SlideShare a Scribd company logo

FIWARE Identity Manager Exercises

Joaquín Salvachúa
Joaquín Salvachúa

This document outlines exercises for adding identity management and access control to applications using FIWARE. The exercises include creating a FIWARE account, managing organizations, registering an application, adding OAuth2 authentication to applications using libraries or code examples, and securing backends using authentication with Wilma and authorization with roles, permissions, and advanced XACML rules. The document provides prerequisites, steps, and hints for completing each exercise ranging from easy to hard levels of difficulty.

Software
1 of 12
Download to read offline
Adding Identity Management and Access Control to your Application - Exercises Joaquin Salvachúa -Álvaro Alonso UPM – DIT Security Chapter. FIWARE joaquin.salvachua@upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso  
Exercises index •  Sec-1. Creating a FIWARE account •  Sec-2. Managing organizations •  Sec-3. Registering an application •  Sec-4. Adding OAuth2 to your application (based on our Node.js template) •  Sec-5. Adding OAuth2 to your application (using an OAuth2 library) •  Sec-6. Securing your backend Authentication •  Sec-7. Securing your backend Basic Authorization •  Sec-8. Securing your backend Advanced Authorization
Sec-1. Creating a FIWARE account •  Prerequisite –  To have an Internet connection J •  Steps –  Go to https://account.lab.fiware.org –  Click in “Sign Up” –  Fill your data –  Confirm your account from the email confirmation •  Hints –  If you don’t receive the email confirmation… check your spam Easy  
Sec-2. Managing organizations •  Prerequisite –  To have a FIWARE account •  Steps –  Go to https://account.lab.fiware.org –  Sign In –  Create an Organization –  Add members to it •  Hints –  To manage an organization you have to switch to it using the dropdown in the upper right corner. Easy  
Sec-3. Registering an application •  Prerequisite –  To have a FIWARE account •  Steps –  Go to https://account.lab.fiware.org –  Sign In –  Register an application •  Hints –  You have to set: •  URL: the url where your app will run •  Callback URL: the url where Account Portal will redirect your users once authenticated Easy  
Sec-4 (1). Adding OAuth2 to your application (based on our Node.js template) •  Prerequisites –  To have an application registered in the Account Portal –  To learn how OAuth2 works •  Steps –  Clone our demo example: •  https://github.com/ging/oauth2-example-client –  Follow the instructions in the README •  You will find client_secret and client_id in the application detail: Easy  
Sec-4 (2). Adding OAuth2 to your application (based on our Node.js template) •  Hints –  Learn about OAuth2: •  http://oauth.net/2/ –  FIWARE Account flows: •  http://es.slideshare.net/alvaroalonsogonzalez/id-m-andac –  FIWARE Account OAuth2 docs •  https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance –  Advanced courses: •  http://edu.fi-ware.org/course/view.php?id=79 •  http://edu.fi-ware.org/course/view.php?id=63 Easy  
Sec-5. Adding OAuth2 to your application (using an OAuth2 library) •  Prerequisite –  To have an application registered in the Account Portal –  To have your own application •  Steps –  Include an OAuth2 library in your app –  Configure it using the OAuth credentials generated in the Account Portal –  Follow the library instructions to use it •  Hints –  OAuth2 libraries •  http://oauth.net/2/ Medium  
Sec-6. Securing your backend Authentication •  Prerequisite –  To have a frontend app using OAuth and FIWARE Account –  To have a REST-based backend service •  Steps –  Clone our PEP-Proxy Wilma •  https://github.com/ging/fi-ware-pep-proxy –  Configure it following the README •  app_host and app_port are the coordinates of your backend REST API –  Now your requests to your backend •  Has to be sent to the proxy •  Has to include “X-Auth-Token” header with the OAuth2 access token •  Hints –  Wilma docs •  http://catalogue.fiware.org/enablers/pep-proxy-wilma Medium  
Sec-7. Securing your backend Basic Authorization •  Prerequisite –  To have a Wilma deployed on top of your backend •  Steps –  Enable the “check_permissions” option in Wilma’s config –  Edit your application in Account Portal •  Create a new role •  Create a new permission with –  HTTP action – GET, POST, PUT, DELETE –  REST resource – the url of your resource •  Assign the role to a user •  Check the request in your App •  Hints –  AuthZForce docs •  http://catalogue.fiware.org/enablers/authorization-pdp-authzforce Hard  
Sec-8. Securing your backend Advanced Authorization •  Prerequisite –  To have a Wilma deployed on top of your backend •  Steps –  Modify Wilma in order to manage XACML Requests •  You can check request params such as body, headers… –  Edit your application in Account Portal •  Create a new role •  Create a new permission with an advanced rule (XACML) •  Assign the role to a user •  Check the request in your App •  Hints –  AuthZForce docs •  http://catalogue.fiware.org/enablers/authorization-pdp-authzforce –  XACML •  https://www.oasis-open.org/committees/xacml/ Hard  
Adding Identity Management and Access Control to your Application - Exercises Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso  

