D Guidance 26-Jun: Would like to see a refresh of this title slide

Slides:

Advertisements

Similar presentations

The How of OAuth OAuth Hackathon – Six Apart

Advertisements

Dating Portal showcase Copyright © 2007 Credentica Inc. All Rights Reserved. February 15th - 16th, 2007.

FI-WARE Testbed Access Control temporary solution.

OAuth 2.0 By “PJ” (JP on meetup.com) iOS and PHP developer, and occasional lawyer Contact me via:

How-to Use iLab Solutions software within Auckland Science Analytical Services in the Faculty of Science, the University of Auckland Auckland Science Analytical.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.

The Graduate School URI Graduate School Application Decision Process EMT ApplyYourself WebCenter.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

OAuth 2.0 in Depth By Rohit Ghatol SynerzipSynerzip Passionate about TechNextTechNext.

Session 11: Security with ASP.NET

Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

 In Karnataka, Digital Signatures are being extensively used in various projects right from delivery of citizen centric services through various projects.

Module 11: Securing a Microsoft ASP.NET Web Application.

Scarlett Gibb NIH Office of Extramural Research Office of Electronic Research and Reports Management Interim Chief, eRA User Support, Training & Documentation.

Integrating and Troubleshooting Citrix Access Gateway.

Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Securing Angular Apps Brian Noyes

1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.

MassHealth Medicaid Management Information System (MMIS) Provider Online Service Center (POSC) Technical Upgrade January 13, 2016.

1 WARFIGHTER SUPPORT ENHANCEMENT STEWARDSHIP EXCELLENCE WORKFORCE DEVELOPMENT WARFIGHTER-FOCUSED, GLOBALLY RESPONSIVE, FISCALLY RESPONSIBLE SUPPLY CHAIN.

27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Vodafone India Partner On-boarding Quick Start Guide.

Secure Mobile Development with NetIQ Access Manager

On-Line BankCard Center Presentation Cardholder Role During the Presentation click the mouse on this button to move back a slide During the Presentation.

© 2014 IBM Corporation Mobile Customization & Administration IBM Connections 5.0 Workshop Author: Paul Godby IBM Ecosystem Development Duration: 30 minutes.

B2access.eudat.eu B2ACCESS User Training How to register with B2ACCESS Version 1 February 2016 This work is licensed under the Creative Commons.

Comprehensive Continuous Improvement Plan (CCIP)

Cookies Tutorial Cavisson Systems Inc..

Creating a new Central Data Exchange (CDX) Account (to access NetDMR)

562: Power of Single Sign-On in OpenEdge

Setting and Upload Products

Web-based Information Science Education

QUESTRA HOLDINGS ACCOUNT REGISTRATION

Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd

All about social networking

How to Check if a site's connection is secure ?

Addressing the Beast: Single Sign-On II

SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities Yuchen Zhou, and David Evans 23rd USENIX Security Symposium, August,

WStore Programmer Guide

Registration of Arcot Soft Token in Client Connection

Creating a new Central Data Exchange (CDX) Account (to access NetDMR)

Contingency Acquisition Support Model (cASM) v Release

How to Register on Active Orders Trading Grid Company Registration

IOS SDK v1.0 with NAM 4.2.

Accessing your HEAR Register with Gradintelligence on the link provided on your registration . If you are eligible and do not receive a registration.

How to access the discussion page

Contingency Acquisition Support Model (cASM) v Release

RPPOB (Replenishment Parts Purchase or Borrow Program)

Agenda OAuth Concepts Programming OAuth.

Manual for Supplier Registration

Matthew Levy Azure AD B2B vs B2C Matthew Levy

Central Authentication Service

Critical Design Review Version MRS Single Sign On (SSO)

Registration, Role Request, and Appointment for CPMs

Registration, Role Request, and Appointment for OA/OPCs and A/OPCs

This is the Sign In page for the Dashboard

D Guidance 26-Jun: Would like to see a refresh of this title slide

Management Application for all segments

Process flow Kindly note: This presentation is automated – please do not click any of your mouse buttons or keyboard keys.

