Open standard based Identity Provisioning for Cloud Prabath Siriwardena

About Me Director of Security Architecture at WSO2 Leads WSO2 Identity Server – an open source identity and entitlement management product. Apache Axis2/Rampart committer / PMC A member of OASIS Identity Metasystem Interoperability (IMI) TC, OASIS eXtensible Access Control Markup Language (XACML) TC and OASIS Security Services (SAML) TC. Twitter : @prabath Email : prabath@apache.org Blog : http://blog.facilelogin.com LinkedIn : http://www.linkedin.com/in/prabathsiriwardena

Plug-Map

based Identity Provisioning for Cloud Open standard (and also open source) based Identity Provisioning for Cloud

Synchronization

Synchronization

Sharing

Single Sign-On

Provisioning

Standard-based Provisioning

Standard-based Provisioning SPML 1.0 Request / Response

Standard-based Provisioning SPML 1.0 Request / Response

Standard-based Provisioning SPML 2.0 Request / Response [DSML]

Standard-based Provisioning SPML 2.0 Request / Response [XDS]

Standard-based Provisioning

System for Cross-domain Identity Management

System for Cross-domain Identity Management {"schemas":[], "name": {"familyName":"siriwardena", "givenName":"prabath"}, "userName":"prabath", "password":"prabath123", "externalId":"prabathext", "emails":[ {"primary":true, "value":"prabath@wso2.com", "type":"home"}, {"value":"prabathsiriwardena@yahoo.com", "type":"work"}] } curl -k --user admin:admin -d @add-user.json --header "Content-Type:application/json" https://localhost:9445/wso2/scim/Users

System for Cross-domain Identity Management {"schemas":["urn:scim:schemas:core:1.0"], "displayName" : "OSDC", "externalId" : "OSDC", "members": [ { "value": "f64e6507-756d-4a14-ac43-c9d02167f411", "display": "prabath" } ] curl -k --user admin:admin -d @add-group.json --header "Content-Type:application/json" https://localhost:9445/wso2/scim/Groups

System for Cross-domain Identity Management

Authenticating SCIM Requests HTTP Basic Authentication OAuth 2.0

Authenticating SCIM Requests

Authenticating SCIM Requests Get the Access Token from the OAuth Authorization Server curl -v -X POST --basic -u XQi6DUDPnMW_FH_VK3f1gBetNAsa:VfKb7MHzH7Q0U6YdNV6ehhetCpka -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "grant_type=password&username=admin&password=admin" https://localhost:9445/oauth2/token Add a user with via SCIM curl -k -H "Authorization: Bearer ea7f76f134eb9bbb12d4b06b93e1d0a3" -d @add-user.json --header "Content-Type:application/json” https://localhost:9445/wso2/scim/Users

Authenticating SCIM Requests

Authorizing SCIM Requests

Authorizing SCIM Requests

Authorizing SCIM Requests

Federated Provisioning Patterns

Federated Provisioning Patterns

Federated Provisioning Patterns

Federated Provisioning Patterns

Federated Provisioning Patterns

Federated Provisioning Patterns

lean . enterprise . middleware