Upload File

social single sign-on with openid connect

14
Social Single Sign-On with OpenID Connect James Melville Technical Architect @jamesmelv

Upload: james-melville

Post on 19-Jun-2015

137 views

Category:

Technology


2 download

Report

Tags:

DESCRIPTION

Presentation from Dreamforce14 on using OpenID Connect with Google as the provider.

TRANSCRIPT

Page 1: Social Single Sign-On with OpenID Connect

Social Single Sign-On with OpenID ConnectJames Melville

Technical Architect

@jamesmelv

Page 2: Social Single Sign-On with OpenID Connect

James MelvilleTechnical Architect

Page 3: Social Single Sign-On with OpenID Connect

What is Social Single Sign On?

• Ability to authenticate using social profiles

Page 4: Social Single Sign-On with OpenID Connect

What is OpenID Connect?

• Identity Protocol built on OAuth 2.0

• Verify a user’s identity using authentication by another server

• Standard for sharing profile information

• Finalised February 2014

• Large backers:

Page 5: Social Single Sign-On with OpenID Connect

What can I do with Salesforce & OpenID Connect?

• Provide users with a form of Single Sign On

• Allow users to login to Salesforce using other credentials– Internal Users– Community Users

• Use a variety of providers to authenticate users:– Google– Microsoft– Paypal– Ping Identity

Page 6: Social Single Sign-On with OpenID Connect

User Benefits Business Benefits

Fewer usernames and passwords to remember Automate or Simplify User Creation

Quicker Login Reliable Source of User Details

Reduced registration effort Reduce helpdesk interactions

Why Use OpenID Connect?

Page 7: Social Single Sign-On with OpenID Connect

How do I set this up with Salesforce?Using Google as the Identity Provider

• Register as an OAuth client with Google– https://code.google.com/apis/console

• Configure “Auth. Provider” in Salesforce– Setup -> Security Controls -> Auth Provider

• Define the logic for user management

• Use Auth Provider in My Domain / Community

https://code.google.com/apis/console
https://code.google.com/apis/console
Page 8: Social Single Sign-On with OpenID Connect

How do I manage identities between systems?Implement a Registration Handler

• Define the logic to be executed when a user logs in– Create a registration hander in Apex– Use the profile information from the provider

• Unrecognised OpenID Connect profile– Match to an existing Salesforce user– Create a new user

• Previously logged in profile– Update profile information

Page 9: Social Single Sign-On with OpenID Connect

Login Demo

Page 10: Social Single Sign-On with OpenID Connect

What Else?• OpenID Connect is built on OAuth 2.0

• OpenID Connect Identity + OAuth 2.0 Authorisation = API Access

• Now use the Authorisation to access Resources

• Define access using Scope, as per OAuth 2.0

• Use APIs from the Identity Provider

Page 11: Social Single Sign-On with OpenID Connect

API Integration Demo

Page 12: Social Single Sign-On with OpenID Connect

Useful URLs• Google API Console:

https://code.google.com/apis/console

• Google API Documentation:

https://developers.google.com/drive/

• Apex Auth Docs:

http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_namespace_Auth.htm

• Demo Repository:

https://github.com/jamesmelville/OpenIdConnectDemo

https://code.google.com/apis/console
https://code.google.com/apis/console
https://developers.google.com/drive/
https://developers.google.com/drive/
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_namespace_Auth.htm
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_namespace_Auth.htm
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_namespace_Auth.htm
https://github.com/jamesmelville/OpenIdConnectDemo
https://github.com/jamesmelville/OpenIdConnectDemo
Page 13: Social Single Sign-On with OpenID Connect

Features I’d like to see

• Ability to dynamically extend Scopes

• Inspect scopes already claimed

• Ability to create / update user credentials store

Page 14: Social Single Sign-On with OpenID Connect

OpenID Connect as a Security Service in Cloud-based ... · RESTful is an ideal technology for provisioning both mobile services and cloud computing. OpenID Connect, combining OpenID

OpenID Connect Conformance Profiles v3 · 1 OpenID Connect Conformance Profiles v3.0 OpenID Connect Working Group, OpenID Foundation June 28, 2018 1. Introduction This document defines

OAuth and OpenID Connect for Microservices

OpenID Connect Federation

OpenID Connect Working Group and OpenID Certification€¦ · OpenID Connect Working Group and OpenID Certification May 21, 2020 Michael B. Jones Identity Standards Architect –Microsoft

Securing your APIs with OAuth, OpenID, and OpenID Connect

OAuth 2.0 e OpenID Connect

OpenID Connect Update

The OpenID Connect Protocol

OpenID Connect Explained

OpenID Connect: An Overview

OpenID Connect Update and Discussion

Introduction to OpenID Connect - self-issuedIntroduction to OpenID Connect October 20, 2020 Michael B. Jones Identity Standards Architect –Microsoft

OpenID Connect - TERENAOpenID Connect OpenID Connect is an identity framework that provides authentication, authorization, and attribute transmission capability. tisdag 8 november

OpenID vs Facebook Connect vs FriendConnect

Introduction to OpenID Connect

OAuth 2.0 & OpenID Connect #MA7

OAuth 2.0 and OpenId Connect

SoK: Single Sign-On Security – An Evaluation of OpenID Connect · SoK: Single Sign-On Security – An Evaluation of OpenID Connect Christian Mainka, Vladislav Mladenov and Jörg

OpenID Connect 1.0 Profile… · 2019-04-09 · The OpenID Connect 1.0 standard itself is built on top of the OAuth 2.0 standard. This OpenID Connect 1.0 profile is consistent with

[MS-OIDCE-Diff]: OpenID Connect 1.0 Protocol Extensions... · 2017-06-12 · The OpenID Connect 1.0 Protocol Extensions specify extensions to [OIDCCore] (OpenID Connect Core 1.0)

OpenID Connect Update · 2013-03-13 · OpenID Connect Update December 1, 2011 Mike Jones Identity Standards Architect – Microsoft. Working Together OIDCOpenID Connect. Presentation

OpenID Connect - Nat Sakimura at OpenID TechNight #7

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAuth 2.0

O-Auth 2.0, OpenId Connect 1.0, Single Sign-On Subhojeet ...cs556dl/lecture-notes/AdvancedAuth...O-Auth 2.0, OpenId Connect 1.0 and Single Sign On are some web-based authentication

Oauth2 & OpenID Connect

OpenID Connect in the R&E World - meetings.internet2.edu · [ 2] OpenID Connect in the R&E World: What is the State of Play? •A strong and rising interest for using OpenID Connect

OpenID Connect Explained - Paris jug · OpenID Connect is good for consumer apps social apps enterprise apps mobile apps

Oauth2 et OpenID Connect

OAuth 2.0 und OpenId Connect

SoK: Single Sign-On Security – An Evaluation of …...2017/01/30  · OpenID Connect is the OAuth 2.0-based replacement for OpenID 2.0 (OpenID) and one of the most important Single

CIS13: Introduction to OpenID Connect

Draft: OpenID Connect Core 1.0 - draft 14self-issued.info/docs/openid-connect-core-1_0-14.docx · Web viewOpenID Connect Core 1.0 - draft 14 Abstract OpenID Connect 1.0 is a simple

OpenID Connect & OAuth - Demystifying Cloud Identity

FHNW OpenID Connect pilot SAML2 OpenID Connect OAuth2