Abhishek Chikane, profile picture
Uploaded byAbhishek Chikane
PPTX, PDF927 views

Authentication Server

The document outlines the implementation of a web-based authentication provider called 'CCI Connect' that authenticates users against an LDAP server using OAuth 1.0. It highlights features such as centralized control of user access, security mechanisms, and flexibility for third-party applications. Users only log in once, as their authentication details are not shared with third-party apps, and they can revoke access when needed.

Embed presentation

Download to read offline
Slide 1 Slide 1 Authentication Server (OAuth2 or similar) The objective of this presentation is to implement an Authentication provider that can be used simply to authenticate users only once. This may be like the one you use for authenticating yourself on Facebook, LinkedIn, or Google. The authentication should be Web-based and/or API-based and should authenticate against our LDAP Server. This provider should also remember which third-party systems are authorized to authenticate against this server and what information, if any, shared. Authentication Client Once a user is authenticated, they should not be required to enter login details again in this system. If the user is not logged in, a login screen should be presented similar to Facebook connect or Google login. Authentication will be done on Authentication provider server and client will get no username/password ever.
Slide 2 Authentication Server Abhishek Chikane
Slide 3 Story Active Directory User Id- Password User Info App1 App2 App3 Apps…
Slide 4 Story – Current Activities Active Directory User Id- Password User Info App1 App2 App3 Apps…
Slide 5 Story – Protected Resources Active Directory User Id- Password User Info 2 1 App 3
Slide 6 Scenario - One CCI Connect is the name given to Authentication Server
Slide 7 Scenario - Two CCI Connect is the name given to Authentication Server
Slide 8 Scenario - Three
Slide 9 Why ? Used for Authentication Authentication Authorization To share Identity Identity Data How it is Centralized Decentralized Centralized handled? Consumer Optional No Yes registration
Slide 10 Why 1.0 ? 1.0
Slide 11 Architecture OAuth 1.0 HTTP LDAP App 1 CCI Connect Active Directory App 2
Slide 12 Communication – First time login Browser App 1 CCI Connect Active Directory Login with CCI Connect Get Request Token Request Token Authorize Redirect to CCI Connect Auth. Page Send Username – Password for Auth. Authenticate User Auth. Result Access Token Access resources Resource data to Callback Redirect to App1 page OAuth 1.0 HTTP LDAP
Slide 13 Communication – Remembered User Browser App 1 CCI Connect Active Directory Login with CCI Connect Get Request Token Request Token Authorize Access Token Access resources Resource data to Callback Redirect to App1 page OAuth 1.0 HTTP LDAP
Slide 14 Features Security • OAuth1.0 Control • Centralized authentication process • Centralized controlling of shared Active Directory protected resources Flexibility and Ease of Use • Third party apps can use any OAuth1.0 client API
Slide 15 Features in detail… Security • For each access third party app has to follow OAuth1.0 protocol • Uses HMAC – SHA1 • No user password is shared with third party app Control • User can revoke access to remembered browsers from CCI connect • Third party apps can be registered or removed • Activity monitoring on CCI connect Flexibility and Ease of Use • No need to use HTTPS to implement OAuth protocol • All data returned from CCI connect is in JSON format in case of successful authentication
Slide 16 Technologies Used • CAS • Java based OAuth 1.0 • JOSSO service provider library • Spring Security Framework Extension
Slide 22 Slide 17 Thanks

More Related Content

PPTX
Saas webinar-dec6-01
byPaul Madsen
 
PPTX
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
byAWS User Group Kochi
 
PPTX
O auth2 with angular js
byBixlabs
 
PDF
Claim based authentaication
bySean Xiong
 
PDF
Single Sign On with OAuth and OpenID
byGasperi Jerome
 
PDF
OAuth
byIván Fernández Perea
 
PDF
Stateless Auth using OAUTH2 & JWT
byMobiliya
 
PDF
O Dell Secure360 Presentation5 12 10b
byBruce O'Dell
 
Saas webinar-dec6-01
byPaul Madsen
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
byAWS User Group Kochi
 
