SlideShare une entreprise Scribd logo
1  sur  53
Building an SSO platform
         Ivo Jansch (@ijansch) - Egeniq
         March 31, 2011 - Zend Webinar


Thursday, March 31, 2011
About Egeniq
               Startup
               Mobile
               Tech
               Knowledge
               Geeks
               Development



Thursday, March 31, 2011
About Me

               @ijansch
               Developer
               Author
               Entreprenerd
               PHP




Thursday, March 31, 2011
Single Sign On
         Why do we need it?

Thursday, March 31, 2011
We use many applications
                             Your        Your other
                           corporate     corporate
                           application   application




Thursday, March 31, 2011
Across devices and locations
                             Your        Your other
                           corporate     corporate
                           application   application




Thursday, March 31, 2011
A quick poll




Thursday, March 31, 2011
Level 0 - One Password
         To Rule Them All

Thursday, March 31, 2011
1 password to rule them all
                             Your        Your other
                           corporate     corporate
                           application   application




Thursday, March 31, 2011
Level 1 - Shared Identity
         Using a single authentication backend for apps

Thursday, March 31, 2011
Shared Identity
                                         LDAP
                                         Server




                             Your                 Your other
                           corporate              corporate
                           application            application




Thursday, March 31, 2011
Level 2 - OpenID
         Using OpenID for external Identity Management

Thursday, March 31, 2011
OpenID Flow

                            OpenID    OpenID
                           Consumer   Provider




Thursday, March 31, 2011
OpenID Demo
                            OpenID
                           Consumer

                           login.php
                                                 OpenID
                                                 Provider
                                       consume
       index.php
                                         .php




Thursday, March 31, 2011
Protecting the secret




Thursday, March 31, 2011
Delegate to OpenID provider




Thursday, March 31, 2011
Consume the response




Thursday, March 31, 2011
Caveats


               OpenID providers hesitant to be OpenID consumers
               No trust establishment between consumer and
               provider




Thursday, March 31, 2011
Level 3 - OAuth
         Using OAuth for external IDM and authorization

Thursday, March 31, 2011
OAuth Flow

                            OAuth      OAuth
                           Consumer   Provider




Thursday, March 31, 2011
Landing adjusted for OAuth




Thursday, March 31, 2011
OAuth Configuration




Thursday, March 31, 2011
Delegate auth to Twitter




Thursday, March 31, 2011
Consuming the response




Thursday, March 31, 2011
Level 4 - SAML
         Creating our own Identity Provider

Thursday, March 31, 2011
SAML
               Security Assertion Markup Language
               XML standard by OASIS
               Assertions contain:
                     Proof of Identity
                     Attributes
               Supports XML signatures and encryption



Thursday, March 31, 2011
SAML Flow                                 Auth
                                                 Backend
                                                 (LDAP, ...)




                           Service    Identity
                           Provider   Provider




Thursday, March 31, 2011
SimpleSAMLphp                                          Auth
                                                              Backend
                                                              (LDAP, ...)




                                               Identity Provider
                                      Simple
                           Service
                                      SAML
                           Provider             SimpleSAMLPHP
                                       PHP




Thursday, March 31, 2011
IDP SimpleSAMLphp setup




Thursday, March 31, 2011
IDP Auth Source Configuration




Thursday, March 31, 2011
IDP Hosted Configuration




Thursday, March 31, 2011
IDP Remote Configuration




Thursday, March 31, 2011
IDP Virtual Host Apache Config




Thursday, March 31, 2011
Testing the IDP




Thursday, March 31, 2011
SP SimpleSAMLphp setup




Thursday, March 31, 2011
SP Auth Source Configuration




Thursday, March 31, 2011
SP Remote Configuration




Thursday, March 31, 2011
Back to our landing page




Thursday, March 31, 2011
Delegate auth to the IDP




Thursday, March 31, 2011
Integrating 3d party apps
         Simplesamlphp is easy to integrate

Thursday, March 31, 2011
Wordpress
               Plugin:
                     http://wordpress.org/extend/plugins/simplesamlphp-authentication/




Thursday, March 31, 2011
MediaWiki
               Plugin:
                     http://www.mediawiki.org/wiki/Extension:SAMLAuth




Thursday, March 31, 2011
SugarCRM
               Plugin: didn’t work
               Problem: auth structure
               Solution: hacking the source
               Options:
                     Contact me if you need to get SugarCRM to do
                     SSO :-)
                     Wait for SugarCRM 6.1, it contains a working SAML
                     plugin (/via @smalyshev)
Thursday, March 31, 2011
Google Apps

