As the industry’s first enterprise identity bus (EIB), WSO2 Identity Server is the central backbone that connects and manages multiple identities across applications, APIs, the cloud, mobile, and Internet of Things devices, regardless of the standards on which they are based. The multi-tenant WSO2 Identity Server can be deployed directly on servers or in the cloud, and has the ability to propagate identities across geographical and enterprise borders in a connected business environment.
It seems that OAuth 2.0 is everywhere these days. Whether you are building a hot new single page web application (SPA), a native mobile experience, or just trying to integrate with the API economy, you can't go far without running into the popular authorization framework for REST/APIs and social authentication.
During Oktane15 (https://www.okta.com/oktane15/), Karl McGuinness, our Senior Director of Identity, demystified the powerful, yet often misunderstood, world of OAuth 2.0 and shared details on Okta’s growing support for OpenID Connect.
It seems that OAuth 2.0 is everywhere these days. Whether you are building a hot new single page web application (SPA), a native mobile experience, or just trying to integrate with the API economy, you can't go far without running into the popular authorization framework for REST/APIs and social authentication.
During Oktane15 (https://www.okta.com/oktane15/), Karl McGuinness, our Senior Director of Identity, demystified the powerful, yet often misunderstood, world of OAuth 2.0 and shared details on Okta’s growing support for OpenID Connect.
An introduction to OAuth2 and OpenID Connect intended for a technical audience. This covers terminology, core concepts, and all the core grants/flows for OAuth2 and OpenID Connect
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing
the third-party application to obtain access on its own behalf.
http://www.justin.tv/hackertv/49975/Tech_Talk_1_Leah_Culver_on_OAuth
Tech talk about OAuth, and open standard for API authentication. Originally broadcast on Justin.tv.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
OAuth and OpenID Connect are the two most important security specs that API providers need to be aware of. In this session, Travis Spencer, CEO of Curity, will cram in as much about these two protocols as will fit into 20 minutes.
API Security in a Microservice ArchitectureMatt McLarty
This presentation was given at the O'Reilly Software Architecture Conference in New York on Feb. 28, 2018. It gives an overview of the new book, Securing Microservice APIs. Download available here: https://transform.ca.com/API-securing-microservice-apis-oreilly-ebook.html
Introduction to DID Auth for SSI with Markus SabadelloSSIMeetup
Markus Sabadello, CEO of Danube Tech, will talk about DID Auth, an emerging building block in the SSI ecosystem. Although the technical details of DID Auth are not well-defined at this point, its general concept is clear: With self-sovereign identity infrastructure, the most trivial and straightforward functionality for identity owners should be the ability to authenticate, i.e. to prove control of a DID in some relationship or during a transaction. This could take place using a number of different data formats, protocols, and flows. DID Auth includes the ability to authenticate to web sites and applications, and to establish mutually authenticated communication channels. In this webinar, we will discuss the current state of the DID Auth concept, and how it relates to other efforts such as Verifiable Credentials and agent protocols.
Discussed the capabilities, advantages and disadvantages of Keycloak, made a basic understanding of how it can be applied and integrated into various systems.
Speaker - Ihor Didyk, Software Engineer, GlobalLogic.
How to integrate the complex use cases in the hyper-connected world with millions of devices and services.
Bhavna Bhatnagar (VigourSoft Technical Advisor and Industry expert) talks about SAML, OAuth, OpenID and what you need to make your place in the complex scenario this presents
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
OpenID Connect is the newest iteration of the OpenID Internet authentication standard that’s been developed in coordination by Google, Facebook, Microsoft and others at the OpenID Foundation.
OpenID Connect performs many of the same tasks as OpenID 1 & 2, but does so in a way that is API-friendly, and usable by native and mobile applications.
OpenID 1 and 2 lend part of their name, but Connect is a complete re-write that is fundamentally better architected for the modern web in a few important ways.
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2
In this webinar, Johann Nallathamby, technical lead at WSO2, will discuss WSO2 Identity Server's newest enhancements that include authentication analytics, OpenID Connect Session Management support and more.
