Mobile SSO using NAPPS
•Download as PPTX, PDF•
3 likes•4,453 views
Mobile SSO using NAPPS - OpenID Connect profile for native apps
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Mobile SSO using NAPPS
Similar to Mobile SSO using NAPPS (20)
More from Ashish Jain
More from Ashish Jain (14)
Recently uploaded
Recently uploaded (20)
Mobile SSO using NAPPS
- 1. © 2014 VMware Inc. All rights reserved. Mobile SSO using NAPPS Ashish Jain @itickr CIS 2014
- 2. Why is this important ? 0 300 600 900 2009 2010 2011 2012 Smartphones and tablets PC shipments of information workers use three or more devices for w o r k t o i n c r e a s e p r o d u c t i v i t y EXPLOSIVE GROWTH in shipments of smartphones and tablets Sources: IDC, BGR, Forrester FLAT pc shipments New Device Platforms New Apps New User ExpectationsNew Device Platforms BYOD & JIT
- 3. The Changing Device Mix 148 141 202 240 128 352 722 1516 0 1000 2000 2012 2017 Smartphone Tablet Portable PC Desktop PC Source: IDC's Worldwide Smart Connected Device Tracker Forecast Data, February 28, 2013 Connected Device Market by Product Category, Shipments, 2012-2017 in Millions
- 4. The Changing Device Mix Source: IDC's Worldwide Smart Connected Device Tracker Forecast Data, September 11, 2013 By 2017, 87% of connected devices will be smart phones and tablets
- 5. App 1
- 6. App 1 App 2 App 3
- 7. App 1 App 2 App 3 App 4
- 8. App 1 App 2 App 3 AD
- 9. App 1 App 3 AD Policy Server App 2
- 10. App 1 AD Policy Server App 2 App 3 App 1 AD Policy Server App 2 App 3
- 11. App 1 AD Policy Server App 2 App 3 App 1 AD Policy Server App 2 App 3
- 12. App 1 AD SAML IdP App 2 App 3 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML
- 13. App 1 AD SAML IdP App 2 App 3 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML
- 14. App 1 AD SAML IdP App 2 App 3 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML
- 15. App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML App 3SAML RP
- 16. App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS App App 3SAML RP
- 17. App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS App App 3SAML RP
- 18. App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML OAuth AS iOS App App 3SAML RP
- 19. App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS AppiOS App OAuth ASApp 3SAML RP
- 20. App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS AppiOS App OAuth ASApp 3SAML RP
- 21. App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS AppiOS App OAuth AS OAuth ASApp 3SAML RP
- 22. App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS AppiOS App OAuth AS OpenID Connect OpenID Connect OAuth ASApp 3SAML RP
- 23. App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS AppiOS App OAuth AS OpenID Connect OpenID Connect OAuth ASApp 3SAML RP TA
- 24. Web SSO Flow 1 2 3 4 SAML IdP RP AD
- 25. Mobile App Auth Flow 1 2 4 3 SAML IdP RP / RS AD Mobile App AS 5 6 7 OAuth
- 26. Mobile App Mobile App(s) Auth Flow 1 2 4 3 SAML IdP RP / RS AD Mobile App AS 5 6 7 OAuth
- 27. Mobile App Auth Flow
- 28. IdP Discovery
- 29. IdP Discovery
- 30. IdP Login
- 31. Access to App
- 32. Mobile App Auth Flow
- 33. IdP Discovery
- 34. IdP Discovery
- 35. IdP Login
- 36. App Access
- 37. App Access
- 38. Mobile App Mobile App(s) Auth Flow 1 2 4 3 SAML IdP RP / RS AD Mobile App AS 5 6 7 OAuth Issues Authentication per Mobile App. No invalidation of access token No clean up of offline/cached data on device
- 39. Mobile App SSO – SP Init
- 40. Mobile App SSO – IdP Init
- 41. Mobile App SSO
- 42. Mobile App SSO
- 43. Where are we today ? • Layer 7 • Centrify • Samsung Knox • Google Auth
- 44. App 1 App 3 AD Policy Server App 2
- 45. Deployment Models • Enterprise in-house native apps • Native App for a SaaS provider • Multiple native apps for a single SaaS provider
- 46. NAPPS • OIDF working group • Profile of OpenIDConnect • Participants include (VMware, AirWatch, Ping Identity, Mobile Iron, Okta, OneLogin…)
- 47. NAPPS Terminology • Token Agent: Native app that obtains access tokens on behalf of other native apps • AppInfo Endpoint: Endpoint to obtain metadata about apps • Primary Token: OAuth token obtained by TA for its own use • Secondary Token: OAuth token obtained by TA on behalf of other native app
- 48. Mobile App SSO 1 23 SAML IdP RP / RS AD Mobile App AS 5 9 OAuth Token Agent 3 PT 6 ST 4 5 7 8
- 49. Mobile App SSO
- 50. Thank You!