SlideShare a Scribd company logo

[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG

Worteks
Worteks

LemonLDAP::NG is an open source software that provides single sign-on and identity federation capabilities. It allows users to authenticate once and access multiple applications securely. It supports standards like CAS, SAML and OpenID Connect for authentication. LemonLDAP::NG also provides ways to protect APIs and web services using tokens validated by handlers. It has been an OW2 project since 2003 and supports protocols for federation between identity providers.

1 of 31

Download presentation

Your download has started
Download to read offline
1
MicroServices authentication and authorization with LemonLDAP::NG Clément OUDOT – Identity Solutions Manager clement.oudot@worteks.com
2
2 (v .t ks)ɔʁ ɛ Services Heterogeneous and complex infrastructures, cloud, mail, authentication, security  Studies, audit and consulting  Technical expertise  Technical support  Training  R&D Edition Collaboration and application portal Mutualized platform for development Identity and Access Management Partnership
3
3 Single Sign On
4
4 Imagine SSOng Imagine there are no passwords Or maybe just only one A single secured form To access our applications Imagine all the users Loving security Imagine applications No more storing passwords Relying on a token Even for authorizations Imagine all developers Loving security Imagine some protocols Made by clever people CAS, OpenID or SAML Even WS Federation Imagine authentication Interoperability You may say I'm a hacker But I'm not the only one I hope one day You will log in Using the Single Sign On © John Lennon
5
5 Authentication Portal Application 2. Authentication 1. First access 3. Send SSO Token Trust link 4. Validate SSO token SSO workflow
6
6 Y O L O You Only Log Once
7
7 LemonLDAP::NG Software
8
8 History 2003 2006 2010 2016 2018 Project creation Fork – version NG Protocols CAS, SAML and OpenID Version 1.0 Protocol OpenID Connect Second factors (2FA) Version 2.0
9
9 Main features ● Web Single Sign On ● Access control ● Applications portal ● Authentication modules choice and chain ● Password management, account creation ● Multi-factor authentication (MFA) ● Protection of Web applications and API/WebServices ● Graphical customisation ● Packages for Debian/Ubuntu/RHEL/CentOS
10
10 Login page
11
11 Portal with application menu
12
12 Web Administration interface
13
13 Command Line Interface
14
14 Free Software ● License GPL ● OW2 project ● Forge: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng ● Site: https://lemonldap-ng.org ● OW2 Community Award in 2014 and 2018 ● SSO component of FusionIAM project: https://fusioniam.org/
15
15 Component roles Configurations Sessions Portal Manager Handler Application menu CAS SAML OpenID Connect Self Services SOAP/REST server Session management Configurations Sessions Notifications Second factors Access Control SSOaaS Web Service Token Custom
16
16 Web application protection with Handler Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers
17
17 Identity Federation
18
12/06/19 18 Main features ● LL::NG can act as client and as server ● Attributes sharing ● Manage authentication contexts and levels ● Autogeneration of public/private keys ● Access control per services ● Publication of configuration data (metadata) ● Multi-protocols gateway ● Single logout
19
12/06/19 19 CAS CAS client CAS server First access Redirection for authentication Service TicketService Ticket Service ticket validation Access to identity
20
12/06/19 20 SAML Service Provider (SP) Identity Provider (IDP) First access IDP choice Authentication request Authentication responseAuthentication response Signature verification Read assertion
21
12/06/19 21 OpenID Connect Relying Party (RP) OpenID Provider (OP) First access OP choice Authentication request JWT JWT Signature verification Read JWT Get UserInfo
22
22 API / WebService protection
23
12/06/19 23 How to protect a WebService ● Global authentication: – HTTP Basic – SSL client certificate ● User oriented authentication?
24
12/06/19 24 LL::NG ServiceToken Handler ● New Handler "Service Token" installed between application and WebService ● Main Handler generates a token based on time session_id and virtual hosts: cipher(time, session_id, vhost_list) ● The token is sent by application to WebService ● The Handler "Service Token" intercepts the token, validates it and apply access rules, and sent HTTP headers to WebService
25
12/06/19 25 LL::NG ServiceToken Handler Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers Token Handler Service Token Web Service Token HTTP headers Session read
26
12/06/19 26 Using OAuth2 ● When LL::NG acts as OIDC provider, it delivers an OAuth2 access token ● This access token can be validated with different operations: – Call /oauth2/userinfo, which will return user attributes – Call /oauth2/introspect, which will return token information (including the token owner) – see RFC 7662 – Use LL::NG OAuth2 Handler
27
12/06/19 27 LL::NG OAuth2 Handler Sessions Portal Web Application Authentication Session creation OIDC response Handler OAuth2 Web Service Access Token HTTP headers Session read ID Token Access Token
28
12/06/19 28 Example – UserInfo Endpoint $ curl -k -H "Authorization: Bearer a74d504ec9e784785e70a1da2b95d1d2" https://auth.openid.club/oauth2/userinfo | json_pp {   "family_name" : "OUDOT",   "name" : "Clément OUDOT",   "email" : "clement@oodo.net",   "sub" : "coudot" }
29
12/06/19 29 Example – Intropsection Endpoint $ curl -k -H "Authorization: Basic bGVtb25sZGFwOnNlY3JldA==" -X POST -d "token=a74d504ec9e784785e70a1da2b95d1d2" https://auth.openid.club/oauth2/introspect | json_pp { "client_id" : "lemonldap", "sub" : "coudot", "exp" : 1572446485, "active" : true, "scope" : "openid profile address email phone" }
