single sign on with oauth and openid
DESCRIPTION
CEOS WGISS 36 - Frascati, Italy - 2013.09.19 Single Sign On with OAuth and OpenID used for Kalideos project and to be used within the French Land Surface Thematic CenterTRANSCRIPT
Jérôme Gasperi
Single Sign On with OAuth and OpenID
WGISS-36ESA/ESRIN - Frascati, Italy - September 19th, 2013
OpenID is an open standard for authentication. Model is based on confidence links between Service Providers and Authentication Providers (i.e. OpenID providers) to achieve Single Sign On authentication
OAuth is an open standard for authorization.It provides a method for clients to access server resources on behalf of a resource owner
OAuth is an open standard for authorization.It provides a method for clients to access server resources on behalf of a resource owner
etc...
ExperimentFilter access to Kalideos (i.e. SPOT) data through a secured WMS server using OpenID Connect (i.e. OpenID over OAuth)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
3. Authentication with OAuth(OpenID Connect)
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
3. Authentication with OAuth(OpenID Connect)
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
3. Authentication with OAuth(OpenID Connect)
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
Kalideos Server
Identity Server
LDAP
WMS Server
1. Ask for authentication
2. Redirect to Identity Server
5. Send OAuth token
6. Get user informationusing OAuth token
10. Return user information
9. Send OAuth token forvalidation and get userinformation
7. Return user information
4. Return OAuth token
8. Send OAuth token
14. Ask for WMS feed
15. Return WMS feed
11. Ask for user rights
12. Get user rights
13. Create user session
3. Authentication with OAuth(OpenID Connect)
OpenID Connect planned to be used in Theia (i.e. French Land Surface Thematic Center)