SlideShare une entreprise Scribd logo

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CloudIDSummit
CloudIDSummit

In the past Enterprise Mobility Management (EMM) has focused primarily on MDM, MAM and MCM. Recently there has been a lot of focus on the fourth pillar of EMM - Mobile Identity Management (MIM). This session will cover the primary use cases and discuss current solutions available for managed/un-managed, internal/public and mobile/web apps for iOS/Android devices.

Technologie
1  sur  29
Télécharger pour lire hors ligne
© 2014 VMware Inc. All rights reserved. SSO for Mobile and Web Apps Ashish Jain @itickr CIS 2015
What we will cover in this Session ? 2 1 Why is this important ? 2 What’s the current experience? 3 What’s the desired experience ? What are my options ? What’s the challenge ? Q & A 4 5 6
Why is this important?
What’s the current experience ?
Mobile App •  Click on Mobile App •  Enter server and user information. Tenant discovery happens. •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access Web App •  Open Mobile Safari •  Enter web url – e.g. https:// www.salesforce.com •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access. 10
Mobile App •  Start VPN app •  Start SecurID App. •  Enter SecurID pin. •  Enter SecurID passcode on VPN app •  Click on Mobile App •  Enter server and user information. Tenant discovery happens. •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access Web App •  Start VPN app •  Start SecurID App. •  Enter SecurID pin. •  Enter SecurID passcode on VPN app •  Open Mobile Safari •  Enter web url – e.g. https:// www.salesforce.com •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access. 11
What’s the desired experience ?
What’s the challenge?
Mobile SSO flow 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP authenticates via AD 5.  IdP sends SAML back to App Server 6.  App Server sends AT back to App 7.  App uses AT to access 1 Mobile App Web View 2 3 4 5 IdP AD 6 7 App Server OAuth AS SAML OAuth
Mobile SSO flow 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP authenticates via AD 5.  IdP sends SAML back to App Server 6.  App Server sends AT back to App 7.  App uses AT to access Mobile App Web View 2 3 4 5 IdP AD 6 7 Mobile App OAuth AS App ServerSAML OAuth 1
Mobile SSO flow 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP authenticates via AD 5.  IdP sends SAML back to App Server 6.  App Server sends AT back to App 7.  App uses AT to access Mobile App Web View 2 3 4 5 IdP AD 6 7 Mobile App OAuth AS App Server Challenges •  Authentication per mobile app •  No validation of access token •  No clean up of cached / offline data OAuth SAML 1
What are my options ?
Use System browser Enroll your device JavaScript trickery Windows 10 NAPPS Use Vendor SDK
1 Mobile App 2 3 4 5 IdP AD 6 7 App Server OAuth AS Use System browser System browser 8 1.  User access Mobile App 2.  App opens system browser 3.  App connects to server 4.  Redirects to IdP 5.  IdP authenticates via AD 6.  IdP sends SAML back to App Server 7.  App Server sends AT back to App 8.  App uses AT to access
1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP sends 401 negotiate 5.  iOS intercepts 6.  On-demand VPN session 7.  Sends Cert to KDC to get a ticket 8.  IdP validates Kerb ticket 9.  IdP sends SAML to App server 10. App server sends OAuth AT to App Mobile App Web View 2 3 4 5 IdP Kerb Adapter AD KDC 67 8 9 10 App Server OAuth AS Enroll your device 1
1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP caches the request 5.  IdP connects with its agent 6.  User authenticates 7.  Sends token back to IdP 8.  IdP sends SAML to App server 9.  App server sends OAuth AT to App 1 Mobile App Web View 2 3 4 5 IdP 6 7 8 App Server OAuth AS IdP Agent 9 JavaScript trickery
1.  User access Mobile App 2.  App RequestTokenAsync to Web Account Manager (WAM) 3.  WAM request token from registered Web Account Provider (WAP) 4.  WAP redirects to IdP 5.  User Authenticates 6.  IdP sends the token back to WAP 7.  WAP sends the token to WAM 8.  WAM returns RequestResult to App 9.  App can access the resource 1 Mobile App 23 4 5 IdP 6 7 8 App Server OAuth AS WAP 9 WAM Web View Windows 10
1 Mobile App 2 4 5 IdP AD 6 7 App Server OAuth AS NAPPS Token Agent 1.  User access Mobile App 2.  Mobile App requests ACDC token 3.  TA gets its own AT/RT 4.  IdP authenticates via AD 5.  TA uses AT to get ACDC for Mobile App 6.  TA passes ACDC to Mobile App 7.  Mobile App uses ACDC to get its AT 8.  App uses AT to access OAuth AS 3 8
Summary
Everything will be amazing but no one will be happy
Use System browser Enroll your device JavaScript trickery Windows 10 NAPPS Use Vendor SDK Minimal code change. Can be implemented now. No code change. Best experience. Requires MDM. Cross platform. Open Standard. Still in spec stage. No code change. Limited App support. Only works for enterprise apps. Platform specific. Not available now.
Q & A Ashish Jain @itickr

