SlideShare a Scribd company logo

CIS 2015- SSO for Mobile and Web Apps- Ashish Jain

CloudIDSummit
CloudIDSummit

In the past Enterprise Mobility Management (EMM) has focused primarily on MDM, MAM and MCM. Recently there has been a lot of focus on the fourth pillar of EMM - Mobile Identity Management (MIM). This session will cover the primary use cases and discuss current solutions available for managed/un-managed, internal/public and mobile/web apps for iOS/Android devices.

Technology
1 of 29
Download to read offline
© 2014 VMware Inc. All rights reserved. SSO for Mobile and Web Apps Ashish Jain @itickr CIS 2015
What we will cover in this Session ? 2 1 Why is this important ? 2 What’s the current experience? 3 What’s the desired experience ? What are my options ? What’s the challenge ? Q & A 4 5 6
Why is this important?
What’s the current experience ?
Mobile App •  Click on Mobile App •  Enter server and user information. Tenant discovery happens. •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access Web App •  Open Mobile Safari •  Enter web url – e.g. https:// www.salesforce.com •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access. 10
Mobile App •  Start VPN app •  Start SecurID App. •  Enter SecurID pin. •  Enter SecurID passcode on VPN app •  Click on Mobile App •  Enter server and user information. Tenant discovery happens. •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access Web App •  Start VPN app •  Start SecurID App. •  Enter SecurID pin. •  Enter SecurID passcode on VPN app •  Open Mobile Safari •  Enter web url – e.g. https:// www.salesforce.com •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access. 11
What’s the desired experience ?
What’s the challenge?
Mobile SSO flow 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP authenticates via AD 5.  IdP sends SAML back to App Server 6.  App Server sends AT back to App 7.  App uses AT to access 1 Mobile App Web View 2 3 4 5 IdP AD 6 7 App Server OAuth AS SAML OAuth
Mobile SSO flow 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP authenticates via AD 5.  IdP sends SAML back to App Server 6.  App Server sends AT back to App 7.  App uses AT to access Mobile App Web View 2 3 4 5 IdP AD 6 7 Mobile App OAuth AS App ServerSAML OAuth 1
Mobile SSO flow 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP authenticates via AD 5.  IdP sends SAML back to App Server 6.  App Server sends AT back to App 7.  App uses AT to access Mobile App Web View 2 3 4 5 IdP AD 6 7 Mobile App OAuth AS App Server Challenges •  Authentication per mobile app •  No validation of access token •  No clean up of cached / offline data OAuth SAML 1
What are my options ?
Use System browser Enroll your device JavaScript trickery Windows 10 NAPPS Use Vendor SDK
1 Mobile App 2 3 4 5 IdP AD 6 7 App Server OAuth AS Use System browser System browser 8 1.  User access Mobile App 2.  App opens system browser 3.  App connects to server 4.  Redirects to IdP 5.  IdP authenticates via AD 6.  IdP sends SAML back to App Server 7.  App Server sends AT back to App 8.  App uses AT to access
1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP sends 401 negotiate 5.  iOS intercepts 6.  On-demand VPN session 7.  Sends Cert to KDC to get a ticket 8.  IdP validates Kerb ticket 9.  IdP sends SAML to App server 10. App server sends OAuth AT to App Mobile App Web View 2 3 4 5 IdP Kerb Adapter AD KDC 67 8 9 10 App Server OAuth AS Enroll your device 1
1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP caches the request 5.  IdP connects with its agent 6.  User authenticates 7.  Sends token back to IdP 8.  IdP sends SAML to App server 9.  App server sends OAuth AT to App 1 Mobile App Web View 2 3 4 5 IdP 6 7 8 App Server OAuth AS IdP Agent 9 JavaScript trickery
1.  User access Mobile App 2.  App RequestTokenAsync to Web Account Manager (WAM) 3.  WAM request token from registered Web Account Provider (WAP) 4.  WAP redirects to IdP 5.  User Authenticates 6.  IdP sends the token back to WAP 7.  WAP sends the token to WAM 8.  WAM returns RequestResult to App 9.  App can access the resource 1 Mobile App 23 4 5 IdP 6 7 8 App Server OAuth AS WAP 9 WAM Web View Windows 10
1 Mobile App 2 4 5 IdP AD 6 7 App Server OAuth AS NAPPS Token Agent 1.  User access Mobile App 2.  Mobile App requests ACDC token 3.  TA gets its own AT/RT 4.  IdP authenticates via AD 5.  TA uses AT to get ACDC for Mobile App 6.  TA passes ACDC to Mobile App 7.  Mobile App uses ACDC to get its AT 8.  App uses AT to access OAuth AS 3 8
Summary
Everything will be amazing but no one will be happy
Use System browser Enroll your device JavaScript trickery Windows 10 NAPPS Use Vendor SDK Minimal code change. Can be implemented now. No code change. Best experience. Requires MDM. Cross platform. Open Standard. Still in spec stage. No code change. Limited App support. Only works for enterprise apps. Platform specific. Not available now.
Q & A Ashish Jain @itickr

