2. $ whoami
Tony Ngan (tngan)
Currently MSc(CompSc) student @HKU
Graduated @CUHK IE
Worked as software engineer for 2
years
Embrace open source projects
Love coding
#NodeJS #ES6 #JavaScript #CSharp #ReactJS
#Redux #Flux #MongoDB #SQL #SAML2 #HTML
#Webpack #MVC #Gulp #JQuery #C #Rails
#GraphQL #SSO #Git #SVN
@Siaoyoukeng, Taipei 2015
3. Agenda
A dummy guide to Single Sign On
- Introduction
- Implementation
Overview of express-saml2
- Introduction
- Short Demo (You guys always love it)
- What is the next ?
Mobile implementation using OAuth (Ronghai)
4. SSO, huh !?
Single sign-on (SSO) is a property of access control of
multiple related, but independent software systems.
(Wikipedia)
5. SSO, huh !?
Let’s imagine …
Difficult to manage their account/password
7. Special Use Case
Used to manage access control
Only manager-level users can login to the internal systems, but we
want to give limited privilege to some employees to use the internal
systems, how can we do it ?
8. Special Use Case
Used to manage access control
An account is created in the Identity Provider for each employee. They
can only login via SSO as a SSO user to get access right in the system.
9. How to implement ?
SAML
Based on XML assertion
Adopted widely in Web based applications
Open-ID Connect
Based on OAuth token
Applied in mobile applications
21. Step 5
Finally Service Provider prepares a session
for user and logged into the application
22. More security options
- Signature is used in request and response to achieve
non-repudiation
- Set expired date in SAML response
- Encryption of sensitive information in SAML response
- Request is paired up with Response
- HTTPS connection to provide transport layer encryption
- Data integrity
23. express-saml2
This module provides high-level API for scalable Single Sign On
(SSO) implementation. Developers can easily configure the
Service Providers and Identity Providers by importing the
corresponding metadata. SAML2.0 provides a standard guide
but leaves a lot of options, so we provide a simple interface
that's highly configurable.
24. metadata ?
Metadata is a XML document which specifies entity
preference. For example:
- Endpoint of single sign on
- Expect request/response with a signature
- Support bindings of request/response (GET/POST)
- X.509 Certificate used for signature and verification
… etc
25. Why I build it ?
- Takes me about 2-3 weeks to release the first version
- Developers needs more and more concrete examples
- Flatten the learning curve of SAML standard
- Log the work I’ve done before
- Build an enterprise-level module
- Standardize the coding using same terminology
- Code for FUN !
26. Abstractions and Design
Abstracted Service Provider and Identity Provider
- Common actions are described in Entity.js
e.g. Parse/Export metadata, actions for logout
Abstracted SP Metadata and IdP Metadata
- Common methods are described in Metadata.js
e.g. Get certificate, endpoint for login/logout
27. Abstractions and Design
Other files:
RedirectBinding.js
:: Declare the functions using Redirect
binding
PostBinding.js
:: Declare the functions using Post binding
urn.js
:: Includes all keywords needed
SamlLib.js / Utility.js
:: Library for some common functions
30. next( );
- More use cases and examples
- More testing cases (mocha)
- Support more signature algorithms
- A new branch is created to write in ES6 syntax
- Separate out the high-level XML attribute extractor
- Continuous code refactoring
- Reduce dependencies
Feel free to fork and contribute !
31. Thank You !
This PowerPoint will be uploaded to slideshare later on
Thanks Open Source
#Atom #Roboto #icon8/flat-color-icons #express-saml2