WSO2, profile picture
Uploaded byWSO2
PDF, PPTX2,494 views

Practical Federated Identity

This document discusses practical use cases of federated identity in real world scenarios. It begins by defining identity and explaining problems with digital identity, such as having separate identities in different applications. It then introduces federated identity as a way to make identities portable across domains. Key requirements for federated identity include identity management, authentication, trust between domains, attribute mapping, and attribute exchange. Common protocols for federated identity include OpenID, SAML, and WS-Trust. The document provides examples of federated identity patterns using WSO2 Identity Server and discusses use cases such as a SaaS application with trusted identity providers.

Embed presentation

Download as PDF, PPTX
Practical Federated Identity Use Cases From The Real World Johann Nallathamby, Senior Software Engineer Selvaratnam Uthaiyashankar, Director-Cloud Solutions
What  is  Iden,ty   •  “the  fact  of  being  who  or  what  a   person  or  thing  is”   •  h3p://oxforddic8onaries.com/defini8on/ english/iden8ty   •  Who  you  are…     •  Why  important?   •  Whatever  you  do  associated  with  your   iden8ty   •  Digital  Iden8ty  
Problems  with  Digital  Iden,ty   •  Different  Iden8ty  in  Different  Applica8ons  /  Domains   – Remembering  Password   – Loosing  possible  collabora8on  
Federated  Iden,ty   •  “The  agreements,  standards,  and  technologies  that   make  iden8ty  and  en8tlements  portable  across   autonomous  domains.”  -­‐  Burton  Group     Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust
Key  Requirements  For  Iden,ty  Federa,on   Iden,ty  Management  and  Authen,ca,on     •  Authen8ca8on   – Mul8-­‐Factor  Authen8ca8on   •  Iden8ty  Management   – A3ributes  /  Claims  
Key  Requirements  For  Iden,ty  Federa,on   Trust  Between  Domains   •  Trust   – Pre-­‐established     •  Common  in  Enterprise  scenarios   – Established  only  when  accessing  the  service     •  Common  in  web  scenarios   •  Iden8ty  Provider  Discovery  
Key  Requirements  For  Iden,ty  Federa,on   Iden,ty  and  AAribute  Mapping   •  Mapping  user  iden8ty  of  one  system  to  another   – Username   – Out  of  Band     – Pseudonym   •  Transient   •  Persistent   •  Mapping  a3ribute  names  in  different  systems   •  Mapping  a3ribute  values  in  different  systems  
Key  Requirements  For  Iden,ty  Federa,on   AAribute  Exchange   •  One  system  reques8ng  addi8onal  a3ributes  from   another  system  
Protocols  and  Standards   •  OpenID   •  SAML2  Web  Browser  SSO   •  WS-­‐Trust  &  WS-­‐Federa8on  
OpenID   http://openid.net/get-an-openid/
OpenID  Iden,fiers   •  Google   – h3ps://profiles.google.com/YourGoogleID   •  Blogger   – h3p://blogname.blogspot.com/   •  MySpace   – h3p://www.myspace.com/username  
OpenID   Identity Provider Service Provider A Provide OpenID Single Sign-On Service 1 2 4 5 4 Allow Access to Service Relying Party Browser Redirect to IdP Discover Provider (XRI Resolution, Yadis, HTML Based Discovery) 6 7 3 Create shared secret
Demo  -­‐  OpenID  
SAML2  Web  Browser  SSO  
SAML2  Web  Browser  SSO   Identity Provider Service Provider A Access Service Single Sign-On Service 1 23 5 4 Allow Access to Service Trust Assertion Consumer Service Browser Redirect to IdP Select Identity Provider 6 7
Demo  –  SAML2  Web  Browser  SSO  
WS-­‐Trust   Identity Provider Service Provider A Authentication (Username/x509/etc.) Security Token Service 1 2 3 5 4 Verify Token (e.g.: Check signature) Security Token Trust
Some  Federa,on  PaAerns  Using  WSO2   Iden,ty  Server  
Token  Exchange  
IdP  Proxy  PaAern  
IdP  Proxy  PaAern  
IdP  Proxy  PaAern  
Resource  STS  PaAern   Client  STS   Client  Proxy   Resource   Proxy   Resource  STS  
OAuth  AS   DMZ  Proxy   STS   Federa,on  for  REST  APIs  
SaaS  Applica,on  with  Trusted  Iden,ty   Providers   •  SaaS  Applica8on   •  Application deployed by the super-tenant •  Application used by all the tenants •  Application authorization logic written against shared roles •  Tenant users physically only exist in the Identity Provider and not in the Application server •  The users’ attributes are with the Trusted Identity Provider •  Trusted  Iden8ty  Providers  (Trusted  IdPs)   •  Each tenant will have its own Trusted Identity Provider •  The SaaS application will delegate authentication by redirecting the user to the Trusted Identity Provider and then validate the signed token response with attributes. •  Identity Provider roles are mapped to shared roles in the application server and authorization logic is performed based on them.
SaaS  Applica,on  with  Trusted  Iden,ty   Providers  
WSO2  Iden,ty  Server  
Ques,ons?  
Photos  Credit   •  h3p://images.motoring.co.uk/images/newsImages/ driving-­‐licence-­‐exchange-­‐rules-­‐ 8ghtened-­‐52313-­‐1.jpg   •  h3p://www.vectors4all.net/preview/people-­‐ business-­‐male-­‐clip-­‐art.jpg  