Recommended

OpManager - Clickatell integration for SMS notification
OpManager - Clickatell integration for SMS notificationOpManager - Clickatell integration for SMS notification
OpManager - Clickatell integration for SMS notificationManageEngine, Zoho Corporation
 
Build and graduate your app in ring central
Build and graduate your app in ring centralBuild and graduate your app in ring central
Build and graduate your app in ring centralAnirban Sen Chowdhary
 
Can mule integrate with ring central part2
Can mule integrate with ring central part2Can mule integrate with ring central part2
Can mule integrate with ring central part2Anirban Sen Chowdhary
 
SMS retriever API
SMS retriever APISMS retriever API
SMS retriever APIZhe-Hao Hu
 
Sms verification APIs
Sms verification APIsSms verification APIs
Sms verification APIsZhe-Hao Hu
 
Mule integration with linkedin
Mule integration with linkedinMule integration with linkedin
Mule integration with linkedinKhasim Saheb
 
ApiDD Consumer
ApiDD ConsumerApiDD Consumer
ApiDD Consumerapidd
 
How to register your application to authorize o365 graph api
How to register your application to authorize o365 graph apiHow to register your application to authorize o365 graph api
How to register your application to authorize o365 graph apiRakesh SHarma
 

Recommended

OpManager - Clickatell integration for SMS notification
OpManager - Clickatell integration for SMS notificationOpManager - Clickatell integration for SMS notification
OpManager - Clickatell integration for SMS notificationManageEngine, Zoho Corporation
 
Build and graduate your app in ring central
Build and graduate your app in ring centralBuild and graduate your app in ring central
Build and graduate your app in ring centralAnirban Sen Chowdhary
 
Can mule integrate with ring central part2
Can mule integrate with ring central part2Can mule integrate with ring central part2
Can mule integrate with ring central part2Anirban Sen Chowdhary
 
SMS retriever API
SMS retriever APISMS retriever API
SMS retriever APIZhe-Hao Hu
 
Sms verification APIs
Sms verification APIsSms verification APIs
Sms verification APIsZhe-Hao Hu
 
Mule integration with linkedin
Mule integration with linkedinMule integration with linkedin
Mule integration with linkedinKhasim Saheb
 
ApiDD Consumer
ApiDD ConsumerApiDD Consumer
ApiDD Consumerapidd
 
How to register your application to authorize o365 graph api
How to register your application to authorize o365 graph apiHow to register your application to authorize o365 graph api
How to register your application to authorize o365 graph apiRakesh SHarma
 
Apidd Member Management
Apidd Member ManagementApidd Member Management
Apidd Member Managementapidd
 
Rest security in mule
Rest security in muleRest security in mule
Rest security in muleSon Nguyen
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Atlassian
 
Facebook Login & Open Graph Introduction
Facebook Login & Open Graph IntroductionFacebook Login & Open Graph Introduction
Facebook Login & Open Graph IntroductionEric Ping
 
Implementing Google User Authentication In GAE Application
Implementing Google User Authentication In GAE ApplicationImplementing Google User Authentication In GAE Application
Implementing Google User Authentication In GAE ApplicationTC Ong
 
Securing Insecure
Securing InsecureSecuring Insecure
Securing InsecurePrabath Siriwardena
 
Swift to send Push Notifications with Parse Dashboard and
Swift to send Push Notifications with Parse Dashboard and Swift to send Push Notifications with Parse Dashboard and
Swift to send Push Notifications with Parse Dashboard and George Batschinski
 
Bot Framework with Xamarin Forms
Bot Framework with Xamarin FormsBot Framework with Xamarin Forms
Bot Framework with Xamarin FormsCheah Eng Soon
 
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri
 
Working of the internet-IP Address
Working of the internet-IP AddressWorking of the internet-IP Address
Working of the internet-IP AddressCodewizacademy
 
IoT Quick Demo for Heroku & Salesforce
IoT Quick Demo for Heroku & SalesforceIoT Quick Demo for Heroku & Salesforce
IoT Quick Demo for Heroku & SalesforceAkihiro Iwaya
 
Udely App Clone Delivery App Solution
Udely App Clone Delivery App SolutionUdely App Clone Delivery App Solution
Udely App Clone Delivery App SolutioneSiteWorld TechnoLabs Pvt. Ltd.
 