               Requires Premier or Education Edition
               Configure SAML endpoint => Done!
               Docs:
                     http://code.google.com/googleapps/domain/sso/
                     saml_reference_implementation.html




Thursday, March 31, 2011
Google Apps




Thursday, March 31, 2011
Making apps SSO ready
                           Application           Auth Plugin

                              Start




                             Logged
                               in?
                     Yes              No


         Show                            Login
                                                  Authenticate
          Site                           Form


Thursday, March 31, 2011
Making apps SSO ready
                           Application           Auth Plugin

                              Start




                             Logged
                               in?
                     Yes              No


         Show                            Login
                                                  Authenticate
          Site                           Form


Thursday, March 31, 2011
Making apps SSO ready
                           Application                    Auth Plugin


                               Start                         Logged
                                                               in?

                                               Yes

                                                     No


                       Show            Login
                        Site           Form
                                                           Authenticate



Thursday, March 31, 2011
Making apps SSO ready
                           Application               Auth Plugin


                               Start                    Logged
                                                          in?
                                                                     No
                                               Yes
                                                                          Login
                                                                          Form

                       Show            Login
                        Site           Form
                                                      Authenticate



Thursday, March 31, 2011
Conclusion
         What should you take away from this talk?

Thursday, March 31, 2011
In your next project...




                            You will NOT create more userids !!
                            You WILL use standard protocols !!

Thursday, March 31, 2011
Thank You
         ivo@egeniq.com    http://www.egeniq.com
         @ijansch          @egeniq


Thursday, March 31, 2011
Credits
          Pictures used in this presentation are creative commons attribution licensed pictures.
          Here are the owners and the URLS where the originals can be found:
                ‘Multiple Padlock Farm Gate’ by Mike Baird - http://www.flickr.com/photos/mikebaird/2354116406/
                ‘Love Locks’ by James Manners - http://www.flickr.com/photos/jmanners/443421045/
                ‘Seguridad’ by Juan J. Martinez - http://www.flickr.com/photos/reidrac/4696900602/
                ‘Hotel Keys by Henri Bergius - http://www.flickr.com/photos/bergie/3468886680/
                ‘OAuth Shiny’ by Chris Messina - http://www.flickr.com/photos/factoryjoe/3343062926/
                ‘Take a number please’ by Andres Rueda - http://www.flickr.com/photos/andresrueda/3259487071/
                ’38/365 Puzzled’ by Mykl Roventine - http://www.flickr.com/photos/myklroventine/3261364899/
                ‘Visiting Portage’ by Jeremy Bronson - http://www.flickr.com/photos/jbrons/4444017497/
                ‘_dsc8037’ by Sergey Vladimirov - http://www.flickr.com/photos/vlsergey/4138735474/


          Application logo’s and other icons have been used under the assumption that use of them in this context is
          considered fair use.




Thursday, March 31, 2011

Contenu connexe

En vedette

The i7 Framework for System-i
The i7 Framework for System-iThe i7 Framework for System-i
The i7 Framework for System-iIvo Jansch
 
Enterprise2.0 새로운 문화환경
Enterprise2.0   새로운 문화환경Enterprise2.0   새로운 문화환경
Enterprise2.0 새로운 문화환경freehub
 
Web 2.0 Introductie (Infosessie Vlaams Agentschap Ondernemers)
Web 2.0 Introductie (Infosessie Vlaams Agentschap Ondernemers)Web 2.0 Introductie (Infosessie Vlaams Agentschap Ondernemers)
Web 2.0 Introductie (Infosessie Vlaams Agentschap Ondernemers)Ivo Jansch
 
Survey Talk
Survey TalkSurvey Talk
Survey Talkccosmato
 
Best fRiends of 07
Best fRiends of 07Best fRiends of 07
Best fRiends of 07roxyluvin
 
Souper Bowl 2006
Souper Bowl 2006Souper Bowl 2006
Souper Bowl 2006burnsc62
 
Quiltslides
QuiltslidesQuiltslides
Quiltslidesburnsc62
 
J2Me Il Micro Mondo Java
J2Me Il Micro Mondo JavaJ2Me Il Micro Mondo Java
J2Me Il Micro Mondo JavaAntonio Terreno
 

En vedette (15)

The i7 Framework for System-i
The i7 Framework for System-iThe i7 Framework for System-i
The i7 Framework for System-i
 
Enterprise2.0 새로운 문화환경
Enterprise2.0   새로운 문화환경Enterprise2.0   새로운 문화환경
Enterprise2.0 새로운 문화환경
 
Web 2.0 Introductie (Infosessie Vlaams Agentschap Ondernemers)
Web 2.0 Introductie (Infosessie Vlaams Agentschap Ondernemers)Web 2.0 Introductie (Infosessie Vlaams Agentschap Ondernemers)
Web 2.0 Introductie (Infosessie Vlaams Agentschap Ondernemers)
 