Recommandé

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
Bigger, Better Business With OAuth
Bigger, Better Business With OAuthBigger, Better Business With OAuth
Bigger, Better Business With OAuthApigee | Google Cloud
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in ActionCloudIDSummit
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API SecurityMuleSoft
 

Recommandé

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
Bigger, Better Business With OAuth
Bigger, Better Business With OAuthBigger, Better Business With OAuth
Bigger, Better Business With OAuthApigee | Google Cloud
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in ActionCloudIDSummit
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API SecurityMuleSoft
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Stormpath
 
Developing and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloudDeveloping and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloudMaarten Balliauw
 
O365Con18 - Introduction to Azure Web Applications - Eric Shupps
O365Con18 - Introduction to Azure Web Applications - Eric ShuppsO365Con18 - Introduction to Azure Web Applications - Eric Shupps
O365Con18 - Introduction to Azure Web Applications - Eric ShuppsNCCOMMS
 
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)Nordic APIs
 
Sencha Space review
Sencha Space reviewSencha Space review
Sencha Space reviewGrgur Grisogono
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM Patrick Harding
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuVasu Surabhi
 
How to Use Stormpath in angular js
How to Use Stormpath in angular jsHow to Use Stormpath in angular js
How to Use Stormpath in angular jsStormpath
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
Multi-Tenancy with Spring Boot
Multi-Tenancy with Spring Boot Multi-Tenancy with Spring Boot
Multi-Tenancy with Spring Boot Stormpath
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CAnton Staykov
 
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...Roy Kim
 
Security components in mule esb
Security components in mule esbSecurity components in mule esb
Security components in mule esbhimajareddys
 
Security in mulesoft
Security in mulesoftSecurity in mulesoft
Security in mulesoftakshay yeluru
 
Kondo-ing API Authorization
Kondo-ing API AuthorizationKondo-ing API Authorization
Kondo-ing API AuthorizationNordic APIs
 
WSO2Con EU 2016: Real-time Monitoring of API Architectures
WSO2Con EU 2016: Real-time Monitoring of API ArchitecturesWSO2Con EU 2016: Real-time Monitoring of API Architectures
WSO2Con EU 2016: Real-time Monitoring of API ArchitecturesWSO2
 
CIS14: Enterprise Identity APIs
CIS14: Enterprise Identity APIsCIS14: Enterprise Identity APIs
CIS14: Enterprise Identity APIsCloudIDSummit
 
Stormpath 101: Spring Boot + Spring Security
Stormpath 101: Spring Boot + Spring SecurityStormpath 101: Spring Boot + Spring Security
Stormpath 101: Spring Boot + Spring SecurityStormpath
 
Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Stormpath
 
AssureBridge - SSO to Many B2B Service Providers - Marketing presentation
AssureBridge - SSO to Many B2B Service Providers - Marketing presentationAssureBridge - SSO to Many B2B Service Providers - Marketing presentation
AssureBridge - SSO to Many B2B Service Providers - Marketing presentationAssureBridge
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...ForgeRock
 

Contenu connexe

Tendances

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Stormpath
 
Developing and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloudDeveloping and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloudMaarten Balliauw
 
O365Con18 - Introduction to Azure Web Applications - Eric Shupps
O365Con18 - Introduction to Azure Web Applications - Eric ShuppsO365Con18 - Introduction to Azure Web Applications - Eric Shupps
O365Con18 - Introduction to Azure Web Applications - Eric ShuppsNCCOMMS
 
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)Nordic APIs
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM Patrick Harding
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuVasu Surabhi
 