DirectLineAPI - Xamarin.Forms App and Bot Framework Integration
DirectLineAPI - Xamarin.Forms App and Bot Framework IntegrationDirectLineAPI - Xamarin.Forms App and Bot Framework Integration
DirectLineAPI - Xamarin.Forms App and Bot Framework IntegrationBryan Anthony Garcia
 
Indonesia data-lake
Indonesia data-lakeIndonesia data-lake
Indonesia data-lakeMif Masterz
 
Create custom authentication provider and forget the hassle of managing token...
Create custom authentication provider and forget the hassle of managing token...Create custom authentication provider and forget the hassle of managing token...
Create custom authentication provider and forget the hassle of managing token...Rahul Malhotra
 
Getting started with RingCentral
Getting started with RingCentralGetting started with RingCentral
Getting started with RingCentralAnirban Sen Chowdhary
 
Mule roles
Mule rolesMule roles
Mule rolesSon Nguyen
 
The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)Nordic APIs
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIsApigee | Google Cloud
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
 
App Indexing: Blurring the Lines Between Your Website and App
App Indexing: Blurring the Lines Between Your Website and AppApp Indexing: Blurring the Lines Between Your Website and App
App Indexing: Blurring the Lines Between Your Website and AppJuan Gomez
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 

More Related Content

What's hot

Apidd Member Management
Apidd Member ManagementApidd Member Management
Apidd Member Managementapidd
 
Rest security in mule
Rest security in muleRest security in mule
Rest security in muleSon Nguyen
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Atlassian
 
Facebook Login & Open Graph Introduction
Facebook Login & Open Graph IntroductionFacebook Login & Open Graph Introduction
Facebook Login & Open Graph IntroductionEric Ping
 
Implementing Google User Authentication In GAE Application
Implementing Google User Authentication In GAE ApplicationImplementing Google User Authentication In GAE Application
Implementing Google User Authentication In GAE ApplicationTC Ong
 
Swift to send Push Notifications with Parse Dashboard and
Swift to send Push Notifications with Parse Dashboard and Swift to send Push Notifications with Parse Dashboard and
Swift to send Push Notifications with Parse Dashboard and George Batschinski
 
Bot Framework with Xamarin Forms
Bot Framework with Xamarin FormsBot Framework with Xamarin Forms
Bot Framework with Xamarin FormsCheah Eng Soon
 
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri
 
Working of the internet-IP Address
Working of the internet-IP AddressWorking of the internet-IP Address
Working of the internet-IP AddressCodewizacademy
 
IoT Quick Demo for Heroku & Salesforce
IoT Quick Demo for Heroku & SalesforceIoT Quick Demo for Heroku & Salesforce
IoT Quick Demo for Heroku & SalesforceAkihiro Iwaya
 
DirectLineAPI - Xamarin.Forms App and Bot Framework Integration
DirectLineAPI - Xamarin.Forms App and Bot Framework IntegrationDirectLineAPI - Xamarin.Forms App and Bot Framework Integration
DirectLineAPI - Xamarin.Forms App and Bot Framework IntegrationBryan Anthony Garcia
 
Indonesia data-lake
Indonesia data-lakeIndonesia data-lake
Indonesia data-lakeMif Masterz
 
Create custom authentication provider and forget the hassle of managing token...
Create custom authentication provider and forget the hassle of managing token...Create custom authentication provider and forget the hassle of managing token...
Create custom authentication provider and forget the hassle of managing token...Rahul Malhotra
 

What's hot (17)

Apidd Member Management
Apidd Member ManagementApidd Member Management
Apidd Member Management
 
Rest security in mule
Rest security in muleRest security in mule
Rest security in mule
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
 
Facebook Login & Open Graph Introduction
Facebook Login & Open Graph IntroductionFacebook Login & Open Graph Introduction
Facebook Login & Open Graph Introduction
 
Implementing Google User Authentication In GAE Application
Implementing Google User Authentication In GAE ApplicationImplementing Google User Authentication In GAE Application
Implementing Google User Authentication In GAE Application
 
Securing Insecure
Securing InsecureSecuring Insecure
Securing Insecure
 
Swift to send Push Notifications with Parse Dashboard and
Swift to send Push Notifications with Parse Dashboard and Swift to send Push Notifications with Parse Dashboard and
Swift to send Push Notifications with Parse Dashboard and
 
