SlideShare a Scribd company logo
Single Sign On with OAuth and OpenID
Jérôme Gasperi
WGISS-36
ESA/ESRIN - Frascati, Italy - September 19th, 2013
OpenID is an open standard for authentication.
Model is based on confidence links between Service
Providers and Authentication Providers (i.e. OpenID
providers) to achieve Single Sign On authentication
OAuth is an open standard for authorization.
It provides a method for clients to access server
resources on behalf of a resource owner
OAuth is an open standard for authorization.
It provides a method for clients to access server
resources on behalf of a resource owner
etc...
Experiment

Filter access to Kalideos (i.e. SPOT) data
through a secured WMS server using OpenID
Connect (i.e. OpenID over OAuth)
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
OpenID Connect planned to be used in Theia
(i.e. French Land Surface Thematic Center)
Single Sign On with OAuth and OpenID

More Related Content

What's hot

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
Brian Campbell
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
Nov Matake
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
Eugene Siow
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID Connect
Marcin Wolnik
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
Salesforce Developers
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenID
Prabath Siriwardena
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2
axykim00
 
ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2
Rodrigo Cândido da Silva
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
Igor Bossenko
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
Oracle Corporation
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0
Vladimir Dzhuvinov
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound Authenticator
MifrazMurthaja
 
OpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebOpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the Web
Richard Metzler
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primer
Manish Pandit
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
Jon Todd
 
Workshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateWorkshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederate
Craig Wu
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
NexThoughts Technologies
 

What's hot (20)

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID Connect
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenID
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2
 
ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound Authenticator
 
OpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebOpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the Web
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primer
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
 
Workshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateWorkshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederate
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
 

Similar to Single Sign On with OAuth and OpenID

Auth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesAuth proxy pattern on Kubernetes
Auth proxy pattern on Kubernetes
Michał Wcisło
 
diagram_sources.pptx
diagram_sources.pptxdiagram_sources.pptx
diagram_sources.pptx
UsmanShafi27
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring Boot
Geert Pante
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
Mobiliya
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
Novell
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
Gaurav Roy
 
2310 b 16
2310 b 162310 b 16
2310 b 16
Krazy Koder
 
2310 b 16
2310 b 162310 b 16
2310 b 16
Krazy Koder
 
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign OnHelp! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Saloni Shah
 
Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management Platform
Ian Foster
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and Mobile
ForgeRock
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
LiamWadman
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
ChrisWood262
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
guestd5dde6
 
What the Heck is OAuth and OpenID Connect? Connect.Tech 2017
What the Heck is OAuth and OpenID Connect? Connect.Tech 2017What the Heck is OAuth and OpenID Connect? Connect.Tech 2017
What the Heck is OAuth and OpenID Connect? Connect.Tech 2017
Matt Raible
 
Getting Started with Globus for Developers
Getting Started with Globus for DevelopersGetting Started with Globus for Developers
Getting Started with Globus for Developers
Globus
 
Tags
TagsTags
Tags
jcvengal
 
Luminis Iv To Exchange Labs
Luminis Iv To Exchange LabsLuminis Iv To Exchange Labs
Luminis Iv To Exchange Labs
Melissa Miller
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
Aaron Ralls
 

Similar to Single Sign On with OAuth and OpenID (20)

Auth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesAuth proxy pattern on Kubernetes
Auth proxy pattern on Kubernetes
 
diagram_sources.pptx
diagram_sources.pptxdiagram_sources.pptx
diagram_sources.pptx
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring Boot
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
2310 b 16
2310 b 162310 b 16
2310 b 16
 
2310 b 16
2310 b 162310 b 16
2310 b 16
 
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign OnHelp! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
 
Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management Platform
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and Mobile
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
 
What the Heck is OAuth and OpenID Connect? Connect.Tech 2017
What the Heck is OAuth and OpenID Connect? Connect.Tech 2017What the Heck is OAuth and OpenID Connect? Connect.Tech 2017
What the Heck is OAuth and OpenID Connect? Connect.Tech 2017
 
Getting Started with Globus for Developers
Getting Started with Globus for DevelopersGetting Started with Globus for Developers
Getting Started with Globus for Developers
 
Tags
TagsTags
Tags
 
Luminis Iv To Exchange Labs
Luminis Iv To Exchange LabsLuminis Iv To Exchange Labs
Luminis Iv To Exchange Labs
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 