How to Use Stormpath in angular js
How to Use Stormpath in angular jsHow to Use Stormpath in angular js
How to Use Stormpath in angular jsStormpath
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
Multi-Tenancy with Spring Boot
Multi-Tenancy with Spring Boot Multi-Tenancy with Spring Boot
Multi-Tenancy with Spring Boot Stormpath
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CAnton Staykov
 
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...Roy Kim
 
Security components in mule esb
Security components in mule esbSecurity components in mule esb
Security components in mule esbhimajareddys
 
Security in mulesoft
Security in mulesoftSecurity in mulesoft
Security in mulesoftakshay yeluru
 
Kondo-ing API Authorization
Kondo-ing API AuthorizationKondo-ing API Authorization
Kondo-ing API AuthorizationNordic APIs
 
WSO2Con EU 2016: Real-time Monitoring of API Architectures
WSO2Con EU 2016: Real-time Monitoring of API ArchitecturesWSO2Con EU 2016: Real-time Monitoring of API Architectures
WSO2Con EU 2016: Real-time Monitoring of API ArchitecturesWSO2
 
CIS14: Enterprise Identity APIs
CIS14: Enterprise Identity APIsCIS14: Enterprise Identity APIs
CIS14: Enterprise Identity APIsCloudIDSummit
 
Stormpath 101: Spring Boot + Spring Security
Stormpath 101: Spring Boot + Spring SecurityStormpath 101: Spring Boot + Spring Security
Stormpath 101: Spring Boot + Spring SecurityStormpath
 
Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Stormpath
 

Tendances (20)

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Spring Boot Authentication...and More!
Spring Boot Authentication...and More!
 
Developing and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloudDeveloping and deploying Identity-enabled applications for the cloud
Developing and deploying Identity-enabled applications for the cloud
 
O365Con18 - Introduction to Azure Web Applications - Eric Shupps
O365Con18 - Introduction to Azure Web Applications - Eric ShuppsO365Con18 - Introduction to Azure Web Applications - Eric Shupps
O365Con18 - Introduction to Azure Web Applications - Eric Shupps
 
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
 
Sencha Space review
Sencha Space reviewSencha Space review
Sencha Space review
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - Vasu
 
How to Use Stormpath in angular js
How to Use Stormpath in angular jsHow to Use Stormpath in angular js
How to Use Stormpath in angular js
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
 
Multi-Tenancy with Spring Boot
Multi-Tenancy with Spring Boot Multi-Tenancy with Spring Boot
Multi-Tenancy with Spring Boot
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2C
 
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
 
Security components in mule esb
Security components in mule esbSecurity components in mule esb
Security components in mule esb
 
Security in mulesoft
Security in mulesoftSecurity in mulesoft
Security in mulesoft
 
Kondo-ing API Authorization
Kondo-ing API AuthorizationKondo-ing API Authorization
Kondo-ing API Authorization
 
WSO2Con EU 2016: Real-time Monitoring of API Architectures
WSO2Con EU 2016: Real-time Monitoring of API ArchitecturesWSO2Con EU 2016: Real-time Monitoring of API Architectures
WSO2Con EU 2016: Real-time Monitoring of API Architectures
 
CIS14: Enterprise Identity APIs
CIS14: Enterprise Identity APIsCIS14: Enterprise Identity APIs
CIS14: Enterprise Identity APIs
 
Stormpath 101: Spring Boot + Spring Security
Stormpath 101: Spring Boot + Spring SecurityStormpath 101: Spring Boot + Spring Security
Stormpath 101: Spring Boot + Spring Security
 
Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2Secure API Services in Node with Basic Auth and OAuth2
Secure API Services in Node with Basic Auth and OAuth2
 

En vedette

AssureBridge - SSO to Many B2B Service Providers - Marketing presentation
AssureBridge - SSO to Many B2B Service Providers - Marketing presentationAssureBridge - SSO to Many B2B Service Providers - Marketing presentation
AssureBridge - SSO to Many B2B Service Providers - Marketing presentationAssureBridge
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...ForgeRock
 
Engineering Cryptographic Applications: Symmetric Encryption
Engineering Cryptographic Applications: Symmetric EncryptionEngineering Cryptographic Applications: Symmetric Encryption
Engineering Cryptographic Applications: Symmetric EncryptionDavid Evans
 
A CONTEMPLATION OF OPENIG DEEP THOUGHTS
A CONTEMPLATION OF OPENIG DEEP THOUGHTSA CONTEMPLATION OF OPENIG DEEP THOUGHTS
A CONTEMPLATION OF OPENIG DEEP THOUGHTSForgeRock
 
