mobile user authentication with on-premise ldap server ... · user maps ionic application sdk...
TRANSCRIPT
Mobile User Authentication with
On-Premise LDAP Server / Social Login using IBM Mobile Foundation
‘My Ward’ – what is the app about
Services used
IBM Mobile Foundation V8
Business Teams
Development
IT Operations
TeamsMobile
Projects
Offline Sync with on
Device data
Rich Push notification
Manage Feature Release using Live
Update
AI Model Distribution
Adapters for Cognitive services
MobileAnalytics with
Crash and Alert
App LifecycleManagement
Backend logic and enterprise integration
Adapter auto generation for any
Backend REST and Cloud
Functions APIs
{API}
Mobile optimized REST APIs
Comprehensive Security
Mobile Foundation Dev and Admin CLIs
Starter Projects, Ready Apps,
Samples
Flexible Hosting Choice
Digital App Builder
SDKs
MF Client SDKs
App lifecycle, crash analytics, security, push,
app authenticity events
/api
Om
ni-c
hann
el A
PI E
nd p
oint
s
Secured Mobile App Backend
§ App Authenticity§ App Checksum
§ Device whitelist/blacklist
§ Certificate pinning checks
§ Version enforce§ Authorization
Server
REST APIs
§ REST annotated Java
§ Javascript§ Define scopes
and policies§ Auto-Gen
framework
Adapters
• HTTP• Cloudant• Cognitive
services• Cognitive NLU &
Conversation• Open Whisk
Rules
Push Analytics Offline Sync
Console Direct & LiveUpdate
Platform Services
On-premServers
App DistributionTooling• Rich CLI • RMAD*
• Standalone server• Samples, SDKs
PLAN DEV BUILD TEST DEPLOY PROD
Mobile Foundation V8
onCloud
Backend
API G
atew
ay (M
icro
serv
ice
laye
r)
/api
Web Server to host Web artifacts
/api
/api
IBM Mobile Foundation Architecture
CI/CD DevOps
Base pattern – Hybrid mobile app with cloud native backend
Code - https://github.com/IBM/Ionic-Mobile Foundation-App/
Mobile User Authentication pattern – built on base pattern
Components setup
1. Create Cloudant database and populate it with sample data
2. Create IBM Cloud Object Storage service and populate it with sample data
3. Setup LDAP server and Secure Gateway Client
4. Register Android App with Google and Facebook for Social Login
Architecture flow diagram
User
Maps
Ionic application
SDK
Sign-in service
MOBILEFOUNDATION
OBJECTSTORAGE
CLOUDANT
Provider Cloud
Resource
Adapter
2
Social Login
security check
Mobile FoundationSDK
1
facebooklogin()
this.fb.login(['public_profile', 'user_friends', 'email']).then(res => {if(res.status === "connected") { ….var accessToken = res.authResponse.accessToken; …
3
User
Maps
Ionic application
SDK
Sign-in service
MOBILEFOUNDATION
OBJECTSTORAGE
CLOUDANT
Provider Cloud
Resource
Adapter
4
Social Login
security check
Mobile FoundationSDK
WLAuthorizationManager.login(this.securityCheckNameSocial, credentials)
User
Maps
Ionic application
SDK
Sign-in service
MOBILEFOUNDATION
OBJECTSTORAGE
CLOUDANT
Provider Cloud
Resource
Adapter
5
Social Login
security check
Mobile FoundationSDK
Validate the accesstokenHTTPS GET https://graph.facebook.com/
User
Maps
Ionic application
SDK
Sign-in service
MOBILEFOUNDATION
OBJECTSTORAGE
CLOUDANT
Provider Cloud
Resource
Adapter
6
Social Login
security check
Mobile FoundationSDK
Receive the authenticated user information from the securitycheck
User
Maps
Ionic application
SDK
Sign-in service
MOBILEFOUNDATION
OBJECTSTORAGE
CLOUDANT
Provider Cloud
Resource
Adapter
7
Social Login
security check
Mobile FoundationSDK
@GET@OAuthSecurity(scope = "socialLogin")@Path("/socialLogin")@Produces("application/json")public Response getAllEntries_sl() throws Exception {
… }
User
Maps
Ionic application
SDK
Sign-in service
MOBILEFOUNDATION
OBJECTSTORAGE
CLOUDANT
Provider Cloud
Resource
Adapter
8
Social Login
security check
Mobile FoundationSDK
@GET@OAuthSecurity(scope = "socialLogin")@Path("/socialLogin/objectStorage")@Produces("application/json")public Response getObjectStorageAccess_sl() throws Exception { … }
User
Maps
Ionic application
SDK
Sign-in service
MOBILEFOUNDATION
OBJECTSTORAGE
CLOUDANT
Provider Cloud
Resource
Adapter
9
Mobile FoundationSDK
Mobile app initializes image-caching plugin Uses the authorization token to fetch the images from Object storage. Mobile app displays the data obtained from MFP adapter as a list of items. The image caching plugin running on the mobile app downloads and caches images from Cloud Object Storage.
10
Social Login
security check
User
Maps
Ionic application
SDK
Sign-in service
MOBILEFOUNDATION
OBJECTSTORAGE
CLOUDANT
Provider Cloud
Resource
Adapter
Social Login
security check
2
3
4
5
678
9
10Mobile Foundation
SDK
User
Maps
Ionic application
Mobile FoundationSDK
MOBILEFOUNDATION
OBJECTSTORAGE
CLOUDANT
Provider Cloud
LDAP security
check
Resource
Adapter
1
Customer Data center
SECURE GATEWAY
Secure Gateway
Client
Enterprise LDAP Server
2
4
3
5 67
8
login()
WLAuthorizationManager.login(this.securityCheckName, {'username':username, 'password':password})
<property name="ldapURL" defaultValue="ldap://caplons.integration.ibmcloud.com:11111" displayName="The LDAP Server URL"/>
1. DevOps with Mobile Foundation2. In App Feedback for obtaining direct feedback from end users3. PWA Support4. React Native SDK5. Security Capabilities6. Offline Sync7. Low code App Development
• Other Useful Linksv Industry Ready Appsv Mobile Blogsv Dev Centerv Stack Overflowv Slackv Get Help
Resources - Links
1. Develop a hybrid mobile app with a cloud-native back endhttps://developer.ibm.com/patterns/develop-hybrid-mobile-app-with-cloud-native-back-end/https://github.com/IBM/Ionic-MFP-App/
2. Secure mobile offline synchronizationhttps://developer.ibm.com/patterns/secure-offline-synchronization-ibm-mobile-foundation/https://github.com/IBM/MFP-JSONStore-OfflineSync
3. Mobile User Authentication with On-premise LDAP Server/Social Login using Mobile Foundationhttps://developer.ibm.com/patterns/implementing-mobile-user-authentication
https://github.com/IBM/MFP-Auth-LDAP/
4. Tag-based push notifications using IBM Mobile Foundationhttps://github.com/IBM/tag-based-push-notifications
Resources – Code Patterns