Bot Framework with Xamarin Forms
Bot Framework with Xamarin FormsBot Framework with Xamarin Forms
Bot Framework with Xamarin Forms
 
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
 
Working of the internet-IP Address
Working of the internet-IP AddressWorking of the internet-IP Address
Working of the internet-IP Address
 
IoT Quick Demo for Heroku & Salesforce
IoT Quick Demo for Heroku & SalesforceIoT Quick Demo for Heroku & Salesforce
IoT Quick Demo for Heroku & Salesforce
 
Udely App Clone Delivery App Solution
Udely App Clone Delivery App SolutionUdely App Clone Delivery App Solution
Udely App Clone Delivery App Solution
 
DirectLineAPI - Xamarin.Forms App and Bot Framework Integration
DirectLineAPI - Xamarin.Forms App and Bot Framework IntegrationDirectLineAPI - Xamarin.Forms App and Bot Framework Integration
DirectLineAPI - Xamarin.Forms App and Bot Framework Integration
 
Indonesia data-lake
Indonesia data-lakeIndonesia data-lake
Indonesia data-lake
 
Create custom authentication provider and forget the hassle of managing token...
Create custom authentication provider and forget the hassle of managing token...Create custom authentication provider and forget the hassle of managing token...
Create custom authentication provider and forget the hassle of managing token...
 
Getting started with RingCentral
Getting started with RingCentralGetting started with RingCentral
Getting started with RingCentral
 
Mule roles
Mule rolesMule roles
Mule roles
 

Similar to CIS 2015- SSO for Mobile and Web Apps- Ashish Jain

The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)Nordic APIs
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIsApigee | Google Cloud
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
 
App Indexing: Blurring the Lines Between Your Website and App
App Indexing: Blurring the Lines Between Your Website and AppApp Indexing: Blurring the Lines Between Your Website and App
App Indexing: Blurring the Lines Between Your Website and AppJuan Gomez
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCloudIDSummit
 
Using the Google SafetyNet API for Banking & Finance
Using the Google SafetyNet API for Banking & FinanceUsing the Google SafetyNet API for Banking & Finance
Using the Google SafetyNet API for Banking & FinanceHitesh Sahu
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorMifrazMurthaja
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Extensible Api Management with WSO2 API Manager
Extensible Api Management with WSO2 API ManagerExtensible Api Management with WSO2 API Manager
Extensible Api Management with WSO2 API ManagerWSO2
 
Extensible API Management
Extensible API ManagementExtensible API Management
Extensible API ManagementWSO2
 
Identity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsIdentity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsTom Freestone
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsSalesforce Developers
 
Clef security architecture
Clef security architectureClef security architecture
Clef security architecturejessepollak
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCloudIDSummit
 

Similar to CIS 2015- SSO for Mobile and Web Apps- Ashish Jain (20)

The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
 
App Indexing: Blurring the Lines Between Your Website and App
App Indexing: Blurring the Lines Between Your Website and AppApp Indexing: Blurring the Lines Between Your Website and App
App Indexing: Blurring the Lines Between Your Website and App
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
 
Using the Google SafetyNet API for Banking & Finance
Using the Google SafetyNet API for Banking & FinanceUsing the Google SafetyNet API for Banking & Finance
Using the Google SafetyNet API for Banking & Finance
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound Authenticator
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Gcm tutorial
Gcm tutorialGcm tutorial
Gcm tutorial
 
Extensible Api Management with WSO2 API Manager
Extensible Api Management with WSO2 API ManagerExtensible Api Management with WSO2 API Manager
Extensible Api Management with WSO2 API Manager
 
Extensible API Management
Extensible API ManagementExtensible API Management
Extensible API Management
 
Identity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsIdentity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation Apps
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected Apps
 
Clef security architecture
Clef security architectureClef security architecture
Clef security architecture
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Enhancing your Security APIs
Enhancing your Security APIsEnhancing your Security APIs
Enhancing your Security APIs
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David Chase
 

More from CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

More from CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Recently uploaded

Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...Product School
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Alison B. Lowndes
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 

Recently uploaded (20)

Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 

CIS 2015- SSO for Mobile and Web Apps- Ashish Jain

  • 1. © 2014 VMware Inc. All rights reserved. SSO for Mobile and Web Apps Ashish Jain @itickr CIS 2015
  • 2. What we will cover in this Session ? 2 1 Why is this important ? 2 What’s the current experience? 3 What’s the desired experience ? What are my options ? What’s the challenge ? Q & A 4 5 6
  • 3. Why is this important?
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. What’s the current experience ?
  • 10. Mobile App •  Click on Mobile App •  Enter server and user information. Tenant discovery happens. •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access Web App •  Open Mobile Safari •  Enter web url – e.g. https:// www.salesforce.com •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access. 10
  • 11. Mobile App •  Start VPN app •  Start SecurID App. •  Enter SecurID pin. •  Enter SecurID passcode on VPN app •  Click on Mobile App •  Enter server and user information. Tenant discovery happens. •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access Web App •  Start VPN app •  Start SecurID App. •  Enter SecurID pin. •  Enter SecurID passcode on VPN app •  Open Mobile Safari •  Enter web url – e.g. https:// www.salesforce.com •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access. 11
  • 12. What’s the desired experience ?
  • 13.
  • 14.
  • 16. Mobile SSO flow 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP authenticates via AD 5.  IdP sends SAML back to App Server 6.  App Server sends AT back to App 7.  App uses AT to access 1 Mobile App Web View 2 3 4 5 IdP AD 6 7 App Server OAuth AS SAML OAuth
  • 17. Mobile SSO flow 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP authenticates via AD 5.  IdP sends SAML back to App Server 6.  App Server sends AT back to App 7.  App uses AT to access Mobile App Web View 2 3 4 5 IdP AD 6 7 Mobile App OAuth AS App ServerSAML OAuth 1
  • 18. Mobile SSO flow 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP authenticates via AD 5.  IdP sends SAML back to App Server 6.  App Server sends AT back to App 7.  App uses AT to access Mobile App Web View 2 3 4 5 IdP AD 6 7 Mobile App OAuth AS App Server Challenges •  Authentication per mobile app •  No validation of access token •  No clean up of cached / offline data OAuth SAML 1
  • 19. What are my options ?
  • 20. Use System browser Enroll your device JavaScript trickery Windows 10 NAPPS Use Vendor SDK
  • 21. 1 Mobile App 2 3 4 5 IdP AD 6 7 App Server OAuth AS Use System browser System browser 8 1.  User access Mobile App 2.  App opens system browser 3.  App connects to server 4.  Redirects to IdP 5.  IdP authenticates via AD 6.  IdP sends SAML back to App Server 7.  App Server sends AT back to App 8.  App uses AT to access
  • 22. 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP sends 401 negotiate 5.  iOS intercepts 6.  On-demand VPN session 7.  Sends Cert to KDC to get a ticket 8.  IdP validates Kerb ticket 9.  IdP sends SAML to App server 10. App server sends OAuth AT to App Mobile App Web View 2 3 4 5 IdP Kerb Adapter AD KDC 67 8 9 10 App Server OAuth AS Enroll your device 1
  • 23. 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP caches the request 5.  IdP connects with its agent 6.  User authenticates 7.  Sends token back to IdP 8.  IdP sends SAML to App server 9.  App server sends OAuth AT to App 1 Mobile App Web View 2 3 4 5 IdP 6 7 8 App Server OAuth AS IdP Agent 9 JavaScript trickery
  • 24. 1.  User access Mobile App 2.  App RequestTokenAsync to Web Account Manager (WAM) 3.  WAM request token from registered Web Account Provider (WAP) 4.  WAP redirects to IdP 5.  User Authenticates 6.  IdP sends the token back to WAP 7.  WAP sends the token to WAM 8.  WAM returns RequestResult to App 9.  App can access the resource 1 Mobile App 23 4 5 IdP 6 7 8 App Server OAuth AS WAP 9 WAM Web View Windows 10
  • 25. 1 Mobile App 2 4 5 IdP AD 6 7 App Server OAuth AS NAPPS Token Agent 1.  User access Mobile App 2.  Mobile App requests ACDC token 3.  TA gets its own AT/RT 4.  IdP authenticates via AD 5.  TA uses AT to get ACDC for Mobile App 6.  TA passes ACDC to Mobile App 7.  Mobile App uses ACDC to get its AT 8.  App uses AT to access OAuth AS 3 8
  • 27. Everything will be amazing but no one will be happy
  • 28. Use System browser Enroll your device JavaScript trickery Windows 10 NAPPS Use Vendor SDK Minimal code change. Can be implemented now. No code change. Best experience. Requires MDM. Cross platform. Open Standard. Still in spec stage. No code change. Limited App support. Only works for enterprise apps. Platform specific. Not available now.
  • 29. Q & A Ashish Jain @itickr