Recommended

FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity Manager
Joaquín Salvachúa
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - Exersices
Álvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
Álvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
Fernando Lopez Aguilar
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solution
Javier Cerviño
 
IdM and AC
IdM and ACIdM and AC
IdM and AC
Fernando Lopez Aguilar
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - Introduction
Javier Cerviño
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, Authorization
Fernando Lopez Aguilar
 

Recommended

FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity Manager
Joaquín Salvachúa
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - Exersices
Álvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
Álvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
Fernando Lopez Aguilar
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solution
Javier Cerviño
 
IdM and AC
IdM and ACIdM and AC
IdM and AC
Fernando Lopez Aguilar
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - Introduction
Javier Cerviño
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, Authorization
Fernando Lopez Aguilar
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
Álvaro Alonso González
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
FIWARE
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
axykim00
 
Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabath
WSO2
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFS
John Gasper
 
Api security
Api security Api security
Api security
teodorcotruta
 
D@W REST security
D@W REST securityD@W REST security
D@W REST securityGaurav Sharma
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthfossmy
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
Stormpath
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2
Jonathan LeBlanc
 
OAuth Tokens
OAuth TokensOAuth Tokens
OAuth Tokens
n|u - The Open Security Community
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
Stormpath
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017
Dejan Glozic
 
Intro20 socioeconomia
Intro20 socioeconomiaIntro20 socioeconomia
Intro20 socioeconomia
Joaquín Salvachúa
 
Ganar el desafio android
Ganar el desafio androidGanar el desafio android
Ganar el desafio android
Joaquín Salvachúa
 
Aide caritative
Aide caritativeAide caritative
Aide caritativeodelclos
 
Embracing Enterprise 2.0
Embracing Enterprise 2.0Embracing Enterprise 2.0
Embracing Enterprise 2.0
Alan Lepofsky
 
Conversations Connect People and Content
Conversations Connect People and ContentConversations Connect People and Content
Conversations Connect People and ContentAlan Lepofsky
 
The Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
The Future of Social in the Enterprise - by Alan Lepofsky and Dion HinchcliffeThe Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
The Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
Alan Lepofsky
 
Introducción al ecosistema de React.js
Introducción al ecosistema de React.jsIntroducción al ecosistema de React.js
Introducción al ecosistema de React.js
Joaquín Salvachúa
 

More Related Content

What's hot

Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
Álvaro Alonso González
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
FIWARE
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
axykim00
 
Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabath
WSO2
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFS
John Gasper
 
Api security
Api security Api security
Api security
teodorcotruta
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthfossmy
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
Stormpath
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2
Jonathan LeBlanc
 
OAuth Tokens
OAuth TokensOAuth Tokens
OAuth Tokens
n|u - The Open Security Community
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
Stormpath
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017
Dejan Glozic
 

What's hot (15)

Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 
Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabath
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFS
 