More from Gasperi Jerome

Big data from space - Module Big Data ISAE 2017
Big data from space - Module Big Data ISAE 2017Big data from space - Module Big Data ISAE 2017
Big data from space - Module Big Data ISAE 2017
Gasperi Jerome
 
Le Big Data et les données Copernicus
Le Big Data et les données CopernicusLe Big Data et les données Copernicus
Le Big Data et les données Copernicus
Gasperi Jerome
 
2016.02.18 big data from space toulouse data science
2016.02.18   big data from space    toulouse data science2016.02.18   big data from space    toulouse data science
2016.02.18 big data from space toulouse data science
Gasperi Jerome
 
2015.11.12 big data from space - cusi toulouse
2015.11.12   big data from space - cusi toulouse2015.11.12   big data from space - cusi toulouse
2015.11.12 big data from space - cusi toulouse
Gasperi Jerome
 
Big Data - Accès et traitement des données d’Observation de laTerre
Big Data - Accès et traitement des données d’Observation de laTerreBig Data - Accès et traitement des données d’Observation de laTerre
Big Data - Accès et traitement des données d’Observation de laTerre
Gasperi Jerome
 
Semantic search within Earth Observation products databases based on automati...
Semantic search within Earth Observation products databases based on automati...Semantic search within Earth Observation products databases based on automati...
Semantic search within Earth Observation products databases based on automati...
Gasperi Jerome
 
2014.09.04 federated ground segments - toulouse
2014.09.04   federated ground segments - toulouse2014.09.04   federated ground segments - toulouse
2014.09.04 federated ground segments - toulouse
Gasperi Jerome
 
Web Processing Service
Web Processing ServiceWeb Processing Service
Web Processing Service
Gasperi Jerome
 
2014.04.22 - HyDre - Hydroweb Distribution Server
2014.04.22 - HyDre - Hydroweb Distribution Server2014.04.22 - HyDre - Hydroweb Distribution Server
2014.04.22 - HyDre - Hydroweb Distribution Server
Gasperi Jerome
 
Semantic search for Earth Observation products
Semantic search for Earth Observation productsSemantic search for Earth Observation products
Semantic search for Earth Observation products
Gasperi Jerome
 
RESTo - restful semantic search tool for geospatial
RESTo - restful semantic search tool for geospatialRESTo - restful semantic search tool for geospatial
RESTo - restful semantic search tool for geospatial
Gasperi Jerome
 
CNES Data Center
CNES Data CenterCNES Data Center
CNES Data Center
Gasperi Jerome
 
CNES OpenSearch implementations
CNES OpenSearch implementationsCNES OpenSearch implementations
CNES OpenSearch implementations
Gasperi Jerome
 
Web Processing Service
Web Processing ServiceWeb Processing Service
Web Processing Service
Gasperi Jerome
 
Unify Earth Observation products access with OpenSearch
Unify Earth Observation products access with OpenSearchUnify Earth Observation products access with OpenSearch
Unify Earth Observation products access with OpenSearch
Gasperi Jerome
 
CNES activities on semantic search
CNES activities on semantic searchCNES activities on semantic search
CNES activities on semantic search
Gasperi Jerome
 
Traitements de données à la demande - Introduction au Web Processing Service
Traitements de données à la demande - Introduction au Web Processing ServiceTraitements de données à la demande - Introduction au Web Processing Service
Traitements de données à la demande - Introduction au Web Processing Service
Gasperi Jerome
 
Data access and data extraction services within the Land Imagery Portal
Data access and data extraction services within the Land Imagery PortalData access and data extraction services within the Land Imagery Portal
Data access and data extraction services within the Land Imagery Portal
Gasperi Jerome
 
Semantic search applied to Earth Observation products
Semantic search applied to Earth Observation productsSemantic search applied to Earth Observation products
Semantic search applied to Earth Observation products
Gasperi Jerome
 
Accès à l’information satellitaire dans un contexte réactif de catastrophe na...
Accès à l’information satellitaire dans un contexte réactif de catastrophe na...Accès à l’information satellitaire dans un contexte réactif de catastrophe na...
Accès à l’information satellitaire dans un contexte réactif de catastrophe na...
Gasperi Jerome
 

More from Gasperi Jerome (20)

Big data from space - Module Big Data ISAE 2017
Big data from space - Module Big Data ISAE 2017Big data from space - Module Big Data ISAE 2017
Big data from space - Module Big Data ISAE 2017
 
Le Big Data et les données Copernicus
Le Big Data et les données CopernicusLe Big Data et les données Copernicus
Le Big Data et les données Copernicus
 