O auth2 with angular js
byBixlabs
 
Claim based authentaication
bySean Xiong
 
Single Sign On with OAuth and OpenID
byGasperi Jerome
 
OAuth
byIván Fernández Perea
 
Stateless Auth using OAUTH2 & JWT
byMobiliya
 
O Dell Secure360 Presentation5 12 10b
byBruce O'Dell
 

What's hot

PDF
OAuth 2.0 and OpenID Connect
byJacob Combs
 
PPTX
Securing your APIs with OAuth, OpenID, and OpenID Connect
byManish Pandit
 
PPTX
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
byNilanjan Roy
 
PPTX
CHATON - MULTIPLATFORM COMMUNICATIONS
byIT Weekend
 
PPTX
Claims Based Authentication A Beginners Guide
byPhuong Nguyen
 
PDF
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
byCloudIDSummit
 
PPTX
A great api is hard to find
byDan Diephouse
 
PDF
Cloud-powered Cross-platform Mobile Apps on AWS
byDanilo Poccia
 
PPTX
Securing online services by combining smart cards and web-based applications
byOlivier Potonniée
 
PDF
Understanding Claim based Authentication
byMohammad Yousri
 
PPTX
How to deploy SharePoint 2010 to external users?
byrlsoft
 
OAuth 2.0 and OpenID Connect
byJacob Combs
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
byManish Pandit
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
byNilanjan Roy
 
CHATON - MULTIPLATFORM COMMUNICATIONS
byIT Weekend
 
Claims Based Authentication A Beginners Guide
byPhuong Nguyen
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
byCloudIDSummit
 
A great api is hard to find
byDan Diephouse
 
Cloud-powered Cross-platform Mobile Apps on AWS
byDanilo Poccia
 
Securing online services by combining smart cards and web-based applications
byOlivier Potonniée
 
Understanding Claim based Authentication
byMohammad Yousri
 
How to deploy SharePoint 2010 to external users?
byrlsoft
 

Similar to Authentication Server

PPTX
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
byBrian Campbell
 
PPTX
Leveraging the azure cloud for your mobile apps
byMarcel de Vries
 
PDF
OAuth: Trust Issues
byLorna Mitchell
 
PDF
Draft Ietf Oauth V2 12
byVishal Shah
 
PPTX
4. tmg 2010 e uag 2010
byFabrizio Volpe
 
PDF
Distributed Identities with OpenID
byBastian Hofmann
 
PDF
New Trends in Web Security
byOliver Pfaff
 
PDF
Analyzing OAuth
byOliver Pfaff
 
PPTX
Identity & access management jonas syrstad
byMeandmine2
 
PDF
Auth experience - vol 1.0
byHaggai Philip Zagury
 
PDF
My private cloud overview
bydavidwchadwick
 
PPTX
Enterprise Access Control Patterns for Rest and Web APIs
byCA API Management
 
KEY
OAuth using PHP5
byNurulazrad Murad
 
PDF
Bufferauthentication
byVishal Shah
 
PPTX
Making Sense of API Access Control
byCA API Management
 
PDF
OAuth 2.0 Updates #technight in Osaka
byNov Matake
 
PPTX
Troubleshooting Federation, ADFS, and More
byMicrosoft TechNet - Belgium and Luxembourg
 
PDF
OAuth 1.0
byNov Matake
 
PPTX
Protecting Online Identities
bygoodfriday
 
PPTX
Protecting Online Identities
bygoodfriday
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
byBrian Campbell
 
Leveraging the azure cloud for your mobile apps
byMarcel de Vries
 
OAuth: Trust Issues
byLorna Mitchell
 
Draft Ietf Oauth V2 12
byVishal Shah
 
4. tmg 2010 e uag 2010
byFabrizio Volpe
 
Distributed Identities with OpenID
byBastian Hofmann
 
New Trends in Web Security
byOliver Pfaff
 
Analyzing OAuth
byOliver Pfaff
 
Identity & access management jonas syrstad
byMeandmine2
 
Auth experience - vol 1.0
byHaggai Philip Zagury
 
My private cloud overview
bydavidwchadwick
 
Enterprise Access Control Patterns for Rest and Web APIs
byCA API Management
 
OAuth using PHP5
byNurulazrad Murad
 
Bufferauthentication
byVishal Shah
 
Making Sense of API Access Control
byCA API Management
 
OAuth 2.0 Updates #technight in Osaka
byNov Matake
 
Troubleshooting Federation, ADFS, and More
byMicrosoft TechNet - Belgium and Luxembourg
 