An introduction to OAuth2 and OpenID Connect intended for a technical audience. This covers terminology, core concepts, and all the core grants/flows for OAuth2 and OpenID Connect
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing
the third-party application to obtain access on its own behalf.
http://www.justin.tv/hackertv/49975/Tech_Talk_1_Leah_Culver_on_OAuth
Tech talk about OAuth, and open standard for API authentication. Originally broadcast on Justin.tv.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
OAuth and OpenID Connect are the two most important security specs that API providers need to be aware of. In this session, Travis Spencer, CEO of Curity, will cram in as much about these two protocols as will fit into 20 minutes.
API Security in a Microservice ArchitectureMatt McLarty
This presentation was given at the O'Reilly Software Architecture Conference in New York on Feb. 28, 2018. It gives an overview of the new book, Securing Microservice APIs. Download available here: https://transform.ca.com/API-securing-microservice-apis-oreilly-ebook.html
Introduction to DID Auth for SSI with Markus SabadelloSSIMeetup
Markus Sabadello, CEO of Danube Tech, will talk about DID Auth, an emerging building block in the SSI ecosystem. Although the technical details of DID Auth are not well-defined at this point, its general concept is clear: With self-sovereign identity infrastructure, the most trivial and straightforward functionality for identity owners should be the ability to authenticate, i.e. to prove control of a DID in some relationship or during a transaction. This could take place using a number of different data formats, protocols, and flows. DID Auth includes the ability to authenticate to web sites and applications, and to establish mutually authenticated communication channels. In this webinar, we will discuss the current state of the DID Auth concept, and how it relates to other efforts such as Verifiable Credentials and agent protocols.
Discussed the capabilities, advantages and disadvantages of Keycloak, made a basic understanding of how it can be applied and integrated into various systems.
Speaker - Ihor Didyk, Software Engineer, GlobalLogic.
How to integrate the complex use cases in the hyper-connected world with millions of devices and services.
Bhavna Bhatnagar (VigourSoft Technical Advisor and Industry expert) talks about SAML, OAuth, OpenID and what you need to make your place in the complex scenario this presents
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
OpenID Connect is the newest iteration of the OpenID Internet authentication standard that’s been developed in coordination by Google, Facebook, Microsoft and others at the OpenID Foundation.
OpenID Connect performs many of the same tasks as OpenID 1 & 2, but does so in a way that is API-friendly, and usable by native and mobile applications.
OpenID 1 and 2 lend part of their name, but Connect is a complete re-write that is fundamentally better architected for the modern web in a few important ways.
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2
In this webinar, Johann Nallathamby, technical lead at WSO2, will discuss WSO2 Identity Server's newest enhancements that include authentication analytics, OpenID Connect Session Management support and more.
"Esup CAS Packaging" : Deploy and customize easily a CAS4 serverLudovic A
Github repository: https://github.com/EsupPortail/cas-toolbox-new
Since 2003, the Esup-portail consortium has developed and has provided tools to facilitate CAS server implementation at french universities and establishments.
This presentation will focus on the newest Esup CAS-toolbox v4 based on the Apereo CAS4 server distribution.
CAS-toolbox is a tool for
- Deploying a CAS server into an existing Tomcat installation,
- Simplifying and centralizing CAS configuration,
- Customizing the CAS server.
The "new Esup cas-toolbox" is designed to handle different configuration and/or customization levels with Maven WAR overlays :
- the 'cas-toolbox-core' folder contains the first level of Esup addons and preconfigurations to the original Apereo CAS server distribution.
- the 'cas-toolbox-custom' folder only contains the specific configurations and customizations files of the institution.
- the 'config.properties' file allows to centralize all properties.
Upgrading to cas 4.0 at oakland universitybpowell29a
How Oakland University upgraded from CAS 3.5 to CAS 4. Talk about the new CAS management web application and how it manages services. Want CAS to release attributes like Shibboleth? With CAS4 this can be done. Show how to configure the CAS manager to use LDAP attributes as an authentication source instead of flat files. Responsive design is the next thing in web development. That concept can be applied to CAS4 with Bootstrap. Show how HazelCast can share information between nodes. Use Google Apps for Education? So do we! Learn how to configure CAS with Google Apps for Education.