30
12/06/19 30 Example – Oauth2 Handler $ curl -k -H "Authorization: Bearer a74d504ec9e784785e70a1da2b95d1d2" https://oauth2.openid.club/api.pl { "check" : "true", "user" : "coudot" }
31
31 Thanks for your attention More informations: info@worteks.com @worteks_com linkedin.com/company/worteks
MicroServices authentication and authorization with LemonLDAP::NG Clément OUDOT – Identity Solutions Manager clement.oudot@worteks.com
2 (v .t ks)ɔʁ ɛ Services Heterogeneous and complex infrastructures, cloud, mail, authentication, security  Studies, audit and consulting  Technical expertise  Technical support  Training  R&D Edition Collaboration and application portal Mutualized platform for development Identity and Access Management Partnership
3 Single Sign On
4 Imagine SSOng Imagine there are no passwords Or maybe just only one A single secured form To access our applications Imagine all the users Loving security Imagine applications No more storing passwords Relying on a token Even for authorizations Imagine all developers Loving security Imagine some protocols Made by clever people CAS, OpenID or SAML Even WS Federation Imagine authentication Interoperability You may say I'm a hacker But I'm not the only one I hope one day You will log in Using the Single Sign On © John Lennon
5 Authentication Portal Application 2. Authentication 1. First access 3. Send SSO Token Trust link 4. Validate SSO token SSO workflow
6 Y O L O You Only Log Once
7 LemonLDAP::NG Software
8 History 2003 2006 2010 2016 2018 Project creation Fork – version NG Protocols CAS, SAML and OpenID Version 1.0 Protocol OpenID Connect Second factors (2FA) Version 2.0
9 Main features ● Web Single Sign On ● Access control ● Applications portal ● Authentication modules choice and chain ● Password management, account creation ● Multi-factor authentication (MFA) ● Protection of Web applications and API/WebServices ● Graphical customisation ● Packages for Debian/Ubuntu/RHEL/CentOS
10 Login page
11 Portal with application menu
12 Web Administration interface
13 Command Line Interface
14 Free Software ● License GPL ● OW2 project ● Forge: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng ● Site: https://lemonldap-ng.org ● OW2 Community Award in 2014 and 2018 ● SSO component of FusionIAM project: https://fusioniam.org/
15 Component roles Configurations Sessions Portal Manager Handler Application menu CAS SAML OpenID Connect Self Services SOAP/REST server Session management Configurations Sessions Notifications Second factors Access Control SSOaaS Web Service Token Custom
16 Web application protection with Handler Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers
17 Identity Federation
12/06/19 18 Main features ● LL::NG can act as client and as server ● Attributes sharing ● Manage authentication contexts and levels ● Autogeneration of public/private keys ● Access control per services ● Publication of configuration data (metadata) ● Multi-protocols gateway ● Single logout
12/06/19 19 CAS CAS client CAS server First access Redirection for authentication Service TicketService Ticket Service ticket validation Access to identity
12/06/19 20 SAML Service Provider (SP) Identity Provider (IDP) First access IDP choice Authentication request Authentication responseAuthentication response Signature verification Read assertion
12/06/19 21 OpenID Connect Relying Party (RP) OpenID Provider (OP) First access OP choice Authentication request JWT JWT Signature verification Read JWT Get UserInfo
22 API / WebService protection
12/06/19 23 How to protect a WebService ● Global authentication: – HTTP Basic – SSL client certificate ● User oriented authentication?
12/06/19 24 LL::NG ServiceToken Handler ● New Handler "Service Token" installed between application and WebService ● Main Handler generates a token based on time session_id and virtual hosts: cipher(time, session_id, vhost_list) ● The token is sent by application to WebService ● The Handler "Service Token" intercepts the token, validates it and apply access rules, and sent HTTP headers to WebService
12/06/19 25 LL::NG ServiceToken Handler Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers Token Handler Service Token Web Service Token HTTP headers Session read
12/06/19 26 Using OAuth2 ● When LL::NG acts as OIDC provider, it delivers an OAuth2 access token ● This access token can be validated with different operations: – Call /oauth2/userinfo, which will return user attributes – Call /oauth2/introspect, which will return token information (including the token owner) – see RFC 7662 – Use LL::NG OAuth2 Handler
12/06/19 27 LL::NG OAuth2 Handler Sessions Portal Web Application Authentication Session creation OIDC response Handler OAuth2 Web Service Access Token HTTP headers Session read ID Token Access Token
12/06/19 28 Example – UserInfo Endpoint $ curl -k -H "Authorization: Bearer a74d504ec9e784785e70a1da2b95d1d2" https://auth.openid.club/oauth2/userinfo | json_pp {   "family_name" : "OUDOT",   "name" : "Clément OUDOT",   "email" : "clement@oodo.net",   "sub" : "coudot" }
12/06/19 29 Example – Intropsection Endpoint $ curl -k -H "Authorization: Basic bGVtb25sZGFwOnNlY3JldA==" -X POST -d "token=a74d504ec9e784785e70a1da2b95d1d2" https://auth.openid.club/oauth2/introspect | json_pp { "client_id" : "lemonldap", "sub" : "coudot", "exp" : 1572446485, "active" : true, "scope" : "openid profile address email phone" }
12/06/19 30 Example – Oauth2 Handler $ curl -k -H "Authorization: Bearer a74d504ec9e784785e70a1da2b95d1d2" https://oauth2.openid.club/api.pl { "check" : "true", "user" : "coudot" }
31 Thanks for your attention More informations: info@worteks.com @worteks_com linkedin.com/company/worteks