Survey Talk
Survey TalkSurvey Talk
Survey Talk
 
Artalk
ArtalkArtalk
Artalk
 
Best fRiends of 07
Best fRiends of 07Best fRiends of 07
Best fRiends of 07
 
Matadero Paneles
Matadero PanelesMatadero Paneles
Matadero Paneles
 
看图作文(三)
看图作文(三)看图作文(三)
看图作文(三)
 
Advent - Otvorenost
Advent - OtvorenostAdvent - Otvorenost
Advent - Otvorenost
 
Souper Bowl 2006
Souper Bowl 2006Souper Bowl 2006
Souper Bowl 2006
 
Quiltslides
QuiltslidesQuiltslides
Quiltslides
 
trcc
trcctrcc
trcc
 
J2Me Il Micro Mondo Java
J2Me Il Micro Mondo JavaJ2Me Il Micro Mondo Java
J2Me Il Micro Mondo Java
 
Prezentacia
PrezentaciaPrezentacia
Prezentacia
 
Digital Storytelling
Digital StorytellingDigital Storytelling
Digital Storytelling
 

Similaire à Building an SSO platform in PHP (Zend Webinar Edition)

Wireframes, User Interfaces, and User Experience
Wireframes, User Interfaces, and User Experience Wireframes, User Interfaces, and User Experience
Wireframes, User Interfaces, and User Experience Erik Eliason
 
iPhone App from concept to product
iPhone App from concept to productiPhone App from concept to product
iPhone App from concept to productjoeysim
 
Presentation : Mobile Dev. Tech. Talk by Boonyanit Mathayomchan, Ph.D.
Presentation : Mobile Dev. Tech. Talk by Boonyanit Mathayomchan, Ph.D.Presentation : Mobile Dev. Tech. Talk by Boonyanit Mathayomchan, Ph.D.
Presentation : Mobile Dev. Tech. Talk by Boonyanit Mathayomchan, Ph.D.Software Park Thailand
 
Case Study - Panasonic Europe Powered by Apache Solr
Case Study - Panasonic Europe Powered by Apache SolrCase Study - Panasonic Europe Powered by Apache Solr
Case Study - Panasonic Europe Powered by Apache SolrLucidworks (Archived)
 
Android Apps Success and Store trend
Android Apps Success and Store trendAndroid Apps Success and Store trend
Android Apps Success and Store trend01Booster
 
Sharath Bulusu, Guardian News & Media
Sharath Bulusu, Guardian News & MediaSharath Bulusu, Guardian News & Media
Sharath Bulusu, Guardian News & MediaMashery
 
3rd space architecture learning in 3D
3rd space architecture learning in 3D3rd space architecture learning in 3D
3rd space architecture learning in 3DCynthia Calongne
 
Mapping Java Objects with JPA
Mapping Java Objects with JPAMapping Java Objects with JPA
Mapping Java Objects with JPAAaron Schram
 
Android Application Development at JFokus 2011
Android Application Development at JFokus 2011Android Application Development at JFokus 2011
Android Application Development at JFokus 2011Anders Göransson
 
Mobile apps using drupal as base system SumitK DrupalCon Chicago
Mobile apps using drupal as base system   SumitK DrupalCon ChicagoMobile apps using drupal as base system   SumitK DrupalCon Chicago
Mobile apps using drupal as base system SumitK DrupalCon ChicagoSumit Kataria
 
Installing and Deploying TestMaker 6
Installing and Deploying TestMaker 6Installing and Deploying TestMaker 6
Installing and Deploying TestMaker 6Clever Moe
 
Using+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsUsing+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsMuhammad Ikram Ul Haq
 
Semantic Technology in Document Management
Semantic Technology in Document ManagementSemantic Technology in Document Management
Semantic Technology in Document ManagementGeorge Roth
 
Open Source Test Workshop for QA Testers, Developers, IT Managers
Open Source Test Workshop for QA Testers, Developers, IT ManagersOpen Source Test Workshop for QA Testers, Developers, IT Managers
Open Source Test Workshop for QA Testers, Developers, IT ManagersClever Moe
 
A need for creativity in systems integration
A need for creativity in systems integrationA need for creativity in systems integration
A need for creativity in systems integrationSergey Tozik
 
Panasonic search
Panasonic searchPanasonic search
Panasonic searchAOE
 
MDW Boulder April '11 | Matt Howell_New Teams and Process for Making Digital ...
MDW Boulder April '11 | Matt Howell_New Teams and Process for Making Digital ...MDW Boulder April '11 | Matt Howell_New Teams and Process for Making Digital ...
MDW Boulder April '11 | Matt Howell_New Teams and Process for Making Digital ...Boulder Digital Works at CU
 