More Related Content

PDF
VPN - Virtual Private Network
byPeter R. Egli
 
PDF
Json web token
byMayank Patel
 
PPTX
OpenID Connect: An Overview
byPat Patterson
 
PDF
[OPD 2019] Attacking JWT tokens
byOWASP
 
PDF
Azure AD B2C – integration in a bank
byKseniia Lvova
 
PDF
OpenID Connect Explained
byVladimir Dzhuvinov
 
PDF
Modern API Security with JSON Web Tokens
byJonathan LeBlanc
 
PPTX
An Introduction to OAuth2
byAaron Parecki
 
VPN - Virtual Private Network
byPeter R. Egli
 
Json web token
byMayank Patel
 
OpenID Connect: An Overview
byPat Patterson
 
[OPD 2019] Attacking JWT tokens
byOWASP
 
Azure AD B2C – integration in a bank
byKseniia Lvova
 
OpenID Connect Explained
byVladimir Dzhuvinov
 
Modern API Security with JSON Web Tokens
byJonathan LeBlanc
 
An Introduction to OAuth2
byAaron Parecki
 

What's hot

PDF
JSON Web Tokens
byIvan Rosolen
 
PPTX
REST Service Authetication with TLS & JWTs
byJon Todd
 
PDF
Building Advanced XSS Vectors
byRodolfo Assis (Brute)
 
PPTX
Json Web Token - JWT
byPrashant Walke
 
PPTX
Rest API Security
byStormpath
 
PPTX
Kriptoloji kriptolama teknikleri
byselimcihan
 
PDF
Spring security oauth2
byaxykim00
 
PDF
Public key Infrastructure (PKI)
byVenkatesh Jambulingam
 
PPTX
API Design- Best Practices
byPrakash Bhandari
 
PDF
HTTP Security Headers
byIsmael Goncalves
 
PPTX
Digital signature
byFilipp Kolobov
 
PPT
Digital Certificate
bySumant Diwakar
 
ODP
OAuth2 - Introduction
byKnoldus Inc.
 
PPSX
Rest api standards and best practices
byAnkita Mahajan
 
PDF
JavaScript - Chapter 10 - Strings and Arrays
byWebStackAcademy
 
PPT
Introduction To PKI Technology
bySylvain Maret
 
PPTX
Cascading style sheets (CSS)
byHarshita Yadav
 
PDF
Common crypto attacks and secure implementations
byTrupti Shiralkar, CISSP
 
PDF
Jwt Security
bySeid Yassin
 
PPTX
Rest API Security - A quick understanding of Rest API Security
byMohammed Fazuluddin
 
JSON Web Tokens
byIvan Rosolen
 
REST Service Authetication with TLS & JWTs
byJon Todd
 
Building Advanced XSS Vectors
byRodolfo Assis (Brute)
 
Json Web Token - JWT
byPrashant Walke
 
Rest API Security
byStormpath
 
Kriptoloji kriptolama teknikleri
byselimcihan
 
Spring security oauth2
byaxykim00
 
Public key Infrastructure (PKI)
byVenkatesh Jambulingam
 
API Design- Best Practices
byPrakash Bhandari
 
HTTP Security Headers
byIsmael Goncalves
 
Digital signature
byFilipp Kolobov
 
Digital Certificate
bySumant Diwakar
 
OAuth2 - Introduction
byKnoldus Inc.
 