Recommended

CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0Protecting web APIs with OAuth 2.0
Protecting web APIs with OAuth 2.0
Vladimir Dzhuvinov
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
Pat Patterson
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
Full stack security
Full stack securityFull stack security
Full stack security
DPC Consulting Ltd
 
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinFOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
Calvin Cheng
 
Understanding OpenID
Understanding OpenIDUnderstanding OpenID
Understanding OpenID
Prabath Siriwardena
 
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaCordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
Vasiliy Suvorov
 
SSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web SecuritySSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web Security
HTS Hosting
 
OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2
Mike Schwartz
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
Vasiliy Suvorov
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?
Oliver Pfaff
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
Vladimir Bychkov
 
SSL Certificate and Code Signing
SSL Certificate and Code SigningSSL Certificate and Code Signing
SSL Certificate and Code Signing
Li-Wei Yao
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
Salesforce Developers
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)
Torsten Lodderstedt
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
Torsten Lodderstedt
 
Masterclass on the DID Universal Resolver
Masterclass on the DID Universal ResolverMasterclass on the DID Universal Resolver
Masterclass on the DID Universal Resolver
Markus Sabadello
 
Technologies for Self-Sovereign Identity
Technologies for Self-Sovereign IdentityTechnologies for Self-Sovereign Identity
Technologies for Self-Sovereign Identity
Markus Sabadello
 
Decentralized Identifiers
Decentralized IdentifiersDecentralized Identifiers
Decentralized Identifiers
Markus Sabadello
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
WSO2
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
FIDO Alliance
 
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Gokul Alex
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
6 Key Blockchain Features You Need to Know Now
6 Key Blockchain Features You Need to Know Now6 Key Blockchain Features You Need to Know Now
6 Key Blockchain Features You Need to Know Now
101 Blockchains
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
Eugene Siow
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
Sylvain Maret
 
Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04
Synacts
 

More Related Content

What's hot (20)

SSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web SecuritySSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web Security
HTS Hosting
 
OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2
Mike Schwartz
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
Vasiliy Suvorov
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?
Oliver Pfaff
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
Vladimir Bychkov
 
SSL Certificate and Code Signing
SSL Certificate and Code SigningSSL Certificate and Code Signing
SSL Certificate and Code Signing
Li-Wei Yao
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
Salesforce Developers
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)
Torsten Lodderstedt
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
Torsten Lodderstedt
 
Masterclass on the DID Universal Resolver
Masterclass on the DID Universal ResolverMasterclass on the DID Universal Resolver
Masterclass on the DID Universal Resolver
Markus Sabadello
 
Technologies for Self-Sovereign Identity
Technologies for Self-Sovereign IdentityTechnologies for Self-Sovereign Identity
Technologies for Self-Sovereign Identity
Markus Sabadello
 
Decentralized Identifiers
Decentralized IdentifiersDecentralized Identifiers
Decentralized Identifiers
Markus Sabadello
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
WSO2
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
FIDO Alliance
 
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Gokul Alex
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
6 Key Blockchain Features You Need to Know Now
6 Key Blockchain Features You Need to Know Now6 Key Blockchain Features You Need to Know Now
6 Key Blockchain Features You Need to Know Now
101 Blockchains
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
Eugene Siow
 
SSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web SecuritySSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web Security
HTS Hosting
 
OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2OpenID Connect vs. OpenID 1 & 2
OpenID Connect vs. OpenID 1 & 2
Mike Schwartz
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
Vasiliy Suvorov
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?
Oliver Pfaff
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
Vladimir Bychkov
 
SSL Certificate and Code Signing
SSL Certificate and Code SigningSSL Certificate and Code Signing
SSL Certificate and Code Signing
Li-Wei Yao
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
Salesforce Developers
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)
Torsten Lodderstedt
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
Torsten Lodderstedt
 
Masterclass on the DID Universal Resolver
Masterclass on the DID Universal ResolverMasterclass on the DID Universal Resolver
Masterclass on the DID Universal Resolver
Markus Sabadello
 
Technologies for Self-Sovereign Identity
Technologies for Self-Sovereign IdentityTechnologies for Self-Sovereign Identity
Technologies for Self-Sovereign Identity
Markus Sabadello
 
