OAuth protocol for CERN Web Applications

Slides:

Advertisements

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Advertisements

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

NRL Security Architecture: A Web Services-Based Solution

Contrail and Federated Identity Management

Oracle IDM at First National Bank

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.

Amazon RDS (MySQL and Oracle) and SQL Azure Emil Tabakov Telerik Software Academy academy.telerik.com.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Grid Programming Environment (GPE) Grid Summer School, July 28, 2004 Ralf Ratering Intel - Parallel and Distributed Solutions Division (PDSD)

WebFTS as a first WLCG/HEP FIM pilot

Widely Distributed Access Management Tom Barton University of Chicago.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

ORACLE APPLICATION SERVER BY PHANINDER SURAPANENI CIS 764.

Shibboleth Use in the Open Source Community Keith Hazelton for Steven Carmody.

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Elia Windows 10 journey. TMD.Net Manager. Elia & Owner

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

Copyright ©2012 Ping Identity Corporation. All rights reserved.1.

© Siemens AG All rights reserved. openlab III Board of Sponsors 3-4 May 2011 at CERN Joint Report Siemens - CERN.

Identity & Access Control in the Cloud Name Title Organization.

Web Services Security and Further References Presented by Ashraf Memon Presented by Ashraf Memon.

® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

The OWASP Foundation guarding your applications Koen Vanderloock

Monitoring commercial cloud service providers CERN openlab Summer Students Lightning Talk Sessions Lassi Kojo › 19/08/2015.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Oracle TimesTen in-memory database integration CERN openlab Summer Student Lightning Talks Sessions Jakub Žitný Supervisor: Miroslav Potocký.

PaaS solutions evaluation CERN openlab Summer Students Lightning Talks Sessions Sofia Danko › 19/08/2014.

© 2009 Ninian Solutions Ltd Collaboration & the Cloud Pauline Yau.

Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,

EFDA-Fed: European federation among fusion energy research laboratories EURATOM/CIEMAT JET CEA R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A.

The LemonLDAP::NG project

Database 12.2 and Oracle Enterprise Manager 13c Liana LUPSA.

Web SSO with Cloud Resources using AD Federation Services

TOAS - Tieto Open Application Suite

New York regional information centers

Remedy Single Sign-On Raj Cheruvu Sr Director Product Development

Azure Active Directory - Business 2 Consumer

Experiences to Date Faculty of Engineering April 2017

Grid Computing, ORACLE and CERN

Analyn Policarpio Andrew Jazon Gupaal

Federation Systems, ADFS, & Shibboleth 2.0

INDUSTRY WORKSHOP STORK OVERVIEW 2nd Industry Group – 26 June, 2009

Technology Strategy Update

Towards continuous integration: Automated Oracle database testing with capture and replay Emil Pilecki.

CRIC ・ Authentication & Authorization

SaaS Application Deep Dive

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Oracle HTMLDB introduction

Future Ideas: Federation and Integration

Data Analytics CERN openlab Open Day Manuel Martin Marquez.

CERN openlab summer students’ lightning talks 1

TrueNTH OAuth Role Based Permission System Victor de Lima Soares

Public Single Sign-On for EPM Cloud Using Oracle Identity Cloud Service (IDCS) Question: How can I set up single sign-on (SSO) between EPM.

دانشگاه شهیدرجایی تهران

Ashish Pandit Louis Zelus

تعهدات مشتری در کنوانسیون بیع بین المللی

بسمه تعالی کارگاه ارزشیابی پیشرفت تحصیلی

WebLogic on Kubernetes

Moving your database to the cloud or already ready made the switch?

ITDG meeting of of October 2011

Decision Making Process

R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A. Duarte,

Presentation transcript:

OAuth protocol for CERN Web Applications CERN openlab Summer Student Supervisor: Luis Rodriguez Fernandez IT-DB-IMS Emil Kleszcz (emil.kleszcz@cern.ch) 18/08/2016

Goals How CERN Java Web Application can make use of OAuth2 protocol? Comparison of SAML2 and OAuth2 protocols, Providing SSO (Single Sign-On), Integrate with current infrastructure. 18/08/2016 Emil Kleszcz

Challenges Find the best solution: easy to maintain and secure SAML2 has some limitations: For instance, logout protocol session fails if one or more participants fail in the session (solution delete cookies) 18/08/2016 Emil Kleszcz

Single Sign-On (SSO) 18/08/2016 Emil Kleszcz

OAuth2 18/08/2016 Emil Kleszcz

SAML2 18/08/2016 Emil Kleszcz

Best solution? 18/08/2016 Emil Kleszcz

Comparison (pros & cons) OAuth 2.0 - simpler and more standardized solution (native), SAML2 - more complete specification (web), Both work fine for SSO, They are complementary. 18/08/2016 Emil Kleszcz

Results & Future Proof of Concept: github.com/tr0k/OAuth2LibPoc Entries on blog (db-blog.web.cern.ch) Testing on Oracle Java Cloud 18/08/2016 Emil Kleszcz

Thank you for attention  18/08/2016 Emil Kleszcz