The document details a Mulesoft meetup discussing identity and client management, specifically focusing on API security, identity management protocols like SAML and OpenID Connect, and client management through dynamic client registration. Key points include the importance of API security in preventing various types of attacks and how Mulesoft's API manager aids in securing APIs. The session also featured live demonstrations and quizzes on these topics.

1. [8th May 2021]
[Coimbatore] MuleSoft Meetup Group
Identity and Client Management With MuleSoft

2. Organizers
2

3. 3
Speakers
Jitendra Bafna
Senior Solution Architect
Capgemini
About the speaker:
 Working as Senior Solution Architect at Capgemini.
 MuleSoft Ambassador
 Surat MuleSoft Meetup Leader.
 12.5+ Years of Experience in Integrations and API Technologies.
 Certified MuleSoft Integration Architect and platform Architect.

4. CHEERS..!!
We have prizes to give away!
3 Winners a special prize is ready
4
A SHOW OF HANDS:
New Members With Us.!!

5. 5
Agenda
Introduction To
API Security
Security
Threats and
Vulnerabilities
Identity
Management
– SAML and
OpenID
Connect
Client
Management
– Dynamic
Client
Registration
Live
Demonstration
Trivia Quiz

6. What is API Security?

7. 7
API Security is an essentials elements of the applications, especially in regards to APIs where
you have hundreds or thousands of calls on daily basis.
Everyday new threats and vulnerabilities are created and in such case it is very important to
secure the APIs.
MuleSoft provided the API manager which can minimize the risks from attacks like DDoS, DoS or
any security vulnerabilities.
API manager provides option for creating the API proxy for the backend API running on Anypoint
platform and thereby secures requests coming into the platform again the API.
What is API Security?

8. 8
Different Types of API Attacks
API Threats
Denial Of
Service
Distributed
Denial Of
Service
Parameter
Tampering
CORS/XSS
Injection
Attacks
Sensitive
Data
Exposure

9. 9
⮚ Digital Signatures.
⮚ Cryptography like PGP, JCE and XML.
⮚ JWT OAuth or Token Based Authentication
⮚ API Manager Policies like Rate Limiting, XML Threat Protection, JWT Validation etc.
⮚ Anypoint Security and Web Application Firewall in case of Runtime Fabric.
⮚ Identity Management and Client Management
Ways to achieve API Security
API
Security
OAuth
Rate Limiting
Digital
Signatures
Cryptography
Policies like
XML Threat
Protection,
Rate Limiting,
CORS etc.
Anypoint
Security
Anypoint API Policies
(Security)
JWT Validation Policies
Basic Authentication –
Simple and LDAP
XML/JSON Threat Protection
Policies
IP Whitelisting/Blacklisting Tokenization/Detokenization

10. 10
OAuth Providers
Grant Types
OAuth Providers & Grant Types
OKTA PING OPEN AM Keycloak AWS
Cognito
Azure IdP Auth0 Google Box GitHub
Authorization
Code
Client
Credentials
Refresh
Token
Password Implicit
Code

11. 11
OAuth JWT – Authorization Code

12. 12
OAuth JWT – Implicit Code

13. 13
OAuth JWT – Client Credentials

14. SAML 2.0 Identity Management
SAML is stand for Security Assertion Mark-up Language and it is mainly designed to authenticate
the users and provide identity data for access control and communication method for user
identity. SAML is XML-based open standards for transferring data between two parties, Identity
Provider (IP) and Service Provider (SP).
● Identity Provider is basically performs the authentication and transfer user identity to the
Service Provider.
● Service Provide one who trusts the Identity Provider and authorized the user to access
requested resources.
14

15. SAML 2.0 Identity Management
15

16. 16
OpenID Connect extends OAuth 2.0. The OAuth 2.0 protocol provides API security via scoped
access tokens, and OpenID Connect provides user authentication and single sign-on (SSO)
functionality.
As the Anypoint Platform organization administrator, you can configure identity management in
Anypoint Platform to set up users for single sign-on (SSO). Configure identity management using
one of the following single sign-on standards:
● OpenID Connect: End user identity verification by an authorization server including SSO.
● SAML 2.0: Web-based authorization including cross-domain SSO.
OpenID Connect Identity Management

17. 17
SAML (SAML 1.0 and 2.0) and OpenID Connect (OIDC) are identity protocols, designed to
authenticate users, and provide identity data for access control and as a communication method
for a user’s identity.
Mainly used for Enterprise and Government applications, SAML 2.0 is a mature technology
dating from 2005 and supports a wide range of identity functionality. SAML uses XML for its
identity data format and simple HTTP or SOAP for data transport mechanisms.
A relatively new protocol, continuously evolving, OIDC was designed with web and mobile
applications in mind. Designed to be easy to adopt and use, OIDC is an extension of OAuth2,
with data structures in JSON format (JWT), and simple HTTPS flows for transport.
SAML V/S OpenID Connect

18. 18
Dynamic Client Registration allows you to register third party applications dynamically. This
feature is based on the OpenID Connect Dynamic Client Registration specification. The OKTA
Dynamic Client Registration API provides operations to register and manage client applications
for use with Okta's OAuth 2.0 and OpenID Connect endpoints.
Client Management – Dynamic Client
Registration

19. Demonstration
1. Identity Management With OpenID Connect
2. Client Management With OpenID Connect –
Dynamic Client Registration
3. Identity Management With SAML

20. Thank you!