2. Web Security
• Understanding Security Models
• Using certificates with Service Endpoints
• Using OAuth in Neuron ESB
Goals
3. Web Security
• Understand Security Models
• What are security models?
• When do you use them?
• Using Certificates in Neuron ESB
• Using OAuth in Neuron ESB
• Creating an OAuth provider in Neuron ESB
• Associating OAuth providers with a service connector
• Using custom OAuth providers
Lesson Plan
4. Web Security
• Security Models are used by Neuron
ESB to identify the WCF web service
security protocol to implement with the
service
• Security Models determine how
messages are secured
• HTTP – Uses authentication to
ensure access
• Transport – Secures the route
between two endpoints
• Message – Includes security data
as part of every message
securing the message itself
Understanding Security Models : What are security models?
Binding Supported Security Models
BasicHttp HttpBasic, HttpDigest, HttpNtlm, HttpWindows, Transport:None,
Transport:Basic, Transport:Digest, Transport:NTLM, Transport:Windows,
Transport:Certificate, TransportWithMessage, Message:Certificate
WSHttp None, Transport:None, Transport:Basic, Transport:Digest, Transport:Ntlm,
Transport:Windows, Transport:Certificate, Message:Username
NetTcp Transport:None, Transport:Basic, Transport:Windows, Transport:Certificate,
TransportWithMessage, Message:Windows, Message:None,
Message:IssuedToken, Message:Certificate, Message:Username
REST HttpBasic, HttpDigest, HttpNtlm, HttpWindows, Transport:Digest,
Transport:Basic, Transport:Ntlm, Transport:Windows, Transport:Certificate
5. Web Security
Security Models are used by service endpoints when you need to secure the communication
Transport
• When you need to secure the channel for point to point communication
• Better performance than message based security
Message
• When you need to secure the message for one to many communication
• More flexibility than transport based security
Transport with Message Credentials
• Best of both transport and message security
• Secures the channel for communication as well as includes authentication with each message
Understanding Security Models : When do you use them?
6. Security Models : Demo
Purpose:
Familiarize users with security models in Neuron ESB.
Objectives:
• Setting security models in a service endpoint
7. Web Security
• Create a Certificate Credential in
Neuron ESB (Covered in Operational
Security)
• SSL
• Select the Security Model
Transport - None
• Select the Certificate Credential
from the Service Credentials drop
down list on the Security Tab
• Transport Certificate
• Select the Security Model
Transport – Certificate
• Select the Certificate Credential
from the Client Credential drop
down list on the Service
Connector Tab
Using Certificates in Neuron ESB
8. Using Certificates : Demo
Purpose:
Familiarize users with using certificates in Neuron ESB.
Objectives:
• Create a certificate credential
• Associate certificate credential with a service endpoint
9. Web Security
• Register your application with the
authorization service to get access to
the client identifier and client secret
• In Neuron – Security -> OAuth
Providers
• Enter the details provided by the OAuth
service
• Access Token
• Credential type
• Client ID
• Client Secret
• Redirect URI
• Test with the test button
Creating an OAuth Provider
10. Web Security
• Used with REST based Service
Connectors
• Select from OAuth drop down on
Service Connector Tab
Associating OAuth Providers with a Service Connector
11. OAuth Providers : Demo
Purpose:
Familiarize users with OAuth providers in Neuron ESB.
Objectives:
• Create an OAuth provider
• Test the OAuth provider
• Associate an OAuth provider with a Service Connector
12. Web Security
Neuron ESB supports the use of custom OAuth providers
Neuron ESB Supports the following Grant Types for custom OAuth providers
• Authorization Code Grant
• Client Credentials Grant
• Resource Owner Credentials Grant
• Refresh Token Grant
Documentation for how to create a Custom OAuth provider can be found at https://www.neuronesb.com/article/custom-oauth-providers/
Once created place the custom OAuth DLL in <Neuron Install Location><Instance>OAuthProviders
Create and use the custom OAuth Provider the same as you would built-in OAuth providers
Custom OAuth Providers
13. Custom OAuth Providers : Demo
Purpose:
Familiarize users with OAuth providers in Neuron ESB.