WSO2 Identity Server 5.3.0 - Product Release WebinarWSO2
WSO2 Identity Server 5.3.0 has added a number of new features that were requested for by its users and which are critical for any product in the identity and access management (IAM) space. After a redesign of the identity management framework, a host of new account and password management features were introduced. Now it also supports a host of new IAM protocols including SAML2 single sign-on (SSO) metadata, SAML2 Assertion Query/ Request Profile, the complete OpenID Connect protocol suite and REST Profile for XACML 3.0 among others.
What’s more, WSO2 Identity Server 5.3.0 now performs real-time analytics that monitors the identity ecosystem and alerts you when abnormal sessions or suspicious logins occur. This aspect of the product also has the ability to terminate sessions to ensure that your enterprise is fully secured.
This webinar will explore
New features and improvements in account and password management
New IAM protocols that are supported
Real-time security alerting capabilities
WSO2 Identity Server 6.0 roadmap
Open source wso2 identity server sso with drupal 8Iwantha Lekamge
Single sign-on is important for government agencies to maintain a single authentication mechanism among their systems. Open Source WSO2 Identity Server can connect with Drupal 8 and create an SSO environment for government agencies.
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CloudIDSummit
Adam Lewis, Office of the CTO, Motorola
RESTful APIs, WS-* / SOAP APIs, Proprietary APIs, protocols beyond APIs, OAuth for Authentication, Federated Authorization Servers across security domains, Token Translation between SAML and JWT, SSO across native applications, all running across Windows desktops and Android mobile computing platforms… and the glue to tie all that together? Are you kidding? Tune-in to this technical chat on a real-life case study of a small but dedicated band of engineers’ attempts to harmonize identity in a very un-harmonized world.
RESTful APIs,SOAP APIs, Proprietary APIs, protocols beyond APIs, OAuth for Authentication, Federated Authorization Servers across security domains, Token Translation between SAML and JWT, SSO across native applications, all running across Windows desktops and Android mobile computing platforms…and the glue to tie all that together? Are you kidding? A technical chat on a real-life case study of a small but dedicated band of engineers’ attempts to harmonize identity in a very un-harmonized world.
Today users have too many usernames and passwords. As developers it’s our job to create a useful application not to worry about authorization. Thanks to social media, OpenID and Oauth, the user truly has single sign on. Rather than expecting users to store and remember multiple passwords, application can leverage a user relationship with social media sites they know and trust. In a large enterprise it might be better to keep things in house. That just means we leverage the same technologies internally and not re-invent the wheel. In this talk we’ll show you how.
WSO2 API Manager is a 100% open source API management solution, complete with API publishing, lifecycle management, developer portal, access control and analytics.
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectMichael J Geiser
This is an overview of the WSO2 Identity Server and a customization we built that will be contributed back into the product. There is also some additional content on Coding Standards and being an LDAP an Directory Server hater
Enable Secure Mobile & Web Access to Microsoft SharePointCA API Management
Empower employees with external access to SharePoint and other intranet resources
Microsoft SharePoint authorizes user access based on a Microsoft domain session using Kerberos or similar technologies. An external user without a direct domain session cannot access SharePoint directly using common Single Sign-On (SSO) solutions deployed at the perimeter of the enterprise. Requiring VPN access to the enterprise for accessing SharePoint and other intranet resources is not practical and widens the attack surface of the enterprise.
Layer 7 delivers a simple solution for brokering access to Microsoft-based Web applications and APIs. By deploying Layer 7’s SecureSpan Gateway in the DMZ, the enterprise can enable and control access to Microsoft SharePoint without the need for VPN connections. The enterprise can leverage the same SecureSpan Gateway to control access to any Web applications and APIs that need to be consumed by mobile applications.
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2016/06/enterprise-security-requirements/
Meeting enterprise security requirements has now become challenging due to development of orthogonal aspects. Systems are diverse because a single vendor can’t cater to all these needs. Some enterprise also introduce public SaaS in addition to their internal on-premise system. APIs are used to make data in these systems readily available in order to integrate with other systems and automate processes. Identity and access management (IAM) systems are expected to provide centralized authentication and authorization despite the increase in complexity of data, systems and identities.