Decentralized Identifiers
Decentralized IdentifiersDecentralized Identifiers
Decentralized Identifiers
Markus Sabadello
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
WSO2
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
FIDO Alliance
 
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Gokul Alex
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
6 Key Blockchain Features You Need to Know Now
6 Key Blockchain Features You Need to Know Now6 Key Blockchain Features You Need to Know Now
6 Key Blockchain Features You Need to Know Now
101 Blockchains
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
Eugene Siow
 

Similar to [POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG (20)

Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
Sylvain Maret
 
Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04
Synacts
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
Jitendra Bafna
 
WebRTC Identity in SAML Federations
WebRTC Identity in SAML FederationsWebRTC Identity in SAML Federations
WebRTC Identity in SAML Federations
Mihály Mészáros
 
Auth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesAuth proxy pattern on Kubernetes
Auth proxy pattern on Kubernetes
Michał Wcisło
 
Access management
Access managementAccess management
Access management
Venkatesh Jambulingam
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
Bixlabs
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAML
pqrs1234
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2
Donald Malloy
 
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
MysoreMuleSoftMeetup
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
CloudIDSummit
 
Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017
Kevin Cody
 
Securing RESTful API
Securing RESTful APISecuring RESTful API
Securing RESTful API
Muhammad Zbeedat
 
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ..."Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
Fwdays
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black
WSO2
 
Openstack identity protocols unconference
Openstack identity protocols unconferenceOpenstack identity protocols unconference
Openstack identity protocols unconference
David Waite
 
Presentation
PresentationPresentation
Presentation
Laxman Kumar
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
Brian Spector
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
Sylvain Maret
 
Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04Digital ID Protocol - Presentation 2015-12-04
Digital ID Protocol - Presentation 2015-12-04
Synacts
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
Jitendra Bafna
 
WebRTC Identity in SAML Federations
WebRTC Identity in SAML FederationsWebRTC Identity in SAML Federations
WebRTC Identity in SAML Federations
Mihály Mészáros
 
Auth proxy pattern on Kubernetes
Auth proxy pattern on KubernetesAuth proxy pattern on Kubernetes
Auth proxy pattern on Kubernetes
Michał Wcisło
 
Access management
Access managementAccess management
Access management
Venkatesh Jambulingam
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
Bixlabs
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAML
pqrs1234
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2
Donald Malloy
 
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
MysoreMuleSoftMeetup
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
CloudIDSummit
 
Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017
Kevin Cody
 
Securing RESTful API
Securing RESTful APISecuring RESTful API
Securing RESTful API
Muhammad Zbeedat
 
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ..."Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
"Securing SSO Authentication: Strategies to eliminate vulnerabilities", Oleh ...
Fwdays
 
[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black[WSO2Con EU 2018] Identity APIs is the New Black
[WSO2Con EU 2018] Identity APIs is the New Black
WSO2
 
Openstack identity protocols unconference
Openstack identity protocols unconferenceOpenstack identity protocols unconference
Openstack identity protocols unconference
David Waite
 
Presentation
PresentationPresentation
Presentation
Laxman Kumar
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
Brian Spector
 

More from Worteks (20)

[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
Worteks
 
[Identity Days 2021] W'IDaaS - Identity as a Service
[Identity Days 2021] W'IDaaS - Identity as a Service[Identity Days 2021] W'IDaaS - Identity as a Service
[Identity Days 2021] W'IDaaS - Identity as a Service
Worteks
 
[Identity Days 2021] Quel avenir pour OpenLDAP ?
[Identity Days 2021] Quel avenir pour OpenLDAP ?[Identity Days 2021] Quel avenir pour OpenLDAP ?
[Identity Days 2021] Quel avenir pour OpenLDAP ?
Worteks
 
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
Worteks
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
Worteks
 
[AFUP Lyon 2021] LDAP Tool Box Self Service Password
[AFUP Lyon 2021] LDAP Tool Box Self Service Password[AFUP Lyon 2021] LDAP Tool Box Self Service Password
[AFUP Lyon 2021] LDAP Tool Box Self Service Password
Worteks
 
[OpenDay 2021] Logiciel libre, entreprises et modèles économiques
[OpenDay 2021] Logiciel libre, entreprises et modèles économiques[OpenDay 2021] Logiciel libre, entreprises et modèles économiques
[OpenDay 2021] Logiciel libre, entreprises et modèles économiques
Worteks
 
[Campus du Libre 2020] Présentation de la solution W'Sweet
[Campus du Libre 2020] Présentation de la solution W'Sweet[Campus du Libre 2020] Présentation de la solution W'Sweet
[Campus du Libre 2020] Présentation de la solution W'Sweet
Worteks
 
[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...
[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...
[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...
Worteks
 
[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet
[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet
[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet
Worteks
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
Worteks
 
[OW2online 2020] LDAP Synchronization Connector
[OW2online 2020] LDAP Synchronization Connector[OW2online 2020] LDAP Synchronization Connector
[OW2online 2020] LDAP Synchronization Connector
Worteks
 
