pre-con ed: how to provide mobile users with a convenient, yet secure, session sharing experience...
TRANSCRIPT
Provide Mobile User Session Sharing Through OAuth and SAMLSascha Preibisch – Principal Software Architect – CA Technologies
DO3X50E
DEVOPS
5 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
For Informational Purposes Only Terms of this Presentation
© 2016 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.
The content provided in this CA World 2016 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.
6 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Abstract
Users of mobile apps like to login to an app once and not get asked for credentials again. In the case of an enterprise that has integrations with third-party web applications it may be difficult to re-use the user session the native app is maintaining.
In this workshop we will show how to leverage the CA Mobile API Gateway features to forward the user session using OAuth and SAML.
Sascha PreibischCA TechnologiesPrincipal Software Architect
7 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Agenda
WHAT IS THE SCENARIO
WHAT ARE THE CHALLENGES
WHAT IS CA MOBILE API GATEWAY
SWITCHING FROM NATIVE APP TO WEB APPLICATION
1
2
3
4
8 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
What Is The ScenarioComponents that are involved
API Gateway
Backend
DB
Third-PartyWeb
ApplicationFederated Token Server
(SAML)
Native App
Browser
Internet
DMZ
IDP
Device
9 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Third-PartyWeb
Application
API Gateway
Backend
DB
Federated Token Server(SAML)
Native App
Browser
Internet
DMZ
IDP
Device
What Are The Challenges
User session
owns
10 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Backend
DB
Federated Token Server(SAML)
DMZ
IDP
Device
What Is CA Mobile API GatewayIt is the component that connects it all
DMZ
Native App
Browser
InternetCA
Mobile API Gateway
Third-PartyWeb
Application
11 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Device
Switching From Native App To Web ApplicationFrom OAuth to SAML
DMZ
OAuth
SwitchContext
Validate OAuth session
Request SAMLToken
WebSSO
Native App
Browser
Federated Token Server(SAML)
InternetCA
Mobile API Gateway
Third-PartyWeb
Application
12 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Recommended Sessions
SESSION # TITLE DATE/TIME
DO3T80SCase Study: Centrica – How CA APIM is enabling Britain’s largest energy provider to know their customer before they open the door
11/16/2016 at 03:00 pm
DO3T05SCase Study: LG&E/KU - How Mobile Apps, APIs With Microservices and CA API Management are Helping to Shape the Company’s Future
11/16/2016 at 03:45 pm
DO3T02S Case Study: Adobe - Securing, managing and deploying enterprise mobile apps 11/17/2016 at 1:00 pm
13 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Questions?
14 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Stay connected at communities.ca.com
Thank you.