule 4
 

Recently uploaded

EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxabhijeetpadhi001
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 

Recently uploaded (20)

EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 

Identity and Client Management using OpenID Connect and SAML

  • 1. [8th May 2021] [Coimbatore] MuleSoft Meetup Group Identity and Client Management With MuleSoft
  • 3. 3 Speakers Jitendra Bafna Senior Solution Architect Capgemini About the speaker:  Working as Senior Solution Architect at Capgemini.  MuleSoft Ambassador  Surat MuleSoft Meetup Leader.  12.5+ Years of Experience in Integrations and API Technologies.  Certified MuleSoft Integration Architect and platform Architect.
  • 4. CHEERS..!! We have prizes to give away! 3 Winners a special prize is ready 4 A SHOW OF HANDS: New Members With Us.!!
  • 5. 5 Agenda Introduction To API Security Security Threats and Vulnerabilities Identity Management – SAML and OpenID Connect Client Management – Dynamic Client Registration Live Demonstration Trivia Quiz
  • 6. What is API Security?
  • 7. 7 API Security is an essentials elements of the applications, especially in regards to APIs where you have hundreds or thousands of calls on daily basis. Everyday new threats and vulnerabilities are created and in such case it is very important to secure the APIs. MuleSoft provided the API manager which can minimize the risks from attacks like DDoS, DoS or any security vulnerabilities. API manager provides option for creating the API proxy for the backend API running on Anypoint platform and thereby secures requests coming into the platform again the API. What is API Security?
  • 8. 8 Different Types of API Attacks API Threats Denial Of Service Distributed Denial Of Service Parameter Tampering CORS/XSS Injection Attacks Sensitive Data Exposure
  • 9. 9 ⮚ Digital Signatures. ⮚ Cryptography like PGP, JCE and XML. ⮚ JWT OAuth or Token Based Authentication ⮚ API Manager Policies like Rate Limiting, XML Threat Protection, JWT Validation etc. ⮚ Anypoint Security and Web Application Firewall in case of Runtime Fabric. ⮚ Identity Management and Client Management Ways to achieve API Security API Security OAuth Rate Limiting Digital Signatures Cryptography Policies like XML Threat Protection, Rate Limiting, CORS etc. Anypoint Security Anypoint API Policies (Security) JWT Validation Policies Basic Authentication – Simple and LDAP XML/JSON Threat Protection Policies IP Whitelisting/Blacklisting Tokenization/Detokenization
  • 10. 10 OAuth Providers Grant Types OAuth Providers & Grant Types OKTA PING OPEN AM Keycloak AWS Cognito Azure IdP Auth0 Google Box GitHub Authorization Code Client Credentials Refresh Token Password Implicit Code
  • 11. 11 OAuth JWT – Authorization Code
  • 12. 12 OAuth JWT – Implicit Code
  • 13. 13 OAuth JWT – Client Credentials
  • 14. SAML 2.0 Identity Management SAML is stand for Security Assertion Mark-up Language and it is mainly designed to authenticate the users and provide identity data for access control and communication method for user identity. SAML is XML-based open standards for transferring data between two parties, Identity Provider (IP) and Service Provider (SP). ● Identity Provider is basically performs the authentication and transfer user identity to the Service Provider. ● Service Provide one who trusts the Identity Provider and authorized the user to access requested resources. 14
  • 15. SAML 2.0 Identity Management 15
  • 16. 16 OpenID Connect extends OAuth 2.0. The OAuth 2.0 protocol provides API security via scoped access tokens, and OpenID Connect provides user authentication and single sign-on (SSO) functionality. As the Anypoint Platform organization administrator, you can configure identity management in Anypoint Platform to set up users for single sign-on (SSO). Configure identity management using one of the following single sign-on standards: ● OpenID Connect: End user identity verification by an authorization server including SSO. ● SAML 2.0: Web-based authorization including cross-domain SSO. OpenID Connect Identity Management
  • 17. 17 SAML (SAML 1.0 and 2.0) and OpenID Connect (OIDC) are identity protocols, designed to authenticate users, and provide identity data for access control and as a communication method for a user’s identity. Mainly used for Enterprise and Government applications, SAML 2.0 is a mature technology dating from 2005 and supports a wide range of identity functionality. SAML uses XML for its identity data format and simple HTTP or SOAP for data transport mechanisms. A relatively new protocol, continuously evolving, OIDC was designed with web and mobile applications in mind. Designed to be easy to adopt and use, OIDC is an extension of OAuth2, with data structures in JSON format (JWT), and simple HTTPS flows for transport. SAML V/S OpenID Connect
  • 18. 18 Dynamic Client Registration allows you to register third party applications dynamically. This feature is based on the OpenID Connect Dynamic Client Registration specification. The OKTA Dynamic Client Registration API provides operations to register and manage client applications for use with Okta's OAuth 2.0 and OpenID Connect endpoints. Client Management – Dynamic Client Registration
  • 19. Demonstration 1. Identity Management With OpenID Connect 2. Client Management With OpenID Connect – Dynamic Client Registration 3. Identity Management With SAML