mini-training: sso with windows identity foundation

SSOwith

Window Identity Foundation

What is SSO ?

- SSO : Single Sign-On

- Log in once and access to all systems without to log in

again at each of them

Benefits

- Reducing password fatigue from different user

name and password combinations

- Reducing time spent re-entering passwords for

the same identity

- Reducing IT costs due to lower number of IT

help desk calls about passwords

- the negative impact in case the credentials are

available to other persons and misused ("keys

to the castle")

Criticisms

Principle & vocabulary

- Security Token

- Claims & Claims-based applications

- STS : Security Token Service

- RP : Relying Party

- IdP : Identity Provider

* alcohol can damage your health

Standards

- OpenID

- Facebook, Microsoft, Google, PayPal, Ping

Identity, Symantec, and Yahoo

- SAML & WS-Federation

- Microsoft - ADFS V2

- Azure AppFabric Access Control

- Windows Identity Foundation- Oauth

- Liberty Alliance

- Windows CardSpace (U-Prove)

- MicroID

- Windows CardSpace

- Higgins

OpenID SAML

Dates from 2005 2001

Current version OpenID 2.0 SAML 2.0

Main purpose Single sign-on for consumers Single sign-on for enterprise users

Protocols used XRDS, HTTP SAML, XML, HTTP, SOAP

.Net libraries DotNetOpenAuth

System.IdentityModel

Windows Identity Foundation

OpenID vs SAML

SAML

OpenID

Windows Identity Foundation

- WSFederationAuthenticationModule

- Handle redirection to STS

- Process the sign-in response

- Create the ClaimsPrincipal

- SessionAuthenticationModule

- Manage the authenticated session

- Write cookies

Windows Identity Foundation

https://betclicstage.com/r1/back/st1/back/Common/home.aspx

Betclic ADFS

Test localy with Thinktecture.IdentityModel.EmbeddedSts

- Use WS-Federation STS for ASP.NET with minimal configuration (replace

deprecated "Identity and Access Control" Visual Studio extension)

http://www.nuget.org/packages/Thinktecture.IdentityModel.EmbeddedSts/

Create a claims-based application on Visual Studio 2013

https://adfs-bead.betclicstage.net/federationmetadata/2007-06/federationmetadata.xml

Identity Developer Training Kithttp://www.microsoft.com/en-us/download/confirmation.aspx?id=14347

Passive Authentication for ASP.NET with WIFhttps://msdn.microsoft.com/en-us/magazine/ff872350.aspx

Federated Identities: OpenID vs SAML vs OAuthhttp://www.softwaresecured.com/2013/07/16/federated-identities-openid-vs-saml-vs-oauth/

Find out more• On https://techblog.betclicgroup.com/

About Us• Betclic Everest Group, one of the world leaders in online

gaming, has a unique portfolio comprising variouscomplementary international brands: Betclic, EverestPoker/Casino, Bet-at-home, Expekt, Imperial Casino, Monte-Carlo Casino…

• Through our brands, Betclic Everest Group places expertise,technological know-how and security at the heart of ourstrategy to deliver an on-line gaming offer attuned to thepassion of our players. We want our brands to be easy to usefor every gamer around the world. We’re building ourcompany to make that happen.

• Active in 100 countries with more than 12 million customersworldwide, the Group is committed to promoting secure andresponsible gaming and is a member of several internationalprofessional associations including the EGBA (EuropeanGaming and Betting Association) and the ESSA (EuropeanSports Security Association).

We want our Sports betting, Poker, Horse racing andCasino & Games brands to be easy to use for everygamer around the world. Code with us to make thathappen.

Look at all the challenges we offer HERE

Check our Employer Page

Follow us on LinkedIn

WE’RE HIRING !