Rest api standards and best practices
byAnkita Mahajan
 
JavaScript - Chapter 10 - Strings and Arrays
byWebStackAcademy
 
Introduction To PKI Technology
bySylvain Maret
 
Cascading style sheets (CSS)
byHarshita Yadav
 
Common crypto attacks and secure implementations
byTrupti Shiralkar, CISSP
 
Jwt Security
bySeid Yassin
 
Rest API Security - A quick understanding of Rest API Security
byMohammed Fazuluddin
 

Viewers also liked

PDF
Single sign on using WSO2 identity server
byWSO2
 
PDF
WSO2 Identity Server - Product Overview
byWSO2
 
PDF
WSO2 Identity Server
byWSO2
 
PDF
WSO2 Identity Server
byPrabath Siriwardena
 
PDF
WSO2Con US 2013 - Identity Management Best Practices with WSO2 Identity Server
byWSO2
 
PDF
SSO with the WSO2 Identity Server
byWSO2
 
PPTX
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
byWSO2
 
PPTX
Identity Management for Web Application Developers
byWSO2
 
PPTX
WSO2 Identity Server 5.3.0 - Product Release Webinar
byWSO2
 
Single sign on using WSO2 identity server
byWSO2
 
WSO2 Identity Server - Product Overview
byWSO2
 
WSO2 Identity Server
byWSO2
 
WSO2 Identity Server
byPrabath Siriwardena
 
WSO2Con US 2013 - Identity Management Best Practices with WSO2 Identity Server
byWSO2
 
SSO with the WSO2 Identity Server
byWSO2
 
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
byWSO2
 
Identity Management for Web Application Developers
byWSO2
 
WSO2 Identity Server 5.3.0 - Product Release Webinar
byWSO2
 

Similar to Practical Federated Identity

PPTX
unit 1 Federated Identity Management_4.pptx
byzmulani8
 
PPT
Identity Federation on JBossAS
byRoger CARHUATOCTO
 
PDF
A Guide To Single Sign-On for IBM Collaboration Solutions
byGabriella Davis
 
PDF
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
byWSO2
 
PPT
Identity 2.0 and User-Centric Identity
byOliver Pfaff
 
PDF
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
byCloudIDSummit
 
PPTX
National Citizen Target SOA Architecture Sept 2016
byGuy Huntington
 
PPT
Web-services
bywebhostingguy
 
PPTX
unit4.pptx
byApurvSingh65
 
PPTX
WSO2Con USA 2014 - Identity Server Tutorial
byPrabath Siriwardena
 
PDF
Cloud Identity Webinar
byWSO2
 
PDF
Patterns to Bring Enterprise and Social Identity to the Cloud
byCA API Management
 
PDF
Five Things You Gotta Know About Modern Identity
byMark Diodati
 
PDF
O Dell Secure360 Presentation5 12 10b
byBruce O'Dell
 
PPTX
Presentation
byLaxman Kumar
 
PPTX
Federated and fabulous identity
byAndre N. Klingsheim
 
PPTX
Codemash-2017
byKevin Cody
 
PDF
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
byTrustBearer
 
PDF
How AD has been re-engineered to extend to the cloud
byLDAPCon
 
PDF
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
byXamarin
 
unit 1 Federated Identity Management_4.pptx
byzmulani8
 
Identity Federation on JBossAS
byRoger CARHUATOCTO
 
A Guide To Single Sign-On for IBM Collaboration Solutions
byGabriella Davis
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
byWSO2
 
Identity 2.0 and User-Centric Identity
byOliver Pfaff
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
byCloudIDSummit
 
National Citizen Target SOA Architecture Sept 2016
byGuy Huntington
 
Web-services
bywebhostingguy
 
unit4.pptx
byApurvSingh65
 
WSO2Con USA 2014 - Identity Server Tutorial
byPrabath Siriwardena
 
Cloud Identity Webinar
byWSO2
 
Patterns to Bring Enterprise and Social Identity to the Cloud
byCA API Management
 