This webinar will discuss how to
Enable SSO for heterogeneous systems
Handle different types of enterprise identities
Protect your data and APIs
Implement centralized authorization and authentication management
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays
apidays Helsinki & North 2023
API Ecosystems - Connecting Physical and Digital
June 5 & 6, 2023
API authorization with Open Policy Agent
Anders Eknert, Developer Advocate at Styra
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
Profesia, Lynx Group, presenta la terza puntata di masterclass sulla tecnologia WSO2 di cui è Distributore esclusivo per l'Italia.
Autenticazione e autorizzazione, riconoscimento e abilitazione all'accesso. L'Identity server è uno strumento in grado di gestire l'autenticazione dei vostri utenti, interni ed esterni , di gestire le sessioni di login e di effettuare autenticazioni mirate al contesto applicativo. È consigliabile prediligere sempre un prodotto on-premise o in cloud compatible GDPR che supporta protocolli SAML e oAuth2 e permette la federazione con i maggiori IDP social.
Se stai pensando a una trasformazione digitale per evolvere verso un business agile scrivi a contact@profesia.it e parla con uno dei nostri esperti
Five Things You Gotta Know About Modern IdentityMark Diodati
Modern identity supports the new world built on device-independent, location-anywhere access. New-school provisioning and authentication are requiremed. Its protocols are increasingly built upon frameworks like REST and JSON; examples include SCIM, OAuth OpenID Connect and FIDO. Modern identity leverages IDaaS and identity bridges to manage users and applications across the hybrid cloud.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover:
The overall software architecture for VHR’s Cloud Data Platform
Critical decision points leading to adoption of Ballerina for the CDP
Ballerina’s role in multiple evolutionary steps to the current architecture
Roadmap for the CDP architecture and plans for Ballerina
WSO2’s partnership in bringing continual success for the CD
The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.
Platformless Horizons for Digital AdaptabilityWSO2
In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.
Quantum computers are rapidly evolving and are promising significant advantages in domains like machine learning or optimization, to name but a few areas. In this keynote we sketch the underpinnings of quantum computing, show some of the inherent advantages, highlight some application areas, and show how quantum applications are built.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
5. Why ?
o Bring Your Own Device
o Bring Your Own Identity
o Identity is maintained in one domain, accessed in other domains
o Social network identities (Facebook, LinkedIN, Google)
o Open APIs
o Ecosystems
o Mergers / Acquisitions
o Value Webs (Composable Enterprises)
9. How Does it Work ?
o Bridges multiple web applications across multiple
protocols
o Login into Drupal using SAML and get automatically signed
on your Web application, which requires Open ID Connect.
o Connect to Facebook and be automatically connected to
Salesforce
o Bridges across: OpenID Connect, SAML 2.0, OAuth
2.0, OpenID, WS-Federation (Passive)
o Benefits
o Transparent to the application users
o Extensible
11. How Does it Work ?
o Bridge multiple identity providers
o Identity Server serves a central authentication hub for
all applications - Each application continues to use their own
IdP of choice (say OpenID Connect)
o Home Realm Discovery - Identity Server uses the request to
redirect the user to the correct IdentityProvider
o Benefits:
o Client App only need to trust its own Identity Provider
o Authentication protocol at the client side is decoupled from
the Identity Provider
o Trust relationship maintained centrally
13. How Does it Work ?
o Bus serves as central hub to provision identities to
multiple IdPs
o Transforms provisioning requests, from SCIM to SPML
for example
o Provides just-in-time provisioning
o Benefits
o Supports SCIM (System for Cross-Domain Identity
Management) standard
o Supports SPML, JDBC, LDAP, GoogleApps, Salesforce
o Simple extension model
15. How Does it Work ?
o IDP proxy application delivers SSO functionality for
native mobile applications
o SDK is used to invoke IdP proxy from the mobile
application
o Allows the application to obtain an OAuth access token
from an identity
o Benefits - Leverage enterprise identity management system for
mobile applications
17. WSO2 Identity Server
o 5th Generation Product
o Current version 5.0.0 (released May 2014)
o Why did we build it?