Api security
Api security Api security
Api security
 
D@W REST security
D@W REST securityD@W REST security
D@W REST security
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuth
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2
 
OAuth Tokens
OAuth TokensOAuth Tokens
OAuth Tokens
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017
 

Viewers also liked

Intro20 socioeconomia
Intro20 socioeconomiaIntro20 socioeconomia
Intro20 socioeconomia
Joaquín Salvachúa
 
Ganar el desafio android
Ganar el desafio androidGanar el desafio android
Ganar el desafio android
Joaquín Salvachúa
 
Aide caritative
Aide caritativeAide caritative
Aide caritativeodelclos
 
Embracing Enterprise 2.0
Embracing Enterprise 2.0Embracing Enterprise 2.0
Embracing Enterprise 2.0
Alan Lepofsky
 
Conversations Connect People and Content
Conversations Connect People and ContentConversations Connect People and Content
Conversations Connect People and ContentAlan Lepofsky
 
The Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
The Future of Social in the Enterprise - by Alan Lepofsky and Dion HinchcliffeThe Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
The Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
Alan Lepofsky
 
Introducción al ecosistema de React.js
Introducción al ecosistema de React.jsIntroducción al ecosistema de React.js
Introducción al ecosistema de React.js
Joaquín Salvachúa
 
Purposeful collaboration
Purposeful collaborationPurposeful collaboration
Purposeful collaboration
Alan Lepofsky
 

Viewers also liked (8)

Intro20 socioeconomia
Intro20 socioeconomiaIntro20 socioeconomia
Intro20 socioeconomia
 
Ganar el desafio android
Ganar el desafio androidGanar el desafio android
Ganar el desafio android
 
Aide caritative
Aide caritativeAide caritative
Aide caritative
 
Embracing Enterprise 2.0
Embracing Enterprise 2.0Embracing Enterprise 2.0
Embracing Enterprise 2.0
 
Conversations Connect People and Content
Conversations Connect People and ContentConversations Connect People and Content
Conversations Connect People and Content
 
The Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
The Future of Social in the Enterprise - by Alan Lepofsky and Dion HinchcliffeThe Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
The Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
 
Introducción al ecosistema de React.js
Introducción al ecosistema de React.jsIntroducción al ecosistema de React.js
Introducción al ecosistema de React.js
 
Purposeful collaboration
Purposeful collaborationPurposeful collaboration
Purposeful collaboration
 

Similar to FIWARE Identity Manager Exercises

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Álvaro Alonso González
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
Miguel García González
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
FIWARE
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-dit
Joaquín Salvachúa
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
South Tyrol Free Software Conference
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
FIWARE
 
Social Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectSocial Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID Connect
James Melville
 
Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure
Álvaro Alonso González
 
WireCloud Exercises - FIWARE Developers Week
WireCloud Exercises - FIWARE Developers WeekWireCloud Exercises - FIWARE Developers Week
WireCloud Exercises - FIWARE Developers Week
Miguel Jiménez
 
Cloud Portal - Lesson 1. Introduction
Cloud Portal - Lesson 1. IntroductionCloud Portal - Lesson 1. Introduction
Cloud Portal - Lesson 1. Introduction
Álvaro Alonso González
 
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsDevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
Amazon Web Services
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
clarendonint
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
Richard Conway
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
PHP, OAuth, Web Services and YQL
PHP, OAuth, Web Services and YQLPHP, OAuth, Web Services and YQL
PHP, OAuth, Web Services and YQL
kulor
 
OAuth
OAuthOAuth
OAuth
Tom Elrod
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialBastian Hofmann
 
API-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the FutureAPI-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the Future
Pat Patterson
 

Similar to FIWARE Identity Manager Exercises (20)

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-dit
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
Social Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectSocial Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID Connect
 
Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure
 
WireCloud Exercises - FIWARE Developers Week
WireCloud Exercises - FIWARE Developers WeekWireCloud Exercises - FIWARE Developers Week
WireCloud Exercises - FIWARE Developers Week
 
