SlideShare a Scribd company logo
Single Sign On with OAuth and OpenID
Jérôme Gasperi
WGISS-36
ESA/ESRIN - Frascati, Italy - September 19th, 2013
OpenID is an open standard for authentication.
Model is based on confidence links between Service
Providers and Authentication Providers (i.e. OpenID
providers) to achieve Single Sign On authentication
OAuth is an open standard for authorization.
It provides a method for clients to access server
resources on behalf of a resource owner
OAuth is an open standard for authorization.
It provides a method for clients to access server
resources on behalf of a resource owner
etc...
Experiment

Filter access to Kalideos (i.e. SPOT) data
through a secured WMS server using OpenID
Connect (i.e. OpenID over OAuth)
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
Identity
Server

10. Return user information

7. Return user information
6. Get user information
using OAuth token

9. Send OAuth token for
validation and get user
information
3. Authentication with OAuth
(OpenID Connect)

2. Redirect to Identity Server

13. Create user session
12. Get user rights

4. Return OAuth token

WMS
Server

5. Send OAuth token

11. Ask for user rights

Kalideos Server

1. Ask for authentication

8. Send OAuth token

14. Ask for WMS feed
15. Return WMS feed

LDAP
OpenID Connect planned to be used in Theia
(i.e. French Land Surface Thematic Center)
Single Sign On with OAuth and OpenID

More Related Content

What's hot

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
Brian Campbell
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
Nov Matake
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
Eugene Siow
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID Connect
Marcin Wolnik
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
Salesforce Developers
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenID
Prabath Siriwardena
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2
axykim00
 
ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2
Rodrigo Cândido da Silva
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
Igor Bossenko
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
Oracle Corporation
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0
Vladimir Dzhuvinov
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound Authenticator
MifrazMurthaja
 
OpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebOpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the Web
Richard Metzler
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primer
Manish Pandit
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
Jon Todd
 
Workshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateWorkshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederate
Craig Wu
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
NexThoughts Technologies
 

What's hot (20)

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
 
OAuth2 & OpenID Connect
OAuth2 & OpenID ConnectOAuth2 & OpenID Connect
OAuth2 & OpenID Connect
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenID
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2
 
ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound Authenticator
 
OpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the WebOpenID vs OAuth - Identity on the Web
OpenID vs OAuth - Identity on the Web
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primer
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
 
Workshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateWorkshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederate
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
 

Similar to Single Sign On with OAuth and OpenID

Auth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesAuth proxy pattern on Kubernetes
Auth proxy pattern on Kubernetes
Michał Wcisło
 
diagram_sources.pptx
diagram_sources.pptxdiagram_sources.pptx
diagram_sources.pptx
UsmanShafi27
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring Boot
Geert Pante
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
Mobiliya
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
Novell
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
Gaurav Roy
 
2310 b 16
2310 b 162310 b 16
2310 b 16
Krazy Koder
 
2310 b 16
2310 b 162310 b 16
2310 b 16
Krazy Koder
 
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign OnHelp! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Saloni Shah
 
Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management Platform
Ian Foster
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and Mobile
ForgeRock
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
LiamWadman
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
ChrisWood262
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
guestd5dde6
 
What the Heck is OAuth and OpenID Connect? Connect.Tech 2017
What the Heck is OAuth and OpenID Connect? Connect.Tech 2017What the Heck is OAuth and OpenID Connect? Connect.Tech 2017
What the Heck is OAuth and OpenID Connect? Connect.Tech 2017
Matt Raible
 
Getting Started with Globus for Developers
Getting Started with Globus for DevelopersGetting Started with Globus for Developers
Getting Started with Globus for Developers
Globus
 
Tags
TagsTags
Tags
jcvengal
 
Luminis Iv To Exchange Labs
Luminis Iv To Exchange LabsLuminis Iv To Exchange Labs
Luminis Iv To Exchange Labs
Melissa Miller
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
Aaron Ralls
 

Similar to Single Sign On with OAuth and OpenID (20)

Auth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesAuth proxy pattern on Kubernetes
Auth proxy pattern on Kubernetes
 
diagram_sources.pptx
diagram_sources.pptxdiagram_sources.pptx
diagram_sources.pptx
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring Boot
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
2310 b 16
2310 b 162310 b 16
2310 b 16
 
2310 b 16
2310 b 162310 b 16
2310 b 16
 
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign OnHelp! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
 
Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management Platform
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and Mobile
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
 
UserCentric Identity based Service Invocation
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
 
What the Heck is OAuth and OpenID Connect? Connect.Tech 2017
What the Heck is OAuth and OpenID Connect? Connect.Tech 2017What the Heck is OAuth and OpenID Connect? Connect.Tech 2017
What the Heck is OAuth and OpenID Connect? Connect.Tech 2017
 
Getting Started with Globus for Developers
Getting Started with Globus for DevelopersGetting Started with Globus for Developers
Getting Started with Globus for Developers
 
Tags
TagsTags
Tags
 
Luminis Iv To Exchange Labs
Luminis Iv To Exchange LabsLuminis Iv To Exchange Labs
Luminis Iv To Exchange Labs
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 

More from Gasperi Jerome

Big data from space - Module Big Data ISAE 2017
Big data from space - Module Big Data ISAE 2017Big data from space - Module Big Data ISAE 2017
Big data from space - Module Big Data ISAE 2017
Gasperi Jerome
 
Le Big Data et les données Copernicus
Le Big Data et les données CopernicusLe Big Data et les données Copernicus
Le Big Data et les données Copernicus
Gasperi Jerome
 
2016.02.18 big data from space toulouse data science
2016.02.18   big data from space    toulouse data science2016.02.18   big data from space    toulouse data science
2016.02.18 big data from space toulouse data science
Gasperi Jerome
 
2015.11.12 big data from space - cusi toulouse
2015.11.12   big data from space - cusi toulouse2015.11.12   big data from space - cusi toulouse
2015.11.12 big data from space - cusi toulouse
Gasperi Jerome
 
Big Data - Accès et traitement des données d’Observation de laTerre
Big Data - Accès et traitement des données d’Observation de laTerreBig Data - Accès et traitement des données d’Observation de laTerre
Big Data - Accès et traitement des données d’Observation de laTerre
Gasperi Jerome
 
Semantic search within Earth Observation products databases based on automati...
Semantic search within Earth Observation products databases based on automati...Semantic search within Earth Observation products databases based on automati...
Semantic search within Earth Observation products databases based on automati...
Gasperi Jerome
 
2014.09.04 federated ground segments - toulouse
2014.09.04   federated ground segments - toulouse2014.09.04   federated ground segments - toulouse
2014.09.04 federated ground segments - toulouse
Gasperi Jerome
 
Web Processing Service
Web Processing ServiceWeb Processing Service
Web Processing Service
Gasperi Jerome
 
2014.04.22 - HyDre - Hydroweb Distribution Server
2014.04.22 - HyDre - Hydroweb Distribution Server2014.04.22 - HyDre - Hydroweb Distribution Server
2014.04.22 - HyDre - Hydroweb Distribution Server
Gasperi Jerome
 
Semantic search for Earth Observation products
Semantic search for Earth Observation productsSemantic search for Earth Observation products
Semantic search for Earth Observation products
Gasperi Jerome
 
RESTo - restful semantic search tool for geospatial
RESTo - restful semantic search tool for geospatialRESTo - restful semantic search tool for geospatial
RESTo - restful semantic search tool for geospatial
Gasperi Jerome
 
CNES Data Center
CNES Data CenterCNES Data Center
CNES Data Center
Gasperi Jerome
 
CNES OpenSearch implementations
CNES OpenSearch implementationsCNES OpenSearch implementations
CNES OpenSearch implementations
Gasperi Jerome
 
Web Processing Service
Web Processing ServiceWeb Processing Service
Web Processing Service
Gasperi Jerome
 
Unify Earth Observation products access with OpenSearch
Unify Earth Observation products access with OpenSearchUnify Earth Observation products access with OpenSearch
Unify Earth Observation products access with OpenSearch
Gasperi Jerome
 
CNES activities on semantic search
CNES activities on semantic searchCNES activities on semantic search
CNES activities on semantic search
Gasperi Jerome
 
Traitements de données à la demande - Introduction au Web Processing Service
Traitements de données à la demande - Introduction au Web Processing ServiceTraitements de données à la demande - Introduction au Web Processing Service
Traitements de données à la demande - Introduction au Web Processing Service
Gasperi Jerome
 
Data access and data extraction services within the Land Imagery Portal
Data access and data extraction services within the Land Imagery PortalData access and data extraction services within the Land Imagery Portal
Data access and data extraction services within the Land Imagery Portal
Gasperi Jerome
 
Semantic search applied to Earth Observation products
Semantic search applied to Earth Observation productsSemantic search applied to Earth Observation products
Semantic search applied to Earth Observation products
Gasperi Jerome
 
Accès à l’information satellitaire dans un contexte réactif de catastrophe na...
Accès à l’information satellitaire dans un contexte réactif de catastrophe na...Accès à l’information satellitaire dans un contexte réactif de catastrophe na...
Accès à l’information satellitaire dans un contexte réactif de catastrophe na...
Gasperi Jerome
 

More from Gasperi Jerome (20)

Big data from space - Module Big Data ISAE 2017
Big data from space - Module Big Data ISAE 2017Big data from space - Module Big Data ISAE 2017
Big data from space - Module Big Data ISAE 2017
 
Le Big Data et les données Copernicus
Le Big Data et les données CopernicusLe Big Data et les données Copernicus
Le Big Data et les données Copernicus
 