Objectives:
• Create a custom OAuth provider
• Register the custom OAuth provider in Neuron ESB
Editor's Notes
Many services use some sort of security in their implementation, to limit who can use the service or to ensure the integrity of the data being transferred to them. In Neuron ESB both client connectors and service connectors may be required to be secured one way or the other, and it is vital to an organization that this functionality be available. I am ________________ from ________________________ and this lesson is Web Security.
The goals of this lesson are to provide users with a better understanding of the Security models available to them inside of the Neuron ESB and to show users how to use certificates and OAuth providers in conjunction with service endpoints.
To facilitate our goals this lesson has ben broken down into three sections to make the information provided easier to understand. The sections that we will be covering are:
Understanding security models, where we will look at what security models are and how to use them
Using certificates in Neuron ESB
Using OAuth in Neuron ESB, where we will be discuss how to create an OAuth provider, how to associate it with a service connector, as well as how to create custom OAuth providers.
As we discussed in the Introduction to API and Service Hosting presentation, all service endpoints can use security models based on the binding of that service endpoint. But what is a security model?
Security Models are used by Neuron ESB to identify the WCF web service security protocol to implement with the service
Security Models determine how messages are secured
HTTP – Uses authentication to ensure access
Transport – Secures the route between two endpoints
Message – Includes security data as part of every message securing the message itself
https://docs.microsoft.com/en-us/dotnet/framework/wcf/securing-services
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/web-services-protocols-supported-by-system-provided-interoperability-bindings
Now that we know what a security model is, we need to look at when to use them. If you need to secure the communication of a service you will want to use a security model. But which one is best for the job?
Transport
When you need to secure the channel for point to point communication
Better performance than message based security
Message
When you need to secure the message for one to many communication
More flexibility than transport based security
Transport with Message Credentials
Best of both transport and message security
Secures the channel for communication as well as includes authentication with each message
https://docs.microsoft.com/en-us/dotnet/framework/wcf/securing-services
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/web-services-protocols-supported-by-system-provided-interoperability-bindings
If you wish to create secure service endpoints in Neuron for clients to connect to you will need to
Create a Certificate Credential in Neuron ESB (Covered in Operational Security)
Then based on the type endpoint you are looking to create
SSL
Select the Security Model Transport - None
Select the Certificate Credential from the Service Credentials drop down list on the Security Tab
Transport Certificate
Select the Security Model Transport – Certificate
Select the Certificate Credential from the Client Credential drop down list on the Service Connector Tab
https://www.neuronesb.com/neuron/Help3/Development/Samples_and_Walkthroughs/How_To/ssl_how_to.htm
Using OAuth, Neuron ESB can obtain access tokens that can be passed to REST services to authorize protected resource invocations. To do this you need to
Register your application with the authorization service to get access to the client identifier and client secret
In Neuron – Security -> OAuth Providers
Enter the details provided by the OAuth service
Access Token
Credential type
Client ID
Client Secret
Redirect URI
Test with the test button
https://www.neuronesb.com/article/introducing-oauth-support/
Once you have an OAuth provider created you can associate it with a REST based service connector by selecting the OAuth provider from the OAuth drop down list on the service connector tab of your REST service connector.
https://www.neuronesb.com/article/introducing-oauth-support/
Neuron ESB supports the use of custom OAuth providers
Neuron ESB Supports the following Grant Types for custom OAuth providers
Authorization Code Grant
Client Credentials Grant
Resource Owner Credentials Grant
Refresh Token Grant
Documentation for how to create a Custom OAuth provider can be found at https://www.neuronesb.com/article/custom-oauth-providers/
Once created place the custom OAuth DLL in <Neuron Install Location>\<Instance>\OAuthProviders
Create and use the custom OAuth Provider the same as you would built-in OAuth providers