Cloud Portal - Lesson 1. Introduction
Cloud Portal - Lesson 1. IntroductionCloud Portal - Lesson 1. Introduction
Cloud Portal - Lesson 1. Introduction
 
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsDevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
 
PHP, OAuth, Web Services and YQL
PHP, OAuth, Web Services and YQLPHP, OAuth, Web Services and YQL
PHP, OAuth, Web Services and YQL
 
OAuth
OAuthOAuth
OAuth
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocial
 
API-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the FutureAPI-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the Future
 

More from Joaquín Salvachúa

Eemov data
Eemov dataEemov data
Eemov data
Joaquín Salvachúa
 
Etica big data
Etica big dataEtica big data
Etica big data
Joaquín Salvachúa
 
FIWARE Data usage control
FIWARE Data usage controlFIWARE Data usage control
FIWARE Data usage control
Joaquín Salvachúa
 
Fiware overview3
Fiware overview3Fiware overview3
Fiware overview3
Joaquín Salvachúa
 
Fiware overview
Fiware overviewFiware overview
Fiware overview
Joaquín Salvachúa
 
Kubernetes2
Kubernetes2Kubernetes2
Kubernetes2
Joaquín Salvachúa
 
Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G) Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G)
Joaquín Salvachúa
 
Vagrant
VagrantVagrant
Vagrant
Joaquín Salvachúa
 
Big data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón ArecesBig data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón ArecesJoaquín Salvachúa
 
Master w20 01
Master w20 01Master w20 01
Master w20 01
Joaquín Salvachúa
 
Social networks upm
Social networks upmSocial networks upm
Social networks upm
Joaquín Salvachúa
 
Identidad2
Identidad2Identidad2
Identidad2
Joaquín Salvachúa
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
Joaquín Salvachúa
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
Joaquín Salvachúa
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
Joaquín Salvachúa
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
Joaquín Salvachúa
 

More from Joaquín Salvachúa (20)

Eemov data
Eemov dataEemov data
Eemov data
 
Etica big data
Etica big dataEtica big data
Etica big data
 
FIWARE Data usage control
FIWARE Data usage controlFIWARE Data usage control
FIWARE Data usage control
 
Fiware overview3
Fiware overview3Fiware overview3
Fiware overview3
 
Fiware overview
Fiware overviewFiware overview
Fiware overview
 
Kubernetes2
Kubernetes2Kubernetes2
Kubernetes2
 
Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G) Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G)
 
Vagrant
VagrantVagrant
Vagrant
 
Big data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón ArecesBig data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón Areces
 
Master w20 01
Master w20 01Master w20 01
Master w20 01
 
Blogs micro
Blogs microBlogs micro
Blogs micro
 
Social networks upm
Social networks upmSocial networks upm
Social networks upm
 
Nube redes
Nube redesNube redes
Nube redes
 
Identidad2
Identidad2Identidad2
Identidad2
 
Blogs Micro
Blogs MicroBlogs Micro
Blogs Micro
 
Blogs Micro
Blogs MicroBlogs Micro
Blogs Micro
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
 

Recently uploaded

Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
Roshan Dwivedi
 
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaTop 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Yara Milbes
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
ShamsuddeenMuhammadA
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 

Recently uploaded (20)

Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
 
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaTop 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 

