Presentation is loading. Please wait.

Presentation is loading. Please wait.

Addressing the Beast: Single Sign-On II

Published byNathaniel Griffin Modified over 6 years ago

Similar presentations

Presentation on theme: "Addressing the Beast: Single Sign-On II"— Presentation transcript:

1 Addressing the Beast: Single Sign-On II
SSO technologies & The SIF 3 Infrastructure © Access 4 Learning (A4L) Community

2 SSO – When using other Single or Same Sign On technologies the chosen standard must be followed. If you would like to include an indicator for the SSO standard of your choice, please submit it (along with justification as to why it is the appropriate indicator) so it may be included in the specification. Additionally providing a guidance document for others on how to consistent use the chosen SSO solution is desirable. What do we want? © Access 4 Learning (A4L) Community

3 What do we have? OAuth 2.0 Password Grant Bearer Token
© Access 4 Learning (A4L) Community

4 How does it work? POST: Credentials to one URL.
200: Authentication Token + GET*: Request to another URL with Bearer Token 200: Data Other operations supported. © Access 4 Learning (A4L) Community

5 OAuth 2.0 User with Device Request Service Provider Unauthenticated
Request /w Token Data Identity Provider Credentials Token

6 How does it work? Token creation. Password Grant Username Password
Client Secret © Access 4 Learning (A4L) Community

7 © Access 4 Learning (A4L) Community

8 How does it work? We get a JSON payload in response.
It must include the token and type. We must keep the token to reuse for access. The type must be bearer. Note: When leveraging OAuth 2.0 the proper capitalization when providing a token in either an Authorization header or authenticationMethod query parameter is “Bearer.” However when returned as the token_type (by the OAuth 2.0 server) it MUST be treated as case insensitive and will often be all lower case. © Access 4 Learning (A4L) Community

9 © Access 4 Learning (A4L) Community

10 How does it work? Now the token is used verbatim.
It can go in one of two places. The Authorization header with a Bearer qualifier (preferred). The access_token query parameter (more likely to be logged). Note: Production applications should be prepared for token expiration. © Access 4 Learning (A4L) Community

11 © Access 4 Learning (A4L) Community

12 How does it work? Now we get the Response. Hopefully data.
Could be an error*. * Cannot count on getting a SIF 3 error in the HTTP body. © Access 4 Learning (A4L) Community

13 How does it work? © Access 4 Learning (A4L) Community

14 © Access 4 Learning (A4L) Community

15 What is missing? Mechanism to confirm supplied token.
It is not A4L, it is missing from OAuth 2.0. © Access 4 Learning (A4L) Community

16 Trusted 3rd Party User with Device Request Service Provider
Unauthenticated Request /w Token Data Identity Provider Credentials Token Token Valid (+)

17 How will we fill the gap? Open ID Connect Google Does It
Google Does It © Access 4 Learning (A4L) Community

18 What is next? SAML (Shibboleth) OpenID Connect (OAuth+)
SSL/TLS (Certificate Authority) Kerberos (Active Directory) © Access 4 Learning (A4L) Community

19 How can you help? Help lead the Identity Management Group.
Share your expertise within the group. Contribute your preferences and priorities. © Access 4 Learning (A4L) Community

20 John W. Lovell jlovell@a4l.org
Contact Information:

Download ppt "Addressing the Beast: Single Sign-On II"

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
The How of OAuth OAuth Hackathon – Six Apart

The How of OAuth OAuth Hackathon – Six Apart
22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.

22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
OAuth 2.0 By “PJ” (JP on meetup.com) iOS and PHP developer, and occasional lawyer Contact me via:

OAuth 2.0 By “PJ” (JP on meetup.com) iOS and PHP developer, and occasional lawyer Contact me via:
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Prabath Siriwardena | Johann Nallathamby.

Prabath Siriwardena | Johann Nallathamby.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Creating a Single Sign On Account. To create a Single Sign On ID please visit https://IMPACT.illinois.gov and select the option to create a new account.

Creating a Single Sign On Account. To create a Single Sign On ID please visit and select the option to create a new account.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13, 2014 1.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.

Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.

Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21, 2014 1.

SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21,
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.
Copyright ©2012 Ping Identity Corporation. All rights reserved.1.

Copyright ©2012 Ping Identity Corporation. All rights reserved.1.

Similar presentations

Ads by Google