Register for a Session To register for a PCSP Form Presentation in your area, please visit the HHS Learning Portal at the following link, and follow.

User Profile Management

User Guide Vendor Self-Service (PaymentWorks)

Classification: GE Internal

Presentation transcript:

PIEE (Procurement Integrated Enterprise Environment) Generic Single Sign On (SSO) D Guidance 26-Jun: Would like to see a refresh of this title slide. Should be able to see representation of all services and civilians (i.e. humanitarian effort). Director would like for us to bring him a few recommendations of possible design refreshes.

SSO Solution OAuth (Open Authentication) OAuth is an open standard for authentication. OAuth allows users to hand out tokens instead of credentials to their data hosted by a given service provider. Each token grants access to a specific site (e.g. Wide Area Workflow e-Business Suite) for specific resources (e.g. user’s first name, last name) and for a defined duration (e.g. the next 5 minutes). OpenID Connect OpenID Connect is used in conjunction with OAuth 2.0 to allow registered SSO client applications access to user information from PIEE Applications. OpenID requests must first be authorized by OAuth 2.0. User Info can include: User ID, First Name, Last Name, Enabled Flag, DOD ID, Email Address, Title, and Organization. For more information about OpenID Connect, please visit http://openid.net/connect/ For more information about OAuth, please visit http://oauth.net/documentation/getting-started/

SSO Overview Trusted System SSO Client Application in PIEE Account Registration, Approval, and Single Sign On SSO Client Application in PIEE OAuth to authorize user, then OpenID to retrieve info.

SSO Sequence Diagram User’s Browser Trusted System Target PIEE Application User Accesses the Trusted System Log onto Trusted System Create Session User Clicks on the SSO Client Application Sends request to specified URL provided by client application User Requests access to the SSO Client User’s Browser Receives URL Build OAuth authorization URL to User Send OAuth HTTP(S) redirect URL to user’s browser Format of the URL request: <Trustedsys Sever URL>/portal/oauth2/authorize?response_type=code &client_id=<Provided client ID>&redirect_uri=<Client provided redirect URI> Browser Redirects to provided URL Validate provided Client ID Redirect to Trusted Sys Browse Receive Redirect From Trusted System Redirect to browser Create Authorization Code

SSO Sequence Diagram User’s Browser Trusted System Target PIEE Application Browser redirects back to SSO client Browser redirects to provided redirect URI in step 3 Receive authorization code Format of the URL response: <Client redirect URI>?code=<Trust generated authorization code> Validate POST Request received Send POST Request to Trust Sys Build OAuth authorization request to Trusted System POST Request must include a HTTP Authorization of base 64 encoded client ID and password provided to SSO client application (example: Authorization: Basic ZGFpY2xpZW50OIFhendzeEAx) POST Request URL format: <Trust Server URL>/portal/oauth2/ token?grant_type=authorization_code& code=<Authorization Code Provided>&redirect_uri=<Client redirect URI> Authorization JSON Data Format: { “user_id”:”<userId>”, “expires_in”:”300”, (seconds until access token expires) “refresh_token”:”<refresh token>” “access_token”:”<access token>” (token used to retrieve user information) } Create Authorization token JSON data Send POST Response to client Receive JSON Authorization token data

SSO Sequence Diagram User’s Browser Trusted Systems Target PIEE Application User JSON Data Format can include: { “userId":“<userId>", "roles":[ { <role particular information> } ], “dodId":“<EDPI Number>", "title":“<user’s title>", "organization":”<user’s organization>”, "firstName":“<first name>", "lastName":“<last name>", "enabled":true, "email":“<email address>", "phoneNumber":“<phone number>", "dsnPhoneNumber":”<DSN phone>” } Note: this can change based on the SSO Client’s needs Validate the access token received Send Get Request to Trusted Sys Build request for user data (per OpenID Connect) Get Request URL format: <Trust Server URL>/userdata/ <provided user ID>?oauth_token= <provided access token> Build JSON response of User’s Data Send response to client Receive requested User JSON data

SSO More Information For more information on interfacing with PIEE system SSO, you may view the document linked below for sample requests and detailed steps.

Questions/Comments???