[Aperhologramme 2020] Comment faire du logiciel libre ?
[Aperhologramme 2020] Comment faire du logiciel libre ?[Aperhologramme 2020] Comment faire du logiciel libre ?
[Aperhologramme 2020] Comment faire du logiciel libre ?
Worteks
 
[POSS 2019] OVirt and Ceph: Perfect Combination.?
[POSS 2019] OVirt and Ceph: Perfect Combination.?[POSS 2019] OVirt and Ceph: Perfect Combination.?
[POSS 2019] OVirt and Ceph: Perfect Combination.?
Worteks
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
Worteks
 
[POSS 2019] Learn AWK in 15 minutes
[POSS 2019] Learn AWK in 15 minutes[POSS 2019] Learn AWK in 15 minutes
[POSS 2019] Learn AWK in 15 minutes
Worteks
 
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
Worteks
 
[LDAPCon 2019] The FusionIAM initiative
[LDAPCon 2019] The FusionIAM initiative[LDAPCon 2019] The FusionIAM initiative
[LDAPCon 2019] The FusionIAM initiative
Worteks
 
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...
Worteks
 
[RedHat Forum 2019] REX - COMMENT MONTER UNE OFFRE DE CLOUD EN MARQUE BLANCHE...
[RedHat Forum 2019] REX - COMMENT MONTER UNE OFFRE DE CLOUD EN MARQUE BLANCHE...[RedHat Forum 2019] REX - COMMENT MONTER UNE OFFRE DE CLOUD EN MARQUE BLANCHE...
[RedHat Forum 2019] REX - COMMENT MONTER UNE OFFRE DE CLOUD EN MARQUE BLANCHE...
Worteks
 
[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
[Open Source Experience 2021] Une infrastructure Cloud et une solution IDaaS ...
Worteks
 
[Identity Days 2021] W'IDaaS - Identity as a Service
[Identity Days 2021] W'IDaaS - Identity as a Service[Identity Days 2021] W'IDaaS - Identity as a Service
[Identity Days 2021] W'IDaaS - Identity as a Service
Worteks
 
[Identity Days 2021] Quel avenir pour OpenLDAP ?
[Identity Days 2021] Quel avenir pour OpenLDAP ?[Identity Days 2021] Quel avenir pour OpenLDAP ?
[Identity Days 2021] Quel avenir pour OpenLDAP ?
Worteks
 
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
[Pass the SALT 2021] Hosting Identity in the Cloud with free softwares
Worteks
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
Worteks
 
[AFUP Lyon 2021] LDAP Tool Box Self Service Password
[AFUP Lyon 2021] LDAP Tool Box Self Service Password[AFUP Lyon 2021] LDAP Tool Box Self Service Password
[AFUP Lyon 2021] LDAP Tool Box Self Service Password
Worteks
 
[OpenDay 2021] Logiciel libre, entreprises et modèles économiques
[OpenDay 2021] Logiciel libre, entreprises et modèles économiques[OpenDay 2021] Logiciel libre, entreprises et modèles économiques
[OpenDay 2021] Logiciel libre, entreprises et modèles économiques
Worteks
 
[Campus du Libre 2020] Présentation de la solution W'Sweet
[Campus du Libre 2020] Présentation de la solution W'Sweet[Campus du Libre 2020] Présentation de la solution W'Sweet
[Campus du Libre 2020] Présentation de la solution W'Sweet
Worteks
 
[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...
[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...
[Identity Days 2020] Politique des mots de passe des annuaires LDAP et outils...
Worteks
 
[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet
[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet
[Université Lyon 1] Exemples de logiciels libres : LemonLDAP::NG et W'Sweet
Worteks
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
Worteks
 
[OW2online 2020] LDAP Synchronization Connector
[OW2online 2020] LDAP Synchronization Connector[OW2online 2020] LDAP Synchronization Connector
[OW2online 2020] LDAP Synchronization Connector
Worteks
 
[Aperhologramme 2020] Comment faire du logiciel libre ?
[Aperhologramme 2020] Comment faire du logiciel libre ?[Aperhologramme 2020] Comment faire du logiciel libre ?
[Aperhologramme 2020] Comment faire du logiciel libre ?
Worteks
 
[POSS 2019] OVirt and Ceph: Perfect Combination.?
[POSS 2019] OVirt and Ceph: Perfect Combination.?[POSS 2019] OVirt and Ceph: Perfect Combination.?
[POSS 2019] OVirt and Ceph: Perfect Combination.?
Worteks
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
Worteks
 
[POSS 2019] Learn AWK in 15 minutes
[POSS 2019] Learn AWK in 15 minutes[POSS 2019] Learn AWK in 15 minutes
[POSS 2019] Learn AWK in 15 minutes
Worteks
 
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
Worteks
 
[LDAPCon 2019] The FusionIAM initiative
[LDAPCon 2019] The FusionIAM initiative[LDAPCon 2019] The FusionIAM initiative
[LDAPCon 2019] The FusionIAM initiative
Worteks
 