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowWilliam Lee
 
Securing Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital IDSecuring Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital IDForgeRock
 
Webinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursWebinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursForgeRock
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An IntroductionForgeRock
 
Information Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric VanderburgInformation Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric VanderburgEric Vanderburg
 
Identity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureIdentity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureAidy Tificate
 
Cryptography and PKI
Cryptography and PKICryptography and PKI
Cryptography and PKIRabei Hassan
 
Crypto With OpenSSL
Crypto With OpenSSLCrypto With OpenSSL
Crypto With OpenSSLZhi Guan
 
CIS 2015 Mobile SSO
CIS 2015 Mobile SSOCIS 2015 Mobile SSO
CIS 2015 Mobile SSOAshish Jain
 
OpenDJ - An Introduction
OpenDJ - An IntroductionOpenDJ - An Introduction
OpenDJ - An IntroductionForgeRock
 
Enhancing System Security Using PKI
Enhancing System Security Using PKIEnhancing System Security Using PKI
Enhancing System Security Using PKIChin Wan Lim
 
Opendj - A LDAP Server for dummies
Opendj - A LDAP Server for dummiesOpendj - A LDAP Server for dummies
Opendj - A LDAP Server for dummiesClaudio Borges
 
Virtual-HSM: Virtualization of Hardware Security Modules in Linux Containers
Virtual-HSM: Virtualization of Hardware Security Modules in Linux ContainersVirtual-HSM: Virtualization of Hardware Security Modules in Linux Containers
Virtual-HSM: Virtualization of Hardware Security Modules in Linux ContainersOSLL
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in PracticeForgeRock
 
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?ForgeRock
 

En vedette (20)

AssureBridge - SSO to Many B2B Service Providers - Marketing presentation
AssureBridge - SSO to Many B2B Service Providers - Marketing presentationAssureBridge - SSO to Many B2B Service Providers - Marketing presentation
AssureBridge - SSO to Many B2B Service Providers - Marketing presentation
 
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
OpenIG Webinar: Your Swiss Army Knife for Protecting and Securing Web Apps, A...
 
Engineering Cryptographic Applications: Symmetric Encryption
Engineering Cryptographic Applications: Symmetric EncryptionEngineering Cryptographic Applications: Symmetric Encryption
Engineering Cryptographic Applications: Symmetric Encryption
 
A CONTEMPLATION OF OPENIG DEEP THOUGHTS
A CONTEMPLATION OF OPENIG DEEP THOUGHTSA CONTEMPLATION OF OPENIG DEEP THOUGHTS
A CONTEMPLATION OF OPENIG DEEP THOUGHTS
 
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call Flow
 
Securing Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital IDSecuring Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital ID
 
Webinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New FeatursWebinar: OpenAM 12.0 - New Featurs
Webinar: OpenAM 12.0 - New Featurs
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSL
 
Information Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric VanderburgInformation Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric Vanderburg
 
Identity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureIdentity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM Architecture
 
Cryptography and PKI
Cryptography and PKICryptography and PKI
Cryptography and PKI
 
Crypto With OpenSSL
Crypto With OpenSSLCrypto With OpenSSL
Crypto With OpenSSL
 
CIS 2015 Mobile SSO
CIS 2015 Mobile SSOCIS 2015 Mobile SSO
CIS 2015 Mobile SSO
 
OpenDJ - An Introduction
OpenDJ - An IntroductionOpenDJ - An Introduction
OpenDJ - An Introduction
 
Enhancing System Security Using PKI
Enhancing System Security Using PKIEnhancing System Security Using PKI
Enhancing System Security Using PKI
 
Opendj - A LDAP Server for dummies
Opendj - A LDAP Server for dummiesOpendj - A LDAP Server for dummies
Opendj - A LDAP Server for dummies
 
Virtual-HSM: Virtualization of Hardware Security Modules in Linux Containers
Virtual-HSM: Virtualization of Hardware Security Modules in Linux ContainersVirtual-HSM: Virtualization of Hardware Security Modules in Linux Containers
Virtual-HSM: Virtualization of Hardware Security Modules in Linux Containers
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in Practice
 
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
 

Similaire à CIS 2015 SSO for Mobile and Web Apps Ashish Jain

The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)Nordic APIs
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIsApigee | Google Cloud
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
 