o Federated identity and entitlement is a key part of any distributed
architecture
o Internal security threats, Partnerships
o Mergers, De-mergers
o APIs, Cloud systems
o SSO is important but need to federate and bridge across SSOs
o Open Standards for Identity are changing the industry landscape
o Based on WSO2 Carbon platform, which provides support
for multi-tenancy, logging, clustering, and other common
services
19. Benefits
o Scenario-driven configuration
o Large number of scenarios supported out of the box,
through simple configuration
o Single Sign On
o Federated Identity
o User Provisioning and Management
o Authorization and Entitlements
o Extensible & Customizable - Custom Authenticators
21. Authentication
o Extensible user stores integration
o Security for APIs and Web Services
o Web Single Sign On for heterogeneous systems
o Highly configurable and extensible authentication flows
o Federation and Social integration
22. User Stores
o Identity Server supports connecting 1 to N user
repositories to a single server
o One primary and multiple secondary
o Configurable through UI
o Supports following
o Built-in LDAP based on Apache DS
o JDBC - Any data store, tested with Oracle, MySQL, DB2 and
others
o Active Directory
23. Securing SOAP Services
o Security Token Service (STS)
o Supports WS-Trust 1.4
o Issues SAML 1.1 and SAML 2.0 Tokens
o HOK and Bearer subject confirmations
o Configurable Security Policies for the STS
o Kerberos token based
o X509 Certificate based
o User Name password based
o Built on Apache Rampart project
24. Securing REST APIs
o Complete OAuth 2.0 and OAuth 1.0a supported
Authorization Server
o Supported OAuth 2.0 Grants - Authorization Code, Implicit,
Resource Owner Password, Client Credential, SAML Bearer,
IWA-NTLM, Refresh Token
o JWT implementation
o Key Manager for the WSO2 API Manager
25. Authenticators
o Local Authenticators
o Basic Authenticator - Username, password
o IWA Authenticator – Zero password login
o FIDO (Fast Identity Online) - Multifactor authentication
o Federated
o SAML 2.0 Web SSO Authenticator
o OAuth2/OpenID Connect Authenticator
o OpenID Authenticator
o WS-Federation (Passive) Authenticator
26. Configurable Authenticator Flow
o Multi-Step : Add any number of authentication steps
o Multi-Option : Add any number of authenticators for a step
o Configuration per service provider (application)
27. Web Single Sign On
o SAML 2.0 Web Browser SSO
o Basic Attribute Profile
o IDP initiated SSO
o OpenID 2.0
o Simple Registration Extension
o Attribute Exchange
o OpenID Connect
o IDToken
o User Endpoint
o WS-Federation Passive STS
o SAML 1.1 Tokens
o Preferred by Windows Identity Foundation (WIF) based
clients (ASP.NET)
o Based on Apache Rampart project
28. SSO for Heterogeneous Systems
o Web Applications can speak in any identity language
(e.g. SAML2, OpenID, OpenID Connect) to the Identity
Server
o Single Login
o Role transformations
o Claim transformations
o Customizable login screens
29. Federation
o Configure Trusted Identity Providers (IdPs)
o Add Trusted IDPs to application authentication flows to
enable Federation
o Configure Provisioning for Identity Providers
o Just-In-Time (JIT) provisioning
o Outbound provisioning
o Role transformations
o Claims Transformations
30. Home Realm Discovery
o Process of identifying correct federated IDP for an
authentication request
o A key feature of federation
o Uses the information in the authentication request to
identity the IDP
o Logic is pluggable
32. Provisioning and Management
o Just In Time Provisioning
o Highly extensible User Provisioning Framework
o Users and groups management
o Accounts and Policies Management
o Self Service Dashboard
o Logging and Monitoring
o Custom user management workflows – user specific
approvals, multi-step approvals, approvals requiring multiple roles
33. Just-in-time Provisioning
o Federated Identities can be provisioned into the WSO2
Identity Server while federating
o Users can be provisioned to any primary or secondary
user store
o JIT provisioned users can be provisioned to any other
systems instantly
34. Provisioning Framework
o Three inbound provisioning APIs
o System for Cross-Domain Identity Management (SCIM) API
– REST/JSON
o UserAdmin – SOAP/XML
o RemoteUserStoreManagerService – SOAP/XML
o Pluggable outbound provisioning connectors
o Out-of-the-box provisioning connectors : SCIM, SPML,
Google and SalesForce
o Custom connectors (create and drop in !)