2016.02.18 big data from space toulouse data science
2016.02.18   big data from space    toulouse data science2016.02.18   big data from space    toulouse data science
2016.02.18 big data from space toulouse data science
 
2015.11.12 big data from space - cusi toulouse
2015.11.12   big data from space - cusi toulouse2015.11.12   big data from space - cusi toulouse
2015.11.12 big data from space - cusi toulouse
 
Big Data - Accès et traitement des données d’Observation de laTerre
Big Data - Accès et traitement des données d’Observation de laTerreBig Data - Accès et traitement des données d’Observation de laTerre
Big Data - Accès et traitement des données d’Observation de laTerre
 
Semantic search within Earth Observation products databases based on automati...
Semantic search within Earth Observation products databases based on automati...Semantic search within Earth Observation products databases based on automati...
Semantic search within Earth Observation products databases based on automati...
 
2014.09.04 federated ground segments - toulouse
2014.09.04   federated ground segments - toulouse2014.09.04   federated ground segments - toulouse
2014.09.04 federated ground segments - toulouse
 
Web Processing Service
Web Processing ServiceWeb Processing Service
Web Processing Service
 
2014.04.22 - HyDre - Hydroweb Distribution Server
2014.04.22 - HyDre - Hydroweb Distribution Server2014.04.22 - HyDre - Hydroweb Distribution Server
2014.04.22 - HyDre - Hydroweb Distribution Server
 
Semantic search for Earth Observation products
Semantic search for Earth Observation productsSemantic search for Earth Observation products
Semantic search for Earth Observation products
 
RESTo - restful semantic search tool for geospatial
RESTo - restful semantic search tool for geospatialRESTo - restful semantic search tool for geospatial
RESTo - restful semantic search tool for geospatial
 
CNES Data Center
CNES Data CenterCNES Data Center
CNES Data Center
 
CNES OpenSearch implementations
CNES OpenSearch implementationsCNES OpenSearch implementations
CNES OpenSearch implementations
 
Web Processing Service
Web Processing ServiceWeb Processing Service
Web Processing Service
 
Unify Earth Observation products access with OpenSearch
Unify Earth Observation products access with OpenSearchUnify Earth Observation products access with OpenSearch
Unify Earth Observation products access with OpenSearch
 
CNES activities on semantic search
CNES activities on semantic searchCNES activities on semantic search
CNES activities on semantic search
 
Traitements de données à la demande - Introduction au Web Processing Service
Traitements de données à la demande - Introduction au Web Processing ServiceTraitements de données à la demande - Introduction au Web Processing Service
Traitements de données à la demande - Introduction au Web Processing Service
 
Data access and data extraction services within the Land Imagery Portal
Data access and data extraction services within the Land Imagery PortalData access and data extraction services within the Land Imagery Portal
Data access and data extraction services within the Land Imagery Portal
 
Semantic search applied to Earth Observation products
Semantic search applied to Earth Observation productsSemantic search applied to Earth Observation products
Semantic search applied to Earth Observation products
 
Accès à l’information satellitaire dans un contexte réactif de catastrophe na...
Accès à l’information satellitaire dans un contexte réactif de catastrophe na...Accès à l’information satellitaire dans un contexte réactif de catastrophe na...
Accès à l’information satellitaire dans un contexte réactif de catastrophe na...
 

Recently uploaded

Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
HackersList
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
Axel Rennoch
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
aakash malhotra
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
BrainSell Technologies
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
maigasapphire
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
313mohammedarshad
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
SynapseIndia
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
bellared2
 
Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
Ivanti
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 

Recently uploaded (20)

Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
 
Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
 

Single Sign On with OAuth and OpenID

  • 1. Single Sign On with OAuth and OpenID Jérôme Gasperi WGISS-36 ESA/ESRIN - Frascati, Italy - September 19th, 2013
  • 2. OpenID is an open standard for authentication. Model is based on confidence links between Service Providers and Authentication Providers (i.e. OpenID providers) to achieve Single Sign On authentication
  • 3. OAuth is an open standard for authorization. It provides a method for clients to access server resources on behalf of a resource owner
  • 4. OAuth is an open standard for authorization. It provides a method for clients to access server resources on behalf of a resource owner etc...
  • 5. Experiment Filter access to Kalideos (i.e. SPOT) data through a secured WMS server using OpenID Connect (i.e. OpenID over OAuth)
  • 6. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 7. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 8. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 9. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 10. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 11. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 12. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 13. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 14. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 15. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 16. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 17. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 18. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 19. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 20. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 21. Identity Server 10. Return user information 7. Return user information 6. Get user information using OAuth token 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 2. Redirect to Identity Server 13. Create user session 12. Get user rights 4. Return OAuth token WMS Server 5. Send OAuth token 11. Ask for user rights Kalideos Server 1. Ask for authentication 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed LDAP
  • 22. OpenID Connect planned to be used in Theia (i.e. French Land Surface Thematic Center)