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...
Worteks
 
[RedHat Forum 2019] REX - COMMENT MONTER UNE OFFRE DE CLOUD EN MARQUE BLANCHE...
[RedHat Forum 2019] REX - COMMENT MONTER UNE OFFRE DE CLOUD EN MARQUE BLANCHE...[RedHat Forum 2019] REX - COMMENT MONTER UNE OFFRE DE CLOUD EN MARQUE BLANCHE...
[RedHat Forum 2019] REX - COMMENT MONTER UNE OFFRE DE CLOUD EN MARQUE BLANCHE...
Worteks
 

Recently uploaded (20)

Cognitive Chasms - A Typology of GenAI Failure Failure Modes
Cognitive Chasms - A Typology of GenAI Failure Failure ModesCognitive Chasms - A Typology of GenAI Failure Failure Modes
Cognitive Chasms - A Typology of GenAI Failure Failure Modes
Dr. Tathagat Varma
 
Introducing FME Realize: A New Era of Spatial Computing and AR
Introducing FME Realize: A New Era of Spatial Computing and ARIntroducing FME Realize: A New Era of Spatial Computing and AR
Introducing FME Realize: A New Era of Spatial Computing and AR
Safe Software
 
Offshore IT Support: Balancing In-House and Offshore Help Desk Technicians
Offshore IT Support: Balancing In-House and Offshore Help Desk TechniciansOffshore IT Support: Balancing In-House and Offshore Help Desk Technicians
Offshore IT Support: Balancing In-House and Offshore Help Desk Technicians
john823664
 
Measuring Microsoft 365 Copilot and Gen AI Success
Measuring Microsoft 365 Copilot and Gen AI SuccessMeasuring Microsoft 365 Copilot and Gen AI Success
Measuring Microsoft 365 Copilot and Gen AI Success
Nikki Chapple
 
Agentic AI - The New Era of Intelligence
Agentic AI - The New Era of IntelligenceAgentic AI - The New Era of Intelligence
Agentic AI - The New Era of Intelligence
Muzammil Shah
 
Contributing to WordPress With & Without Code.pptx
Contributing to WordPress With & Without Code.pptxContributing to WordPress With & Without Code.pptx
Contributing to WordPress With & Without Code.pptx
Patrick Lumumba
 
Maxx nft market place new generation nft marketing place
Maxx nft market place new generation nft marketing placeMaxx nft market place new generation nft marketing place
Maxx nft market place new generation nft marketing place
usersalmanrazdelhi
 
Cyber Security Legal Framework in Nepal.pptx
Cyber Security Legal Framework in Nepal.pptxCyber Security Legal Framework in Nepal.pptx
Cyber Security Legal Framework in Nepal.pptx
Ghimire B.R.
 
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Lorenzo Miniero
 
ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....
ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....
ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....
Jasper Oosterveld
 
Supercharge Your AI Development with Local LLMs
Supercharge Your AI Development with Local LLMsSupercharge Your AI Development with Local LLMs
Supercharge Your AI Development with Local LLMs
Francesco Corti
 
Data Virtualization: Bringing the Power of FME to Any Application
Data Virtualization: Bringing the Power of FME to Any ApplicationData Virtualization: Bringing the Power of FME to Any Application
Data Virtualization: Bringing the Power of FME to Any Application
Safe Software
 
SDG 9000 Series: Unleashing multigigabit everywhere
SDG 9000 Series: Unleashing multigigabit everywhereSDG 9000 Series: Unleashing multigigabit everywhere
SDG 9000 Series: Unleashing multigigabit everywhere
Adtran
 
New Ways to Reduce Database Costs with ScyllaDB
New Ways to Reduce Database Costs with ScyllaDBNew Ways to Reduce Database Costs with ScyllaDB
New Ways to Reduce Database Costs with ScyllaDB
ScyllaDB
 
Grannie’s Journey to Using Healthcare AI Experiences
Grannie’s Journey to Using Healthcare AI ExperiencesGrannie’s Journey to Using Healthcare AI Experiences
Grannie’s Journey to Using Healthcare AI Experiences
Lauren Parr
 
European Accessibility Act & Integrated Accessibility Testing
European Accessibility Act & Integrated Accessibility TestingEuropean Accessibility Act & Integrated Accessibility Testing
European Accessibility Act & Integrated Accessibility Testing
Julia Undeutsch
 
Create Your First AI Agent with UiPath Agent Builder
Create Your First AI Agent with UiPath Agent BuilderCreate Your First AI Agent with UiPath Agent Builder
Create Your First AI Agent with UiPath Agent Builder
DianaGray10
 
Cybersecurity Fundamentals: Apprentice - Palo Alto Certificate
Cybersecurity Fundamentals: Apprentice - Palo Alto CertificateCybersecurity Fundamentals: Apprentice - Palo Alto Certificate
Cybersecurity Fundamentals: Apprentice - Palo Alto Certificate
VICTOR MAESTRE RAMIREZ
 
AI Trends - Mary Meeker
AI Trends - Mary MeekerAI Trends - Mary Meeker
AI Trends - Mary Meeker
Razin Mustafiz
 
Let’s Get Slack Certified! 🚀- Slack Community
Let’s Get Slack Certified! 🚀- Slack CommunityLet’s Get Slack Certified! 🚀- Slack Community
Let’s Get Slack Certified! 🚀- Slack Community
SanjeetMishra29
 