35. SCIM Implementation
o System cross-domain identity management -
http://www.simplecloud.info/
o Adopted by many vendors and SaaS applications
(Salesforce for example)
o Supports users
(including bulk creation)
and groups
provisioning, via REST
API
o IS supports SCIM 1.1 -
SCIM 2.0 work ongoing
36. User and Role Management
o Comprehensive Administrative UI for User and Roles
Management
o Add, delete, update user profiles and roles
o Search/list users and roles
o Reset user passwords
o Can manage users / groups in multiple user stores
37. Account and Password Policy Management
o Configure password complexity – E.g. 8 character long,
must include numbers and symbols
o Password expiry configuration
o Failed login attempts and account locking
o Captcha verification
o Self registration and user account verification
o Account recovery, forgotten password
39. Auditing
o Privileged operations are saved to log files, including
login/logout operations
o Data is saved in XDAS format
o Through extensions, events can be published to our
Data Analytics solutions (BAM and CEP)
41. Authorization and Entitlement
o Role Based Access Control
o Attribute Based Access Control
o Policy Based Access Control
o XACML 2.0/3.0
o Support for OpenAz
o Hierarchical Resource Profile
o Hierarchical Role Profile
o Multiple Decision Profile
42. Role-based Access Control
o Provisioning UI for assigning permissions for Roles and
assigning users for roles
o SOAP/XML APIs for authorization
o UserAdmin
o RemoteUserStoreManagerService
o RemoteAuthorizationManagerService
43. Scope-based Access Control
o OAuth is a scope based authorization framework
o WSO2 Identity Server supports OAuth version 1.0a
and 2.0
o Users and Permit/Deny granting authorization for
applications
o Access Token is validated over SOAP API - JWT (JSON
Web Token) attached to response, contains information about
token authorized scopes (for back-end consumption)
44. Claim-based Access Control
o Comprehensive UI to manage/configure claim dialects
o Default claim dialects: SCIM, OpenID AX, OpenID
SReg, XML/WSDL, OpenID Connect and WSO2
dialect
o Write XACML policies based on User Claims
o Define WS-Trust/ WS- Security policies based on User
Claims
o Retrieve user claims for authorization over OpenID,
OpenID Connect and SAML
45. Policy-based Access Control
o Fine grained access control with XACML 2.0 and 3.0
o Pluggable and extensible architecture
o Plug-in various PIP and PEP modules
o Plug in policy stores
o Policy Management UI
o Try-it tool to test policies
o Caching and Thrift transport support for high
performance
50. XACML Integration Points
o Entitlement Mediator for WSO2 ESB
o Entitlement Handler for WSO2 API Manager
o Entitlement Servlet Filter for WSO2 Application Server
o Third-party agents
o Java EE Servlet Filter
o Liferay Agent
o Microsoft IIS Agent
52. WSO2 Platform Deployment Options
o Stand-alone servers
o Private clouds:
e.g. Stratos, Kubernetes
o Public Clouds:
e.g. AWS
o Hybrid deployments
o Dedicated hosting of any WSO2-
based solutions
o WSO2 operations team is
managing the deployment and
keeps it running
o 99.99% uptime SLA
o Any AWS region of choice
o Can be VPNed to local network
o Includes monitoring, backups,
patching, updates
o Shared public cloud,
o Currently available for application
and API hosting (hosted API
Manager and App Factory),
o Preset multitenant deployment in
AWS US East run by WSO2,
o Month-to-month credit card
payment
53. Thank
You!
Download
WSO2
Iden/ty
Server
at:
h6p://wso2.com/products/iden/ty-‐server/