Upload File

pre-con ed: how to provide mobile users with a convenient, yet secure, session sharing experience...

  • Home
  • Technology
  • Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Session Sharing Experience Through OAuth and SAML
11
Provide Mobile User Session Sharing Through OAuth and SAML Sascha Preibisch – Principal Software Architect – CA Technologies DO3X50E DEVOPS

Upload: ca-technologies

Post on 10-Jan-2017

85 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Session Sharing Experience Through OAuth and SAML

Provide Mobile User Session Sharing Through OAuth and SAMLSascha Preibisch – Principal Software Architect – CA Technologies

DO3X50E

DEVOPS

Page 2: Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Session Sharing Experience Through OAuth and SAML

5 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

For Informational Purposes Only Terms of this Presentation

© 2016 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.

The content provided in this CA World 2016 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.

Page 3: Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Session Sharing Experience Through OAuth and SAML

6 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Abstract

Users of mobile apps like to login to an app once and not get asked for credentials again. In the case of an enterprise that has integrations with third-party web applications it may be difficult to re-use the user session the native app is maintaining.

In this workshop we will show how to leverage the CA Mobile API Gateway features to forward the user session using OAuth and SAML.

Sascha PreibischCA TechnologiesPrincipal Software Architect

Page 4: Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Session Sharing Experience Through OAuth and SAML

7 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Agenda

WHAT IS THE SCENARIO

WHAT ARE THE CHALLENGES

WHAT IS CA MOBILE API GATEWAY

SWITCHING FROM NATIVE APP TO WEB APPLICATION

1

2

3

4

Page 5: Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Session Sharing Experience Through OAuth and SAML

8 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

What Is The ScenarioComponents that are involved

API Gateway

Backend

DB

Third-PartyWeb

ApplicationFederated Token Server

(SAML)

Native App

Browser

Internet

DMZ

IDP

Device

Page 6: Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Session Sharing Experience Through OAuth and SAML

9 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Third-PartyWeb

Application

API Gateway

Backend

DB

Federated Token Server(SAML)

Native App

Browser

Internet

DMZ

IDP

Device

What Are The Challenges

User session

owns

Page 7: Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Session Sharing Experience Through OAuth and SAML

10 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Backend

DB

Federated Token Server(SAML)

DMZ

IDP

Device

What Is CA Mobile API GatewayIt is the component that connects it all

DMZ

Native App

Browser

InternetCA

Mobile API Gateway

Third-PartyWeb

Application

Page 8: Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Session Sharing Experience Through OAuth and SAML

11 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Device

Switching From Native App To Web ApplicationFrom OAuth to SAML

DMZ

OAuth

SwitchContext

Validate OAuth session

Request SAMLToken

WebSSO

Native App

Browser

Federated Token Server(SAML)

InternetCA

Mobile API Gateway

Third-PartyWeb

Application

Page 9: Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Session Sharing Experience Through OAuth and SAML

12 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Recommended Sessions

SESSION # TITLE DATE/TIME

DO3T80SCase Study: Centrica – How CA APIM is enabling Britain’s largest energy provider to know their customer before they open the door

11/16/2016 at 03:00 pm

DO3T05SCase Study: LG&E/KU - How Mobile Apps, APIs With Microservices and CA API Management are Helping to Shape the Company’s Future

11/16/2016 at 03:45 pm

DO3T02S Case Study: Adobe - Securing, managing and deploying enterprise mobile apps 11/17/2016 at 1:00 pm

Page 10: Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Session Sharing Experience Through OAuth and SAML

13 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Questions?

Page 11: Pre-Con Ed: How to Provide Mobile Users With a Convenient, Yet Secure, Session Sharing Experience Through OAuth and SAML

14 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Stay connected at communities.ca.com

Thank you.


A Standards-based Mobile Application IdM Architecture · PDF fileA Standards-based Mobile Application IdM Architecture ... with the help of both SAML and OAuth, ... A Standards-based

Delegation of Access Control · •Technologies - OAuth - Kerberos delegation - SAML Condition for Delegation Restriction - XACML 2.0 Intermediary Subject Category - XACML 3.0 per/request

Secure and Usable Mobile Identity Management SolutionsIdM Protocols: Desktop vs Mobile 20 SAML 2.0 - SSO Profile: consolidated, corporate & governmental environments OAuth 2.0 & OpenID

saml-metadata-2.0-os.pdf - OASISdocs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf · 2 Metadata for SAML V2.0 SAML metadata is organized around an extensible collection

SAML & SAML Federations

The Essential OAuth Primer: Understanding OAuth …docs.media.bitpipe.com/.../item_426600/The-Essentials-of-OAuth.pdfThe Essential OAuth Primer: Understanding OAuth for Securing Cloud

SAML - cs.auckland.ac.nz€¦ · SAML Components PROFILES (How SAML protocols, bindings and/or assertions combined to support a defined use case) BINDINGS (How SAML protocols map

Web viewWill the solution use Security Assertion Markup Language (SAML) methods for authentication? Is OAuth 2 supported?