App Indexing: Blurring the Lines Between Your Website and App
App Indexing: Blurring the Lines Between Your Website and AppApp Indexing: Blurring the Lines Between Your Website and App
App Indexing: Blurring the Lines Between Your Website and AppJuan Gomez
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCloudIDSummit
 
Using the Google SafetyNet API for Banking & Finance
Using the Google SafetyNet API for Banking & FinanceUsing the Google SafetyNet API for Banking & Finance
Using the Google SafetyNet API for Banking & FinanceHitesh Sahu
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorMifrazMurthaja
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Extensible Api Management with WSO2 API Manager
Extensible Api Management with WSO2 API ManagerExtensible Api Management with WSO2 API Manager
Extensible Api Management with WSO2 API ManagerWSO2
 
Extensible API Management
Extensible API ManagementExtensible API Management
Extensible API ManagementWSO2
 
Identity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsIdentity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsTom Freestone
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsSalesforce Developers
 
Clef security architecture
Clef security architectureClef security architecture
Clef security architecturejessepollak
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCloudIDSummit
 

Similaire à CIS 2015 SSO for Mobile and Web Apps Ashish Jain (20)

The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)The “I” in API is for Identity (Nordic APIS April 2014)
The “I” in API is for Identity (Nordic APIS April 2014)
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
 
App Indexing: Blurring the Lines Between Your Website and App
App Indexing: Blurring the Lines Between Your Website and AppApp Indexing: Blurring the Lines Between Your Website and App
App Indexing: Blurring the Lines Between Your Website and App
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
 
Using the Google SafetyNet API for Banking & Finance
Using the Google SafetyNet API for Banking & FinanceUsing the Google SafetyNet API for Banking & Finance
Using the Google SafetyNet API for Banking & Finance
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound Authenticator
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Gcm tutorial
Gcm tutorialGcm tutorial
Gcm tutorial
 
Extensible Api Management with WSO2 API Manager
Extensible Api Management with WSO2 API ManagerExtensible Api Management with WSO2 API Manager
Extensible Api Management with WSO2 API Manager
 
Extensible API Management
Extensible API ManagementExtensible API Management
Extensible API Management
 
Identity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsIdentity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation Apps
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
Authentication with OAuth and Connected Apps
Authentication with OAuth and Connected AppsAuthentication with OAuth and Connected Apps
Authentication with OAuth and Connected Apps
 
Clef security architecture
Clef security architectureClef security architecture
Clef security architecture
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Enhancing your Security APIs
Enhancing your Security APIsEnhancing your Security APIs
Enhancing your Security APIs
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David Chase
 

Plus de CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 
CIS 2015 The Ethics of Personal Data - Robin Wilton
CIS 2015 The Ethics of Personal Data - Robin WiltonCIS 2015 The Ethics of Personal Data - Robin Wilton
CIS 2015 The Ethics of Personal Data - Robin WiltonCloudIDSummit
 
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...CloudIDSummit
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCloudIDSummit
 
DIRECTORY CIS 2015 - Eric Fazendin
DIRECTORY CIS 2015 - Eric FazendinDIRECTORY CIS 2015 - Eric Fazendin
DIRECTORY CIS 2015 - Eric FazendinCloudIDSummit
 

Plus de CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 
CIS 2015 The Ethics of Personal Data - Robin Wilton
CIS 2015 The Ethics of Personal Data - Robin WiltonCIS 2015 The Ethics of Personal Data - Robin Wilton
CIS 2015 The Ethics of Personal Data - Robin Wilton
 
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
 
DIRECTORY CIS 2015 - Eric Fazendin
DIRECTORY CIS 2015 - Eric FazendinDIRECTORY CIS 2015 - Eric Fazendin
DIRECTORY CIS 2015 - Eric Fazendin
 

Dernier

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Dernier (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

