Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013

Published byJonah Scandrett Modified over 10 years ago

Similar presentations

Presentation on theme: "AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013"— Presentation transcript:

1 AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013 daniel.latzer@switch.ch

2 © 2011 SWITCH Smartphone apps got very popular Universities want to develop their own apps No easy way to authenticate users in apps using AAI –Either user has to log in on every app start –Or the app stores the user credentials –App emulates browser and performs login The Problem 2

3 © 2011 SWITCH OAuth2 authentication server Mobile Proxy requests one initial AAI Login per app –Creates OAuth2 Access token Access token is used to –Authenticate with Mobile Proxy –Retrieve up-to-date AAI attributes from Mobile Proxy –Retrieve arbitrary protected resources from third party resource server Access token is valid for an extended period of time –No need to log in every time you use the app –May be revoked using a separate web interface The Solution: Mobile Proxy 3

4 © 2011 SWITCH Framework to log in to a service using third-party credentials Exchanges user credentials for access tokens –Credentials do not need to be stored –Access tokens permissions can be limited to the necessary OAuth2 4

5 © 2011 SWITCH Architecture 5 AAI Login Access Token Protected Data Resource Server Mobile ProxyAAI IdP Verify Login AAI Attributes Access Token AAI Attributes

6 © 2011 SWITCH Login Flow 6

7 © 2011 SWITCH After the AAI login is complete, the IdP redirects back to the Mobile Proxy The Mobile Proxy then displays a Page with a refresh header, pointing to a custom URL scheme: –uniapp://{app-name}/{access_token} –e.g. uniapp://demo/4yCjmdDlCtb8eWNNnmdrVKH1Kq1To0dVMLvu The mobile app is designed to react to this URL scheme and is opened. The access token is read out of the URL and stored in the app Login complete Redirection from Browser To App 7

8 © 2011 SWITCH Desktop Login Flow 8

9 © 2011 SWITCH All SWITCHaai IdPs support stored persistentIDs –PersistentID stored in database with mapping to user's attributes –Allows getting attributes for a user identified by persistentID –Attribute Query can be performed by SP without user interaction –Query can only succeed if user has accessed service at least once How to make Attribute Queries –resolvertest binary can be used to make attribute queries bundled with Shibboleth but slow –AttributeQuery Plugin for Shibboleth 2.5 Created by NII (GakuNin federation, JP) Provides a handler to make fast Attribute Queries via web /Shibboleth.sso/AttributeQuery?nameID=....&entityID=.... AAI Attribute Query 9

10 © 2011 SWITCH Attribute Retrieval 10

11 © 2011 SWITCH Features –Lightweight OAuth2 Server to map an AAI Persistent-ID to an access token –Provides REST/JSON interface –Web interface for revoking access to specific tokens –Supports multiple Apps with different attribute requirements Requirements –PHP 5.3 –MySQL –Shibboleth 2.5 Mobile Proxy Overview 11

12 © 2011 SWITCH Sample application that can be used as basis for own App Features –2 login methods Via integrated mobile phone web browser Via a PC to support alternative login mechanisms like X.509 Requires user to type a URL and a code or use QR code –Retrieves up-to-date attributes from IdP via Mobile Proxy –Retrieves application-specific data from a resource server Requirements –Android 2.2+ Example App Overview 12

13 © 2011 SWITCH Mobile Proxy and App were created as proof-of-concept BSD License Webpage and additional information https://www.switch.ch/aai/support/tools/aai-for-apps.html Availability 13

Download ppt "AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013"

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
Using EBSCOs Search Box Builder Tool Tutorial. Would you like to promote your EBSCOhost resources by adding an easy-to-use search box to your website?

Using EBSCOs Search Box Builder Tool Tutorial. Would you like to promote your EBSCOhost resources by adding an easy-to-use search box to your website?
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
12 October 2011 Andrew Brown IMu Technology EMu Global Users Group 12 October 2011 IMu Technology.

12 October 2011 Andrew Brown IMu Technology EMu Global Users Group 12 October 2011 IMu Technology.
REST and the Exchange Network 5/30/2012 1. REST REST stands for Representational State Transfer 2.

REST and the Exchange Network 5/30/ REST REST stands for Representational State Transfer 2.
Developing downloadable mobile apps using HTML5 and PhoneGap Apache Callback Ron Perry, CTO, Worklight Inc.

Developing downloadable mobile apps using HTML5 and PhoneGap Apache Callback Ron Perry, CTO, Worklight Inc.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
2006 © SWITCH Group Management Tool Lukas Haemmerle

2006 © SWITCH Group Management Tool Lukas Haemmerle
OAuth 2.0 By “PJ” (JP on meetup.com) iOS and PHP developer, and occasional lawyer Contact me via:

OAuth 2.0 By “PJ” (JP on meetup.com) iOS and PHP developer, and occasional lawyer Contact me via:
SFDC Integration Basics Gerry Winning. Integrating Your Progress App with SFDC Ovid Back Office App is Fully Integrated with SFDC (about two and a half.

SFDC Integration Basics Gerry Winning. Integrating Your Progress App with SFDC Ovid Back Office App is Fully Integrated with SFDC (about two and a half.
1 Wolfgang Lierz Staff IT-Services / Network & Security Admin ETH-Bibliothek Zurich Integration Primo-Aleph-PDS-SSO- AAI Wolfgang Lierz / IGeLU 2012 Zurich.

1 Wolfgang Lierz Staff IT-Services / Network & Security Admin ETH-Bibliothek Zurich Integration Primo-Aleph-PDS-SSO- AAI Wolfgang Lierz / IGeLU 2012 Zurich.
Using Evernote and Google Docs in your web or mobile application (and potentially Dropbox and Skydrive) By Peter Messenger Senior Developer – Triple Point.

Using Evernote and Google Docs in your web or mobile application (and potentially Dropbox and Skydrive) By Peter Messenger Senior Developer – Triple Point.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Smartphone Apps Development Team Weiqing Li Lijun Zhu Man Li.

Smartphone Apps Development Team Weiqing Li Lijun Zhu Man Li.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.

The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
Hannes Tschofenig MIT CFP Privacy & Security Working Group Feb. 2 nd 2011.

Hannes Tschofenig MIT CFP Privacy & Security Working Group Feb. 2 nd 2011.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Similar presentations

Ads by Google