Mastering OAuth 2 - Adobe Inc.€¦ · leveraging the OAuth 2.0 Authorization Framework Mastering OAuth 2.0 Charles Bihis Mastering OAuth 2.0 OAuth 2.0 is a powerful authorization

A Practical Guide to ArcGIS Online Security · 2019-04-15 · • Integrating your apps with OAuth 2.0 ... Enterprise Account • Use your own identity provider-SAML 2.0-ADFS-NetIQ

LASCON 2017: SAML v. OpenID v. Oauth

Bindings for SAML 2.0 - OASISdocs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf · 1 Introduction This document specifies SAML protocol bindings for the use of SAML assertions

Working with Personal Health Devices in FHIR...2018/06/19  · Security: SAML 2.0 + TLS Phase 1 (HL7 V2) Payload: PCD- 01 Transport: hData (HTTP) Security: OAuth 2.0 + TLS Payload:

A Practical Guide to ArcGIS Online Security · •Integrating your apps with OAuth 2.0 ... Enterprise Identities •Use your own identity provider-SAML 2.0-ADFS-NetIQ Access Manager-Shibboleth-

OAUTH 2 UND OPENID CONNECT SECURING MICROSERVICES … · OAUTH 2.0 101 RFC 6749: The OAuth 2.0 A uthorization Frame work RFC 6750: OAuth 2.0 Bearer Token Usage RFC 6819: OAuth 2.0

SAML, OAUTH, and Session sharing in Domino 9 - …engage.ug/.../Engage2014_Understanding_SAML_OAUTH_SessionSharing.pdfSAML, OAUTH, and Session sharing in Domino 9 Andrew Pollack Northern

Identity Workshopinnovbfa.viabloga.com/files//Cloud_Identity_Summit... · OAuth 2.0 OAuth 1 + OAuth-WRAP + IETF = OAuth 2.0 Expanded participation with other major vendors such as

1 Presented by: OAuth, OpenID, SAML Making Sense of the Alphabet Soup for Cloud Identities Vikas Jain, Director, Product Management Application Security

CV Anant Raut (2017 11 16 00 21 40 UTC) · In-memory Datastore: Memcached Enterprise Search (Full text / Faceted): Apache Solr Authentication System : CAS, SSO, SAML, OAuth, Queue:

Advanced Authentication - Administration...Supports ADFS 3 and 4, OAuth 2.0, and SAML 2.0: Advanced Authentication integrates with Active Directory Federation Services, OAuth 2.0,

Chapter 4 SAML application scripting - Centrify 4 SAML application scripting ... For an introduction to SAML, try the overviews provided at saml-introduction

SAML, OAUTH, and Session sharing in Domino 9 · SAML, OAUTH, and Session sharing in Domino 9 Andrew Pollack ... or older technology Does not prevent the data from being visible Open

SAML vs OAuth 2.0 vs OpenID Connect

IdP, SAML, OAuth

Privileged Identity Supported Systems and Platforms · SupportedProviders OKTASAML OneLogin(SAML) PingOne(SAML) SalesForce(OAuth) SAML(anySAMLcompliantvendor) Multi-FactorProviders

Meraki SAML Authentication - Home | MCNC · Objectives ! What is SAML? ! Benefits of SAML authentication ! Enabling SSO for WiFi logins ! Enabling SAML for Meraki Dashboard Authentication

Saml vs Oauth : Which one should I use?

Entendiendo oAuth

Oracle Access Management OAuth Service€¦ · OAuth 2.0 authorization server and also offers several compelling differentiations to enable the OAuth 2.0 Client and the OAuth 2.0

Thomas Darimont - javaland.eu · • Uses OAuth 2.0 tokens + IDToken to encode Identity • Tokens are encoded as JSON Web Tokens (JWT) • Requires secure channel HTTPS/TLS • SAML

Securing Digital Identities in the Cloud by Selecting an ...€¦ · Securing Digital Identities in the Cloud by Selecting an Apposite Federated Identity Management from SAML, OAuth

Security Assertion Markup Language (SAML) V2.0 …docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech...1 Introduction The Security Assertion Markup Language (SAML) standard defines

H. Tschofenig OAuth 2.0 Security: OAuth Open Redirector · OAuth 2.0 Security: OAuth Open Redirector draft-bradley-oauth-open-redirector-02.txt Abstract This document gives additional

PingFederate - EB2BCOM · SAML (1.0, 1.1, AND 2.0), WS-Trust, WS-Federation, OAuth and OpenID. These standards are the foundational protocols for the secure use of multiple enterprise

FROM A PROPOSAL TO HAPPY MARRIAGE...OpenID Connect 2005 SAML 2.0 SAML 1.1 Liberty Alliance ID-FF 2003 2015 Mobile Connect 2012 OAuth 2.0 2007 OAuth 1.0 OpenID 2.0 2008 OpenID 1.0 1999