  • 1. © 2014 VMware Inc. All rights reserved. SSO for Mobile and Web Apps Ashish Jain @itickr CIS 2015
  • 2. What we will cover in this Session ? 2 1 Why is this important ? 2 What’s the current experience? 3 What’s the desired experience ? What are my options ? What’s the challenge ? Q & A 4 5 6
  • 3. Why is this important?
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. What’s the current experience ?
  • 10. Mobile App •  Click on Mobile App •  Enter server and user information. Tenant discovery happens. •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access Web App •  Open Mobile Safari •  Enter web url – e.g. https:// www.salesforce.com •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access. 10
  • 11. Mobile App •  Start VPN app •  Start SecurID App. •  Enter SecurID pin. •  Enter SecurID passcode on VPN app •  Click on Mobile App •  Enter server and user information. Tenant discovery happens. •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access Web App •  Start VPN app •  Start SecurID App. •  Enter SecurID pin. •  Enter SecurID passcode on VPN app •  Open Mobile Safari •  Enter web url – e.g. https:// www.salesforce.com •  Click login. Get redirected to login screen (AD or else) •  Enter AD credentials (or local/MFA) •  You have access. 11
  • 12. What’s the desired experience ?
  • 13.
  • 14.
  • 16. Mobile SSO flow 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP authenticates via AD 5.  IdP sends SAML back to App Server 6.  App Server sends AT back to App 7.  App uses AT to access 1 Mobile App Web View 2 3 4 5 IdP AD 6 7 App Server OAuth AS SAML OAuth
  • 17. Mobile SSO flow 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP authenticates via AD 5.  IdP sends SAML back to App Server 6.  App Server sends AT back to App 7.  App uses AT to access Mobile App Web View 2 3 4 5 IdP AD 6 7 Mobile App OAuth AS App ServerSAML OAuth 1
  • 18. Mobile SSO flow 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP authenticates via AD 5.  IdP sends SAML back to App Server 6.  App Server sends AT back to App 7.  App uses AT to access Mobile App Web View 2 3 4 5 IdP AD 6 7 Mobile App OAuth AS App Server Challenges •  Authentication per mobile app •  No validation of access token •  No clean up of cached / offline data OAuth SAML 1
  • 19. What are my options ?
  • 20. Use System browser Enroll your device JavaScript trickery Windows 10 NAPPS Use Vendor SDK
  • 21. 1 Mobile App 2 3 4 5 IdP AD 6 7 App Server OAuth AS Use System browser System browser 8 1.  User access Mobile App 2.  App opens system browser 3.  App connects to server 4.  Redirects to IdP 5.  IdP authenticates via AD 6.  IdP sends SAML back to App Server 7.  App Server sends AT back to App 8.  App uses AT to access
  • 22. 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP sends 401 negotiate 5.  iOS intercepts 6.  On-demand VPN session 7.  Sends Cert to KDC to get a ticket 8.  IdP validates Kerb ticket 9.  IdP sends SAML to App server 10. App server sends OAuth AT to App Mobile App Web View 2 3 4 5 IdP Kerb Adapter AD KDC 67 8 9 10 App Server OAuth AS Enroll your device 1
  • 23. 1.  User access Mobile App 2.  App connects to server 3.  Redirects to IdP 4.  IdP caches the request 5.  IdP connects with its agent 6.  User authenticates 7.  Sends token back to IdP 8.  IdP sends SAML to App server 9.  App server sends OAuth AT to App 1 Mobile App Web View 2 3 4 5 IdP 6 7 8 App Server OAuth AS IdP Agent 9 JavaScript trickery
  • 24. 1.  User access Mobile App 2.  App RequestTokenAsync to Web Account Manager (WAM) 3.  WAM request token from registered Web Account Provider (WAP) 4.  WAP redirects to IdP 5.  User Authenticates 6.  IdP sends the token back to WAP 7.  WAP sends the token to WAM 8.  WAM returns RequestResult to App 9.  App can access the resource 1 Mobile App 23 4 5 IdP 6 7 8 App Server OAuth AS WAP 9 WAM Web View Windows 10
  • 25. 1 Mobile App 2 4 5 IdP AD 6 7 App Server OAuth AS NAPPS Token Agent 1.  User access Mobile App 2.  Mobile App requests ACDC token 3.  TA gets its own AT/RT 4.  IdP authenticates via AD 5.  TA uses AT to get ACDC for Mobile App 6.  TA passes ACDC to Mobile App 7.  Mobile App uses ACDC to get its AT 8.  App uses AT to access OAuth AS 3 8
  • 27. Everything will be amazing but no one will be happy
  • 28. Use System browser Enroll your device JavaScript trickery Windows 10 NAPPS Use Vendor SDK Minimal code change. Can be implemented now. No code change. Best experience. Requires MDM. Cross platform. Open Standard. Still in spec stage. No code change. Limited App support. Only works for enterprise apps. Platform specific. Not available now.
  • 29. Q & A Ashish Jain @itickr