OAuth 1.0
byNov Matake
 
Protecting Online Identities
bygoodfriday
 
Protecting Online Identities
bygoodfriday
 

More from Abhishek Chikane

PDF
MediaWiki for ALM
byAbhishek Chikane
 
PPTX
Tracking universal immunization
byAbhishek Chikane
 
PDF
Web Application Architecture
byAbhishek Chikane
 
PPTX
Creating Hardware Inventory
byAbhishek Chikane
 
PPTX
Porting Java App To Cloud
byAbhishek Chikane
 
PPTX
Cloud Computing And Salesforce
byAbhishek Chikane
 
PPTX
Changing Trends In Cloud Computing
byAbhishek Chikane
 
PPTX
Live broadcasting
byAbhishek Chikane
 
PPTX
Logger implementation
byAbhishek Chikane
 
PPTX
CAPTCHA
byAbhishek Chikane
 
MediaWiki for ALM
byAbhishek Chikane
 
Tracking universal immunization
byAbhishek Chikane
 
Web Application Architecture
byAbhishek Chikane
 
Creating Hardware Inventory
byAbhishek Chikane
 
Porting Java App To Cloud
byAbhishek Chikane
 
Cloud Computing And Salesforce
byAbhishek Chikane
 
Changing Trends In Cloud Computing
byAbhishek Chikane
 
Live broadcasting
byAbhishek Chikane
 
Logger implementation
byAbhishek Chikane
 
CAPTCHA
byAbhishek Chikane
 

Recently uploaded

PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
Agent Factory -AIOUG Multicloud - Feb 2026
bySandesh Rao
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Agent Factory -AIOUG Multicloud - Feb 2026
bySandesh Rao
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
apidays New York 2025 | AI in Application Security
byapidays
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 

Authentication Server

  • 1.
    Slide 1 Slide 1 Authentication Server (OAuth2 or similar) The objective of this presentation is to implement an Authentication provider that can be used simply to authenticate users only once. This may be like the one you use for authenticating yourself on Facebook, LinkedIn, or Google. The authentication should be Web-based and/or API-based and should authenticate against our LDAP Server. This provider should also remember which third-party systems are authorized to authenticate against this server and what information, if any, shared. Authentication Client Once a user is authenticated, they should not be required to enter login details again in this system. If the user is not logged in, a login screen should be presented similar to Facebook connect or Google login. Authentication will be done on Authentication provider server and client will get no username/password ever.
  • 2.
  • 3.
    Slide 3 Story Active Directory User Id- Password User Info App1 App2 App3 Apps…
  • 4.
    Slide 4 Story – Current Activities Active Directory User Id- Password User Info App1 App2 App3 Apps…
  • 5.
    Slide 5 Story –Protected Resources Active Directory User Id- Password User Info 2 1 App 3
  • 6.
    Slide 6 Scenario - One CCI Connect is the name given to Authentication Server
  • 7.
    Slide 7 Scenario - Two CCI Connect is the name given to Authentication Server
  • 8.
  • 9.
    Slide 9 Why ? Used for Authentication Authentication Authorization To share Identity Identity Data How it is Centralized Decentralized Centralized handled? Consumer Optional No Yes registration
  • 10.
    Slide 10 Why 1.0 ? 1.0
  • 11.
    Slide 11 Architecture OAuth 1.0 HTTP LDAP App 1 CCI Connect Active Directory App 2
  • 12.
    Slide 12 Communication – First time login Browser App 1 CCI Connect Active Directory Login with CCI Connect Get Request Token Request Token Authorize Redirect to CCI Connect Auth. Page Send Username – Password for Auth. Authenticate User Auth. Result Access Token Access resources Resource data to Callback Redirect to App1 page OAuth 1.0 HTTP LDAP
  • 13.
    Slide 13 Communication – Remembered User Browser App 1 CCI Connect Active Directory Login with CCI Connect Get Request Token Request Token Authorize Access Token Access resources Resource data to Callback Redirect to App1 page OAuth 1.0 HTTP LDAP
  • 14.
    Slide 14 Features Security • OAuth1.0 Control • Centralized authentication process • Centralized controlling of shared Active Directory protected resources Flexibility and Ease of Use • Third party apps can use any OAuth1.0 client API
  • 15.
    Slide 15 Features indetail… Security • For each access third party app has to follow OAuth1.0 protocol • Uses HMAC – SHA1 • No user password is shared with third party app Control • User can revoke access to remembered browsers from CCI connect • Third party apps can be registered or removed • Activity monitoring on CCI connect Flexibility and Ease of Use • No need to use HTTPS to implement OAuth protocol • All data returned from CCI connect is in JSON format in case of successful authentication
  • 16.
    Slide 16 Technologies Used • CAS • Java based OAuth 1.0 • JOSSO service provider library • Spring Security Framework Extension
  • 17.
    Slide 22 Slide 17 Thanks