FIWARE Identity Manager Exercises

  • 1. Adding Identity Management and Access Control to your Application - Exercises Joaquin Salvachúa -Álvaro Alonso UPM – DIT Security Chapter. FIWARE joaquin.salvachua@upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso  
  • 2. Exercises index •  Sec-1. Creating a FIWARE account •  Sec-2. Managing organizations •  Sec-3. Registering an application •  Sec-4. Adding OAuth2 to your application (based on our Node.js template) •  Sec-5. Adding OAuth2 to your application (using an OAuth2 library) •  Sec-6. Securing your backend Authentication •  Sec-7. Securing your backend Basic Authorization •  Sec-8. Securing your backend Advanced Authorization
  • 3. Sec-1. Creating a FIWARE account •  Prerequisite –  To have an Internet connection J •  Steps –  Go to https://account.lab.fiware.org –  Click in “Sign Up” –  Fill your data –  Confirm your account from the email confirmation •  Hints –  If you don’t receive the email confirmation… check your spam Easy  
  • 4. Sec-2. Managing organizations •  Prerequisite –  To have a FIWARE account •  Steps –  Go to https://account.lab.fiware.org –  Sign In –  Create an Organization –  Add members to it •  Hints –  To manage an organization you have to switch to it using the dropdown in the upper right corner. Easy  
  • 5. Sec-3. Registering an application •  Prerequisite –  To have a FIWARE account •  Steps –  Go to https://account.lab.fiware.org –  Sign In –  Register an application •  Hints –  You have to set: •  URL: the url where your app will run •  Callback URL: the url where Account Portal will redirect your users once authenticated Easy  
  • 6. Sec-4 (1). Adding OAuth2 to your application (based on our Node.js template) •  Prerequisites –  To have an application registered in the Account Portal –  To learn how OAuth2 works •  Steps –  Clone our demo example: •  https://github.com/ging/oauth2-example-client –  Follow the instructions in the README •  You will find client_secret and client_id in the application detail: Easy  
  • 7. Sec-4 (2). Adding OAuth2 to your application (based on our Node.js template) •  Hints –  Learn about OAuth2: •  http://oauth.net/2/ –  FIWARE Account flows: •  http://es.slideshare.net/alvaroalonsogonzalez/id-m-andac –  FIWARE Account OAuth2 docs •  https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance –  Advanced courses: •  http://edu.fi-ware.org/course/view.php?id=79 •  http://edu.fi-ware.org/course/view.php?id=63 Easy  
  • 8. Sec-5. Adding OAuth2 to your application (using an OAuth2 library) •  Prerequisite –  To have an application registered in the Account Portal –  To have your own application •  Steps –  Include an OAuth2 library in your app –  Configure it using the OAuth credentials generated in the Account Portal –  Follow the library instructions to use it •  Hints –  OAuth2 libraries •  http://oauth.net/2/ Medium  
  • 9. Sec-6. Securing your backend Authentication •  Prerequisite –  To have a frontend app using OAuth and FIWARE Account –  To have a REST-based backend service •  Steps –  Clone our PEP-Proxy Wilma •  https://github.com/ging/fi-ware-pep-proxy –  Configure it following the README •  app_host and app_port are the coordinates of your backend REST API –  Now your requests to your backend •  Has to be sent to the proxy •  Has to include “X-Auth-Token” header with the OAuth2 access token •  Hints –  Wilma docs •  http://catalogue.fiware.org/enablers/pep-proxy-wilma Medium  
  • 10. Sec-7. Securing your backend Basic Authorization •  Prerequisite –  To have a Wilma deployed on top of your backend •  Steps –  Enable the “check_permissions” option in Wilma’s config –  Edit your application in Account Portal •  Create a new role •  Create a new permission with –  HTTP action – GET, POST, PUT, DELETE –  REST resource – the url of your resource •  Assign the role to a user •  Check the request in your App •  Hints –  AuthZForce docs •  http://catalogue.fiware.org/enablers/authorization-pdp-authzforce Hard  
  • 11. Sec-8. Securing your backend Advanced Authorization •  Prerequisite –  To have a Wilma deployed on top of your backend •  Steps –  Modify Wilma in order to manage XACML Requests •  You can check request params such as body, headers… –  Edit your application in Account Portal •  Create a new role •  Create a new permission with an advanced rule (XACML) •  Assign the role to a user •  Check the request in your App •  Hints –  AuthZForce docs •  http://catalogue.fiware.org/enablers/authorization-pdp-authzforce –  XACML •  https://www.oasis-open.org/committees/xacml/ Hard  
  • 12. Adding Identity Management and Access Control to your Application - Exercises Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso