Upload File

single sign on with oauth and openid

23
Jérôme Gasperi Single Sign On with OAuth and OpenID WGISS-36 ESA/ESRIN - Frascati, Italy - September 19 th , 2013

Upload: gasperi-jerome

Post on 15-Jan-2015

2.820 views

Category:

Technology


4 download

Report

Tags:

DESCRIPTION

CEOS WGISS 36 - Frascati, Italy - 2013.09.19 Single Sign On with OAuth and OpenID used for Kalideos project and to be used within the French Land Surface Thematic Center

TRANSCRIPT

Page 1: Single Sign On with OAuth and OpenID

Jérôme Gasperi

Single Sign On with OAuth and OpenID

WGISS-36ESA/ESRIN - Frascati, Italy - September 19th, 2013

http://wiki.services.eoportal.org/tiki-index.php?page=HMA+AWG+Meeting+no1+2013+%22cloud+paradigm%2C+standards+and+middleware+for+the+definition+of+collaborative+interfaces+across+Payload+Ground+Segments%22
http://wiki.services.eoportal.org/tiki-index.php?page=HMA+AWG+Meeting+no1+2013+%22cloud+paradigm%2C+standards+and+middleware+for+the+definition+of+collaborative+interfaces+across+Payload+Ground+Segments%22
Page 2: Single Sign On with OAuth and OpenID

OpenID is an open standard for authentication. Model is based on confidence links between Service Providers and Authentication Providers (i.e. OpenID providers) to achieve Single Sign On authentication

Page 3: Single Sign On with OAuth and OpenID

OAuth is an open standard for authorization.It provides a method for clients to access server resources on behalf of a resource owner

http://en.wikipedia.org/wiki/Open_standard
http://en.wikipedia.org/wiki/Open_standard
http://en.wikipedia.org/wiki/Authorization
http://en.wikipedia.org/wiki/Authorization
Page 4: Single Sign On with OAuth and OpenID

OAuth is an open standard for authorization.It provides a method for clients to access server resources on behalf of a resource owner

etc...

http://en.wikipedia.org/wiki/Open_standard
http://en.wikipedia.org/wiki/Open_standard
http://en.wikipedia.org/wiki/Authorization
http://en.wikipedia.org/wiki/Authorization
Page 5: Single Sign On with OAuth and OpenID

ExperimentFilter access to Kalideos (i.e. SPOT) data through a secured WMS server using OpenID Connect (i.e. OpenID over OAuth)

Page 6: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

3. Authentication with OAuth(OpenID Connect)

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

Page 7: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 8: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 9: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

3. Authentication with OAuth(OpenID Connect)

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

Page 10: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

3. Authentication with OAuth(OpenID Connect)

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

Page 11: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 12: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 13: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 14: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 15: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 16: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 17: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 18: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 19: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 20: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 21: Single Sign On with OAuth and OpenID

Kalideos Server

Identity Server

LDAP

WMS Server

1. Ask for authentication

2. Redirect to Identity Server

5. Send OAuth token

6. Get user informationusing OAuth token

10. Return user information

9. Send OAuth token forvalidation and get userinformation

7. Return user information

4. Return OAuth token

8. Send OAuth token

14. Ask for WMS feed

15. Return WMS feed

11. Ask for user rights

12. Get user rights

13. Create user session

3. Authentication with OAuth(OpenID Connect)

Page 22: Single Sign On with OAuth and OpenID

OpenID Connect planned to be used in Theia (i.e. French Land Surface Thematic Center)

Page 23: Single Sign On with OAuth and OpenID
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr
http://www.cnes.fr

Using OpenID/OAuth to access  Federated Data Services 

OAuth 2.0 und OpenId Connect

OAuth 2.0 and OpenId Connect

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University

Federated Shibboleth, OpenID , oAuth , and Multifactor

Federated Shibboleth, OpenID, oAuth, and Multifactor Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst

Oauth vs OpenId

LASCON 2017: SAML v. OpenID v. Oauth

CIS14: OAuth and OpenID Connect in Action

SAML vs OAuth 2.0 vs OpenID Connect

Bechtel On OpenID and OAuth from Cloud Identity Summit

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0

Yahoo! OpenID and OAuth

Openid & Oauth: An Introduction

OAuth 2.0 & OpenID Connect #MA7

OpenID and OAuth

Copy of Ping Summit Preso: OpenID and OAuthinnovbfa.viabloga.com › files › Cloud_Identity_Summit... · 2010-11-02 · OpenID Single Sign On and OAuth Data Access Dave Primmer

Mobile authentication and authorisation: OpenID and OAuth

Single Sign-On Security - Hackmanit...3 History of Single Sign-On OAuth 1.0 Oct 2007 OAuth 2.0 Oct 2012 OAuth 1.0 Rev A Jun 2009 OpenID Connect 1.0 Feb 2014 OpenID 1.1 May 2006 OpenID

RECENTEVOLUTIONSINTHE OAUTH 2.0 AND OPENID … · 2020-06-19 · Consulting services on security, Oauth2.0, ... User authentication Read & write data OpenID Connect OAuth 2.0 @PhilippeDeRyck

OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk

Identity and Data Access: OpenID & OAuth

Federated Shibboleth, OpenID, oAuth, and Multifactor · 2013-04-15 · Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor

CIS14: Working with OAuth and OpenID Connect

FROM A PROPOSAL TO HAPPY MARRIAGE...OpenID Connect 2005 SAML 2.0 SAML 1.1 Liberty Alliance ID-FF 2003 2015 Mobile Connect 2012 OAuth 2.0 2007 OAuth 1.0 OpenID 2.0 2008 OpenID 1.0 1999

OpenID/OAuth and YQL with .NET

Secure your APIs using OAuth 2 and OpenID Connect

Securing RESTful APIs using OAuth 2 and OpenID Connect

OpenID vs OAuth - Identity on the Web

アイデンティティ2.0とOAuth/OpenID Connect

Enterprise Openid Sso Oauth for Google Apps

Hybrid Auth: OpenID + OAuth

OAuth and OpenID Connect for Microservices

OpenId Tech Night vol.6 OAuth

DEMOgala 2010: OpenID and OAuth, Technologies to increase customer engagement