Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenID Connect: An Overview Pat Patterson Developer Evangelist Architect

Published byElaine Harmon Modified over 8 years ago

Similar presentations

Presentation on theme: "OpenID Connect: An Overview Pat Patterson Developer Evangelist Architect"— Presentation transcript:

1 OpenID Connect: An Overview Pat Patterson Developer Evangelist Architect salesforce.com @metadaddy

2 What is OpenID Connect? Simple Identity Layer for the Internet [OpenID Connect] allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

3 What is OpenID Connect? Specification defined by OpenID Foundation ‘Connect’ Work Group – NRI, Ping Identity, Microsoft, Google, Salesforce etc Built on OAuth 2.0 REST-based Successor to SAML?

4 OpenID Connect Status ‘Nearly complete’ – Second set of OpenID Connect Implementer’s Drafts approved in July, 2013 – Interop testing under way – Waiting for dependencies to be standardized JWT, JWS etc

5 OpenID Connect Specification OpenID Connect 1.0 Specification – Core – Discovery (optional) – Dynamic Registration (optional) – Session Management (optional) – OAuth 2.0 Multiple Response Types Implementer’s Guides – Basic Client Profile – Implicit Client Profile

6 OpenID Connect Roles Web-based, mobile, or JavaScript Clients verify the identity of End-Users based on authentication performed by an Authorization Server.

7 OpenID Connect Basic Client Profile

8 OpenID Connect Implicit Client Profile

9 OpenID Connect Token Response { "access_token":"SlAV32hkKG", "token_type":"Bearer", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "id_token":"eyJ0... NiJ9.eyJ1c... ZXso” } id_token is a JSON Web Token (JWT) – Signed, URL/filename-safe base64 encoded JSON data

10 OpenID Connect ID Token { "iss": "https://server.example.com", "sub": "24400320", "aud": "s6BhdRkqt3", "exp": 1311281970, "iat": 1311280970 } Issuer, Subject, Audience, Expiry, Issued At Also optional email, auth_time, nonce etc

11 Who is Deploying OpenID Connect? Services: Google, Salesforce, eBay, AOL, Deutsche Telekom, Orange Vendors: IBM, Microsoft, Ping Identity, Layer 7, ForgeRock, Gluu, MITRE, NRI

12 OpenID Connect in Action Client: Salesforce Community Auth Server: Google End User: Me!

13 Salesforce Community Login Page

14 Google Login Page

15 Google Authorization Page

16 Salesforce Community Home Page

17 Questions? Pat Patterson Developer Evangelist Architect salesforce.com @metadaddy

Download ppt "OpenID Connect: An Overview Pat Patterson Developer Evangelist Architect"

Similar presentations

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
OpenID Connect Update May 14, 2013 Dr. Michael B. Jones Identity Standards Architect – Microsoft.

OpenID Connect Update May 14, 2013 Dr. Michael B. Jones Identity Standards Architect – Microsoft.
IETF OAuth Proof-of-Possession

IETF OAuth Proof-of-Possession
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
1 IETF OAuth Proof-of-Possession Hannes Tschofenig.

1 IETF OAuth Proof-of-Possession Hannes Tschofenig.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.

OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
TATRC and MITRE to NwHIN Power Team 12 June 2013 RESTful Health Exchange (RHEx)

TATRC and MITRE to NwHIN Power Team 12 June 2013 RESTful Health Exchange (RHEx)
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.

UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.
Extranet Enhancements JTC Spring 2015 May 13, 2015.

Extranet Enhancements JTC Spring 2015 May 13, 2015.
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.
The Internet Identity Layer OpenID Connect Update for HIT Standards Committee’s Privacy and Security Workgroup Wednesday, March 12th from 10:00-2:45 PM.

The Internet Identity Layer OpenID Connect Update for HIT Standards Committee’s Privacy and Security Workgroup Wednesday, March 12th from 10:00-2:45 PM.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
Openid Connect https://store.theartofservice.com/the-openid-connect-toolkit.html.

Openid Connect
Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication.

Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication.

Similar presentations

Ads by Google