Download presentation
Presentation is loading. Please wait.
1
Addressing the Beast: Single Sign-On II
SSO technologies & The SIF 3 Infrastructure © Access 4 Learning (A4L) Community
2
SSO – When using other Single or Same Sign On technologies the chosen standard must be followed. If you would like to include an indicator for the SSO standard of your choice, please submit it (along with justification as to why it is the appropriate indicator) so it may be included in the specification. Additionally providing a guidance document for others on how to consistent use the chosen SSO solution is desirable. What do we want? © Access 4 Learning (A4L) Community
3
What do we have? OAuth 2.0 Password Grant Bearer Token
© Access 4 Learning (A4L) Community
4
How does it work? POST: Credentials to one URL.
200: Authentication Token + GET*: Request to another URL with Bearer Token 200: Data Other operations supported. © Access 4 Learning (A4L) Community
5
OAuth 2.0 User with Device Request Service Provider Unauthenticated
Request /w Token Data Identity Provider Credentials Token
6
How does it work? Token creation. Password Grant Username Password
Client Secret © Access 4 Learning (A4L) Community
7
© Access 4 Learning (A4L) Community
8
How does it work? We get a JSON payload in response.
It must include the token and type. We must keep the token to reuse for access. The type must be bearer. Note: When leveraging OAuth 2.0 the proper capitalization when providing a token in either an Authorization header or authenticationMethod query parameter is “Bearer.” However when returned as the token_type (by the OAuth 2.0 server) it MUST be treated as case insensitive and will often be all lower case. © Access 4 Learning (A4L) Community
9
© Access 4 Learning (A4L) Community
10
How does it work? Now the token is used verbatim.
It can go in one of two places. The Authorization header with a Bearer qualifier (preferred). The access_token query parameter (more likely to be logged). Note: Production applications should be prepared for token expiration. © Access 4 Learning (A4L) Community
11
© Access 4 Learning (A4L) Community
12
How does it work? Now we get the Response. Hopefully data.
Could be an error*. * Cannot count on getting a SIF 3 error in the HTTP body. © Access 4 Learning (A4L) Community
13
How does it work? © Access 4 Learning (A4L) Community
14
© Access 4 Learning (A4L) Community
15
What is missing? Mechanism to confirm supplied token.
It is not A4L, it is missing from OAuth 2.0. © Access 4 Learning (A4L) Community
16
Trusted 3rd Party User with Device Request Service Provider
Unauthenticated Request /w Token Data Identity Provider Credentials Token Token Valid (+)
17
How will we fill the gap? Open ID Connect Google Does It
Google Does It © Access 4 Learning (A4L) Community
18
What is next? SAML (Shibboleth) OpenID Connect (OAuth+)
SSL/TLS (Certificate Authority) Kerberos (Active Directory) © Access 4 Learning (A4L) Community
19
How can you help? Help lead the Identity Management Group.
Share your expertise within the group. Contribute your preferences and priorities. © Access 4 Learning (A4L) Community
20
John W. Lovell jlovell@a4l.org
Contact Information:
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.