2016.02.18 big data from space toulouse data science
2016.02.18   big data from space    toulouse data science2016.02.18   big data from space    toulouse data science
2016.02.18 big data from space toulouse data science
 
2015.11.12 big data from space - cusi toulouse
2015.11.12   big data from space - cusi toulouse2015.11.12   big data from space - cusi toulouse
2015.11.12 big data from space - cusi toulouse
 
Big Data - Accès et traitement des données d’Observation de laTerre
Big Data - Accès et traitement des données d’Observation de laTerreBig Data - Accès et traitement des données d’Observation de laTerre
Big Data - Accès et traitement des données d’Observation de laTerre
 
Semantic search within Earth Observation products databases based on automati...
Semantic search within Earth Observation products databases based on automati...Semantic search within Earth Observation products databases based on automati...
Semantic search within Earth Observation products databases based on automati...
 
2014.09.04 federated ground segments - toulouse
2014.09.04   federated ground segments - toulouse2014.09.04   federated ground segments - toulouse
2014.09.04 federated ground segments - toulouse
 
Web Processing Service
Web Processing ServiceWeb Processing Service
Web Processing Service
 
2014.04.22 - HyDre - Hydroweb Distribution Server
2014.04.22 - HyDre - Hydroweb Distribution Server2014.04.22 - HyDre - Hydroweb Distribution Server
2014.04.22 - HyDre - Hydroweb Distribution Server
 
Semantic search for Earth Observation products
Semantic search for Earth Observation productsSemantic search for Earth Observation products
Semantic search for Earth Observation products
 
RESTo - restful semantic search tool for geospatial
RESTo - restful semantic search tool for geospatialRESTo - restful semantic search tool for geospatial
RESTo - restful semantic search tool for geospatial
 
CNES Data Center
CNES Data CenterCNES Data Center
CNES Data Center
 
CNES OpenSearch implementations
CNES OpenSearch implementationsCNES OpenSearch implementations
CNES OpenSearch implementations
 
Web Processing Service
Web Processing ServiceWeb Processing Service
Web Processing Service
 
Unify Earth Observation products access with OpenSearch
Unify Earth Observation products access with OpenSearchUnify Earth Observation products access with OpenSearch
Unify Earth Observation products access with OpenSearch
 
CNES activities on semantic search
CNES activities on semantic searchCNES activities on semantic search
CNES activities on semantic search
 
Traitements de données à la demande - Introduction au Web Processing Service
Traitements de données à la demande - Introduction au Web Processing ServiceTraitements de données à la demande - Introduction au Web Processing Service
Traitements de données à la demande - Introduction au Web Processing Service
 
Data access and data extraction services within the Land Imagery Portal
Data access and data extraction services within the Land Imagery PortalData access and data extraction services within the Land Imagery Portal
Data access and data extraction services within the Land Imagery Portal
 
Semantic search applied to Earth Observation products
Semantic search applied to Earth Observation productsSemantic search applied to Earth Observation products
Semantic search applied to Earth Observation products
 
Accès à l’information satellitaire dans un contexte réactif de catastrophe na...
Accès à l’information satellitaire dans un contexte réactif de catastrophe na...Accès à l’information satellitaire dans un contexte réactif de catastrophe na...
Accès à l’information satellitaire dans un contexte réactif de catastrophe na...
 

Recently uploaded

A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Vadym Kazulkin
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 

Recently uploaded (20)

A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 

Single Sign On with OAuth and OpenID

  • 1. Single Sign On with OAuth and OpenID Jérôme Gasperi WGISS-36 ESA/ESRIN - Frascati, Italy - September 19th, 2013
  • 2. OpenID is an open standard for authentication. Model is based on confidence links between Service Providers and Authentication Providers (i.e. OpenID providers) to achieve Single Sign On authentication
  • 3. OAuth is an open standard for authorization. It provides a method for clients to access server resources on behalf of a resource owner
  • 4. OAuth is an open standard for authorization. It provides a method for clients to access server resources on behalf of a resource owner etc...
  • 5. Experiment Filter access to Kalideos (i.e. SPOT) data through a secured WMS server using OpenID Connect (i.e. OpenID over OAuth)
  • 6. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 7. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 8. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 9. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 10. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 11. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 12. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 13. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 14. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 15. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 16. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 17. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 18. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 19. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 20. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 21. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 22. OpenID Connect planned to be used in Theia (i.e. French Land Surface Thematic Center)