Five Things You Gotta Know About Modern Identity
byMark Diodati
 
O Dell Secure360 Presentation5 12 10b
byBruce O'Dell
 
Presentation
byLaxman Kumar
 
Federated and fabulous identity
byAndre N. Klingsheim
 
Codemash-2017
byKevin Cody
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
byTrustBearer
 
How AD has been re-engineered to extend to the cloud
byLDAPCon
 
Create a Uniform Login Experience with a Centralized Cloud Authentication Sys...
byXamarin
 

More from WSO2

PDF
Demystifying CMS-0057-F - Compliance Made Seamless with WSO2
byWSO2
 
PDF
Quantum Threats Are Closer Than You Think – Act Now to Stay Secure
byWSO2
 
PDF
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
byWSO2
 
PDF
Application Modernization with Choreo - The AI-Native Internal Developer Plat...
byWSO2
 
PDF
Build Smarter, Deliver Faster with Choreo - An AI Native Internal Developer P...
byWSO2
 
PDF
Platformless Modernization with Choreo.pdf
byWSO2
 
PDF
Application Modernization with Choreo for the BFSI Sector
byWSO2
 
PDF
Choreo - The AI-Native Internal Developer Platform as a Service: Overview
byWSO2
 
PDF
[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service
byWSO2
 
PPTX
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
byWSO2
 
PPTX
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
byWSO2
 
PPTX
WSO2Con 2025 - Building Secure Customer Experience Apps
byWSO2
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
PPTX
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
byWSO2
 
PPTX
WSO2Con 2025 - How an Internal Developer Platform Lets Developers Focus on Code
byWSO2
 
PPTX
WSO2Con 2025 - Architecting Cloud-Native Applications
byWSO2
 
PDF
Mastering Intelligent Digital Experiences with Platformless Modernization
byWSO2
 
PDF
Accelerate Enterprise Software Engineering with Platformless
byWSO2
 
PDF
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
byWSO2
 
Demystifying CMS-0057-F - Compliance Made Seamless with WSO2
byWSO2
 
Quantum Threats Are Closer Than You Think – Act Now to Stay Secure
byWSO2
 
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
byWSO2
 
Application Modernization with Choreo - The AI-Native Internal Developer Plat...
byWSO2
 
Build Smarter, Deliver Faster with Choreo - An AI Native Internal Developer P...
byWSO2
 
Platformless Modernization with Choreo.pdf
byWSO2
 
Application Modernization with Choreo for the BFSI Sector
byWSO2
 
Choreo - The AI-Native Internal Developer Platform as a Service: Overview
byWSO2
 
[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service
byWSO2
 
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
byWSO2
 
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
byWSO2
 
WSO2Con 2025 - Building Secure Customer Experience Apps
byWSO2
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
byWSO2
 
WSO2Con 2025 - How an Internal Developer Platform Lets Developers Focus on Code
byWSO2
 
WSO2Con 2025 - Architecting Cloud-Native Applications
byWSO2
 
Mastering Intelligent Digital Experiences with Platformless Modernization
byWSO2
 
Accelerate Enterprise Software Engineering with Platformless
byWSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
byWSO2
 

Recently uploaded

PDF
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PPTX
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
PPTX
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
PDF
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
PPTX
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
PPTX
AI and Digital Transformation Solutions.
byBuildingblocks
 
PPTX
Code Like Bro -A guide for better Coding
byMadan Panthi
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PDF
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
PDF
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
PPTX
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PDF
LUXHUB: a detailed look at 2025...and fast forward to 2026
byalexandrekeilmann1
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
PPTX
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
AI and Digital Transformation Solutions.
byBuildingblocks
 
Code Like Bro -A guide for better Coding
byMadan Panthi
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
LUXHUB: a detailed look at 2025...and fast forward to 2026
byalexandrekeilmann1
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 