Cognitive Chasms - A Typology of GenAI Failure Failure Modes
Cognitive Chasms - A Typology of GenAI Failure Failure ModesCognitive Chasms - A Typology of GenAI Failure Failure Modes
Cognitive Chasms - A Typology of GenAI Failure Failure Modes
Dr. Tathagat Varma
 
Introducing FME Realize: A New Era of Spatial Computing and AR
Introducing FME Realize: A New Era of Spatial Computing and ARIntroducing FME Realize: A New Era of Spatial Computing and AR
Introducing FME Realize: A New Era of Spatial Computing and AR
Safe Software
 
Offshore IT Support: Balancing In-House and Offshore Help Desk Technicians
Offshore IT Support: Balancing In-House and Offshore Help Desk TechniciansOffshore IT Support: Balancing In-House and Offshore Help Desk Technicians
Offshore IT Support: Balancing In-House and Offshore Help Desk Technicians
john823664
 
Measuring Microsoft 365 Copilot and Gen AI Success
Measuring Microsoft 365 Copilot and Gen AI SuccessMeasuring Microsoft 365 Copilot and Gen AI Success
Measuring Microsoft 365 Copilot and Gen AI Success
Nikki Chapple
 
Agentic AI - The New Era of Intelligence
Agentic AI - The New Era of IntelligenceAgentic AI - The New Era of Intelligence
Agentic AI - The New Era of Intelligence
Muzammil Shah
 
Contributing to WordPress With & Without Code.pptx
Contributing to WordPress With & Without Code.pptxContributing to WordPress With & Without Code.pptx
Contributing to WordPress With & Without Code.pptx
Patrick Lumumba
 
Maxx nft market place new generation nft marketing place
Maxx nft market place new generation nft marketing placeMaxx nft market place new generation nft marketing place
Maxx nft market place new generation nft marketing place
usersalmanrazdelhi
 
Cyber Security Legal Framework in Nepal.pptx
Cyber Security Legal Framework in Nepal.pptxCyber Security Legal Framework in Nepal.pptx
Cyber Security Legal Framework in Nepal.pptx
Ghimire B.R.
 
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Lorenzo Miniero
 
ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....
ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....
ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....
Jasper Oosterveld
 
Supercharge Your AI Development with Local LLMs
Supercharge Your AI Development with Local LLMsSupercharge Your AI Development with Local LLMs
Supercharge Your AI Development with Local LLMs
Francesco Corti
 
Data Virtualization: Bringing the Power of FME to Any Application
Data Virtualization: Bringing the Power of FME to Any ApplicationData Virtualization: Bringing the Power of FME to Any Application
Data Virtualization: Bringing the Power of FME to Any Application
Safe Software
 
SDG 9000 Series: Unleashing multigigabit everywhere
SDG 9000 Series: Unleashing multigigabit everywhereSDG 9000 Series: Unleashing multigigabit everywhere
SDG 9000 Series: Unleashing multigigabit everywhere
Adtran
 
New Ways to Reduce Database Costs with ScyllaDB
New Ways to Reduce Database Costs with ScyllaDBNew Ways to Reduce Database Costs with ScyllaDB
New Ways to Reduce Database Costs with ScyllaDB
ScyllaDB
 
Grannie’s Journey to Using Healthcare AI Experiences
Grannie’s Journey to Using Healthcare AI ExperiencesGrannie’s Journey to Using Healthcare AI Experiences
Grannie’s Journey to Using Healthcare AI Experiences
Lauren Parr
 
European Accessibility Act & Integrated Accessibility Testing
European Accessibility Act & Integrated Accessibility TestingEuropean Accessibility Act & Integrated Accessibility Testing
European Accessibility Act & Integrated Accessibility Testing
Julia Undeutsch
 
Create Your First AI Agent with UiPath Agent Builder
Create Your First AI Agent with UiPath Agent BuilderCreate Your First AI Agent with UiPath Agent Builder
Create Your First AI Agent with UiPath Agent Builder
DianaGray10
 
Cybersecurity Fundamentals: Apprentice - Palo Alto Certificate
Cybersecurity Fundamentals: Apprentice - Palo Alto CertificateCybersecurity Fundamentals: Apprentice - Palo Alto Certificate
Cybersecurity Fundamentals: Apprentice - Palo Alto Certificate
VICTOR MAESTRE RAMIREZ
 
AI Trends - Mary Meeker
AI Trends - Mary MeekerAI Trends - Mary Meeker
AI Trends - Mary Meeker
Razin Mustafiz
 
Let’s Get Slack Certified! 🚀- Slack Community
Let’s Get Slack Certified! 🚀- Slack CommunityLet’s Get Slack Certified! 🚀- Slack Community
Let’s Get Slack Certified! 🚀- Slack Community
SanjeetMishra29
 

