open standard based identity provisioning for cloud
DESCRIPTION
Open standard based Identity Provisioning for Cloud. Prabath Siriwardena. About Me. Director of Security Architecture at WSO2 Leads WSO2 Identity Server – an open source identity and entitlement management product. Apache Axis2/Rampart committer / PMC - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/1.jpg)
Open standard based Identity Provisioning for Cloud
Prabath Siriwardena
![Page 2: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/2.jpg)
About Me• Director of Security Architecture at WSO2• Leads WSO2 Identity Server – an open source identity and
entitlement management product.• Apache Axis2/Rampart committer / PMC• A member of OASIS Identity Metasystem Interoperability (IMI)
TC, OASIS eXtensible Access Control Markup Language (XACML) TC and OASIS Security Services (SAML) TC.
• Twitter : @prabath• Email : [email protected]• Blog : http://blog.facilelogin.com• LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
![Page 3: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/3.jpg)
Plug-Map
![Page 4: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/4.jpg)
Open standard (and also open source)
based Identity Provisioning for Cloud
![Page 5: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/5.jpg)
Synchronization
![Page 6: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/6.jpg)
Synchronization
![Page 7: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/7.jpg)
Sharing
![Page 8: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/8.jpg)
Single Sign-On
![Page 9: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/9.jpg)
Provisioning
![Page 10: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/10.jpg)
Standard-based Provisioning
![Page 11: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/11.jpg)
Standard-based ProvisioningSPML 1.0 Request / Response
![Page 12: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/12.jpg)
Standard-based ProvisioningSPML 1.0 Request / Response
![Page 13: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/13.jpg)
Standard-based ProvisioningSPML 2.0 Request / Response [DSML]
![Page 14: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/14.jpg)
Standard-based ProvisioningSPML 2.0 Request / Response [XDS]
![Page 15: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/15.jpg)
Standard-based Provisioning
![Page 16: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/16.jpg)
System for Cross-domain Identity Management
![Page 17: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/17.jpg)
System for Cross-domain Identity Management
{"schemas":[], "name": {"familyName":"siriwardena", "givenName":"prabath"}, "userName":"prabath", "password":"prabath123", "externalId":"prabathext", "emails":[ {"primary":true, "value":"[email protected]", "type":"home"}, {"value":"[email protected]", "type":"work"}]}
curl -k --user admin:admin -d @add-user.json --header "Content-Type:application/json" https://localhost:9445/wso2/scim/Users
![Page 18: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/18.jpg)
System for Cross-domain Identity Management
{"schemas":["urn:scim:schemas:core:1.0"], "displayName" : "OSDC", "externalId" : "OSDC", "members": [ { "value": "f64e6507-756d-4a14-ac43-c9d02167f411", "display": "prabath" } ]}
curl -k --user admin:admin -d @add-group.json --header "Content-Type:application/json" https://localhost:9445/wso2/scim/Groups
![Page 19: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/19.jpg)
System for Cross-domain Identity Management
![Page 20: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/20.jpg)
Authenticating SCIM Requests
• HTTP Basic Authentication• OAuth 2.0
![Page 21: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/21.jpg)
Authenticating SCIM Requests
![Page 22: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/22.jpg)
Authenticating SCIM Requests
curl -v -X POST --basic -u XQi6DUDPnMW_FH_VK3f1gBetNAsa:VfKb7MHzH7Q0U6YdNV6ehhetCpka -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "grant_type=password&username=admin&password=admin" https://localhost:9445/oauth2/token
curl -k -H "Authorization: Bearer ea7f76f134eb9bbb12d4b06b93e1d0a3" -d @add-user.json --header "Content-Type:application/json” https://localhost:9445/wso2/scim/Users
Get the Access Token from the OAuth Authorization Server
Add a user with via SCIM
![Page 23: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/23.jpg)
Authenticating SCIM Requests
![Page 24: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/24.jpg)
Authorizing SCIM Requests
![Page 25: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/25.jpg)
Authorizing SCIM Requests
![Page 26: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/26.jpg)
Authorizing SCIM Requests
![Page 27: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/27.jpg)
Federated Provisioning Patterns
![Page 28: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/28.jpg)
Federated Provisioning Patterns
![Page 29: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/29.jpg)
Federated Provisioning Patterns
![Page 30: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/30.jpg)
Federated Provisioning Patterns
![Page 31: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/31.jpg)
Federated Provisioning Patterns
![Page 32: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/32.jpg)
Federated Provisioning Patterns
![Page 33: Open standard based Identity Provisioning for Cloud](https://reader035.vdocuments.site/reader035/viewer/2022062305/568161da550346895dd1e400/html5/thumbnails/33.jpg)
lean . enterprise . middleware