Practical Federated Identity

  • 1.
    Practical Federated Identity UseCases From The Real World Johann Nallathamby, Senior Software Engineer Selvaratnam Uthaiyashankar, Director-Cloud Solutions
  • 2.
    What  is  Iden,ty   •  “the  fact  of  being  who  or  what  a   person  or  thing  is”   •  h3p://oxforddic8onaries.com/defini8on/ english/iden8ty   •  Who  you  are…     •  Why  important?   •  Whatever  you  do  associated  with  your   iden8ty   •  Digital  Iden8ty  
  • 3.
    Problems  with  Digital  Iden,ty   •  Different  Iden8ty  in  Different  Applica8ons  /  Domains   – Remembering  Password   – Loosing  possible  collabora8on  
  • 4.
    Federated  Iden,ty   • “The  agreements,  standards,  and  technologies  that   make  iden8ty  and  en8tlements  portable  across   autonomous  domains.”  -­‐  Burton  Group     Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust
  • 5.
    Key  Requirements  For  Iden,ty  Federa,on   Iden,ty  Management  and  Authen,ca,on     •  Authen8ca8on   – Mul8-­‐Factor  Authen8ca8on   •  Iden8ty  Management   – A3ributes  /  Claims  
  • 6.
    Key  Requirements  For  Iden,ty  Federa,on   Trust  Between  Domains   •  Trust   – Pre-­‐established     •  Common  in  Enterprise  scenarios   – Established  only  when  accessing  the  service     •  Common  in  web  scenarios   •  Iden8ty  Provider  Discovery  
  • 7.
    Key  Requirements  For  Iden,ty  Federa,on   Iden,ty  and  AAribute  Mapping   •  Mapping  user  iden8ty  of  one  system  to  another   – Username   – Out  of  Band     – Pseudonym   •  Transient   •  Persistent   •  Mapping  a3ribute  names  in  different  systems   •  Mapping  a3ribute  values  in  different  systems  
  • 8.
    Key  Requirements  For  Iden,ty  Federa,on   AAribute  Exchange   •  One  system  reques8ng  addi8onal  a3ributes  from   another  system  
  • 9.
    Protocols  and  Standards   •  OpenID   •  SAML2  Web  Browser  SSO   •  WS-­‐Trust  &  WS-­‐Federa8on  
  • 10.
  • 11.
    OpenID  Iden,fiers   • Google   – h3ps://profiles.google.com/YourGoogleID   •  Blogger   – h3p://blogname.blogspot.com/   •  MySpace   – h3p://www.myspace.com/username  
  • 12.
    OpenID   Identity Provider ServiceProvider A Provide OpenID Single Sign-On Service 1 2 4 5 4 Allow Access to Service Relying Party Browser Redirect to IdP Discover Provider (XRI Resolution, Yadis, HTML Based Discovery) 6 7 3 Create shared secret
  • 13.
  • 14.
  • 15.
    SAML2  Web  Browser  SSO   Identity Provider Service Provider A Access Service Single Sign-On Service 1 23 5 4 Allow Access to Service Trust Assertion Consumer Service Browser Redirect to IdP Select Identity Provider 6 7
  • 16.
    Demo  –  SAML2  Web  Browser  SSO  
  • 17.
    WS-­‐Trust   Identity Provider ServiceProvider A Authentication (Username/x509/etc.) Security Token Service 1 2 3 5 4 Verify Token (e.g.: Check signature) Security Token Trust
  • 18.
    Some  Federa,on  PaAerns  Using  WSO2   Iden,ty  Server  
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
    Resource  STS  PaAern   Client  STS   Client  Proxy   Resource   Proxy   Resource  STS  
  • 24.
    OAuth  AS   DMZ  Proxy   STS   Federa,on  for  REST  APIs  
  • 25.
    SaaS  Applica,on  with  Trusted  Iden,ty   Providers   •  SaaS  Applica8on   •  Application deployed by the super-tenant •  Application used by all the tenants •  Application authorization logic written against shared roles •  Tenant users physically only exist in the Identity Provider and not in the Application server •  The users’ attributes are with the Trusted Identity Provider •  Trusted  Iden8ty  Providers  (Trusted  IdPs)   •  Each tenant will have its own Trusted Identity Provider •  The SaaS application will delegate authentication by redirecting the user to the Trusted Identity Provider and then validate the signed token response with attributes. •  Identity Provider roles are mapped to shared roles in the application server and authorization logic is performed based on them.
  • 26.
    SaaS  Applica,on  with  Trusted  Iden,ty   Providers  
  • 27.
  • 28.
  • 29.
    Photos  Credit   • h3p://images.motoring.co.uk/images/newsImages/ driving-­‐licence-­‐exchange-­‐rules-­‐ 8ghtened-­‐52313-­‐1.jpg   •  h3p://www.vectors4all.net/preview/people-­‐ business-­‐male-­‐clip-­‐art.jpg