[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG

  • 2. 2 (v .t ks)ɔʁ ɛ Services Heterogeneous and complex infrastructures, cloud, mail, authentication, security  Studies, audit and consulting  Technical expertise  Technical support  Training  R&D Edition Collaboration and application portal Mutualized platform for development Identity and Access Management Partnership
  • 4. 4 Imagine SSOng Imagine there are no passwords Or maybe just only one A single secured form To access our applications Imagine all the users Loving security Imagine applications No more storing passwords Relying on a token Even for authorizations Imagine all developers Loving security Imagine some protocols Made by clever people CAS, OpenID or SAML Even WS Federation Imagine authentication Interoperability You may say I'm a hacker But I'm not the only one I hope one day You will log in Using the Single Sign On © John Lennon
  • 5. 5 Authentication Portal Application 2. Authentication 1. First access 3. Send SSO Token Trust link 4. Validate SSO token SSO workflow
  • 6. 6 Y O L O You Only Log Once
  • 8. 8 History 2003 2006 2010 2016 2018 Project creation Fork – version NG Protocols CAS, SAML and OpenID Version 1.0 Protocol OpenID Connect Second factors (2FA) Version 2.0
  • 9. 9 Main features ● Web Single Sign On ● Access control ● Applications portal ● Authentication modules choice and chain ● Password management, account creation ● Multi-factor authentication (MFA) ● Protection of Web applications and API/WebServices ● Graphical customisation ● Packages for Debian/Ubuntu/RHEL/CentOS
  • 14. 14 Free Software ● License GPL ● OW2 project ● Forge: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng ● Site: https://lemonldap-ng.org ● OW2 Community Award in 2014 and 2018 ● SSO component of FusionIAM project: https://fusioniam.org/
  • 15. 15 Component roles Configurations Sessions Portal Manager Handler Application menu CAS SAML OpenID Connect Self Services SOAP/REST server Session management Configurations Sessions Notifications Second factors Access Control SSOaaS Web Service Token Custom
  • 16. 16 Web application protection with Handler Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers
  • 18. 12/06/19 18 Main features ● LL::NG can act as client and as server ● Attributes sharing ● Manage authentication contexts and levels ● Autogeneration of public/private keys ● Access control per services ● Publication of configuration data (metadata) ● Multi-protocols gateway ● Single logout
  • 19. 12/06/19 19 CAS CAS client CAS server First access Redirection for authentication Service TicketService Ticket Service ticket validation Access to identity
  • 20. 12/06/19 20 SAML Service Provider (SP) Identity Provider (IDP) First access IDP choice Authentication request Authentication responseAuthentication response Signature verification Read assertion
  • 21. 12/06/19 21 OpenID Connect Relying Party (RP) OpenID Provider (OP) First access OP choice Authentication request JWT JWT Signature verification Read JWT Get UserInfo
  • 22. 22 API / WebService protection
  • 23. 12/06/19 23 How to protect a WebService ● Global authentication: – HTTP Basic – SSL client certificate ● User oriented authentication?
  • 24. 12/06/19 24 LL::NG ServiceToken Handler ● New Handler "Service Token" installed between application and WebService ● Main Handler generates a token based on time session_id and virtual hosts: cipher(time, session_id, vhost_list) ● The token is sent by application to WebService ● The Handler "Service Token" intercepts the token, validates it and apply access rules, and sent HTTP headers to WebService
  • 25. 12/06/19 25 LL::NG ServiceToken Handler Sessions Portal Handler Web Application Authentication Session creation Session read SSO cookie HTTP headers Token Handler Service Token Web Service Token HTTP headers Session read
  • 26. 12/06/19 26 Using OAuth2 ● When LL::NG acts as OIDC provider, it delivers an OAuth2 access token ● This access token can be validated with different operations: – Call /oauth2/userinfo, which will return user attributes – Call /oauth2/introspect, which will return token information (including the token owner) – see RFC 7662 – Use LL::NG OAuth2 Handler
  • 27. 12/06/19 27 LL::NG OAuth2 Handler Sessions Portal Web Application Authentication Session creation OIDC response Handler OAuth2 Web Service Access Token HTTP headers Session read ID Token Access Token
  • 28. 12/06/19 28 Example – UserInfo Endpoint $ curl -k -H "Authorization: Bearer a74d504ec9e784785e70a1da2b95d1d2" https://auth.openid.club/oauth2/userinfo | json_pp {   "family_name" : "OUDOT",   "name" : "Clément OUDOT",   "email" : "[email protected]",   "sub" : "coudot" }
  • 29. 12/06/19 29 Example – Intropsection Endpoint $ curl -k -H "Authorization: Basic bGVtb25sZGFwOnNlY3JldA==" -X POST -d "token=a74d504ec9e784785e70a1da2b95d1d2" https://auth.openid.club/oauth2/introspect | json_pp { "client_id" : "lemonldap", "sub" : "coudot", "exp" : 1572446485, "active" : true, "scope" : "openid profile address email phone" }
  • 30. 12/06/19 30 Example – Oauth2 Handler $ curl -k -H "Authorization: Bearer a74d504ec9e784785e70a1da2b95d1d2" https://oauth2.openid.club/api.pl { "check" : "true", "user" : "coudot" }
  • 31. 31 Thanks for your attention More informations: [email protected] @worteks_com linkedin.com/company/worteks

Download presentation

Your download has started