Frank Denbow, Startup Threads
Frank Denbow, Startup ThreadsFrank Denbow, Startup Threads
Frank Denbow, Startup ThreadsMashery
 

Similaire à Building an SSO platform in PHP (Zend Webinar Edition) (20)

Business of Drupal
Business of DrupalBusiness of Drupal
Business of Drupal
 
Wireframes, User Interfaces, and User Experience
Wireframes, User Interfaces, and User Experience Wireframes, User Interfaces, and User Experience
Wireframes, User Interfaces, and User Experience
 
iPhone App from concept to product
iPhone App from concept to productiPhone App from concept to product
iPhone App from concept to product
 
Presentation : Mobile Dev. Tech. Talk by Boonyanit Mathayomchan, Ph.D.
Presentation : Mobile Dev. Tech. Talk by Boonyanit Mathayomchan, Ph.D.Presentation : Mobile Dev. Tech. Talk by Boonyanit Mathayomchan, Ph.D.
Presentation : Mobile Dev. Tech. Talk by Boonyanit Mathayomchan, Ph.D.
 
Case Study - Panasonic Europe Powered by Apache Solr
Case Study - Panasonic Europe Powered by Apache SolrCase Study - Panasonic Europe Powered by Apache Solr
Case Study - Panasonic Europe Powered by Apache Solr
 
Android Apps Success and Store trend
Android Apps Success and Store trendAndroid Apps Success and Store trend
Android Apps Success and Store trend
 
Sharath Bulusu, Guardian News & Media
Sharath Bulusu, Guardian News & MediaSharath Bulusu, Guardian News & Media
Sharath Bulusu, Guardian News & Media
 
3rd space architecture learning in 3D
3rd space architecture learning in 3D3rd space architecture learning in 3D
3rd space architecture learning in 3D
 
Mapping Java Objects with JPA
Mapping Java Objects with JPAMapping Java Objects with JPA
Mapping Java Objects with JPA
 
Android Application Development at JFokus 2011
Android Application Development at JFokus 2011Android Application Development at JFokus 2011
Android Application Development at JFokus 2011
 
Mobile apps using drupal as base system SumitK DrupalCon Chicago
Mobile apps using drupal as base system   SumitK DrupalCon ChicagoMobile apps using drupal as base system   SumitK DrupalCon Chicago
Mobile apps using drupal as base system SumitK DrupalCon Chicago
 
Installing and Deploying TestMaker 6
Installing and Deploying TestMaker 6Installing and Deploying TestMaker 6
Installing and Deploying TestMaker 6
 
Using+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsUsing+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applications
 
Semantic Technology in Document Management
Semantic Technology in Document ManagementSemantic Technology in Document Management
Semantic Technology in Document Management
 
Open Source Test Workshop for QA Testers, Developers, IT Managers
Open Source Test Workshop for QA Testers, Developers, IT ManagersOpen Source Test Workshop for QA Testers, Developers, IT Managers
Open Source Test Workshop for QA Testers, Developers, IT Managers
 
A need for creativity in systems integration
A need for creativity in systems integrationA need for creativity in systems integration
A need for creativity in systems integration
 
Panasonic search
Panasonic searchPanasonic search
Panasonic search
 
Jasig
Jasig Jasig
Jasig
 
MDW Boulder April '11 | Matt Howell_New Teams and Process for Making Digital ...
MDW Boulder April '11 | Matt Howell_New Teams and Process for Making Digital ...MDW Boulder April '11 | Matt Howell_New Teams and Process for Making Digital ...
MDW Boulder April '11 | Matt Howell_New Teams and Process for Making Digital ...
 
Frank Denbow, Startup Threads
Frank Denbow, Startup ThreadsFrank Denbow, Startup Threads
Frank Denbow, Startup Threads
 

Plus de Ivo Jansch

Own Your Apps
Own Your Apps Own Your Apps
Own Your Apps Ivo Jansch
 
PHP Development In The Cloud (php|tek edition)
PHP Development In The Cloud (php|tek edition)PHP Development In The Cloud (php|tek edition)
PHP Development In The Cloud (php|tek edition)Ivo Jansch
 
Mobile for PHP developers
Mobile for PHP developersMobile for PHP developers
Mobile for PHP developersIvo Jansch
 
The Business Case For Telecommuting
The Business Case For TelecommutingThe Business Case For Telecommuting
The Business Case For TelecommutingIvo Jansch
 
Php Development In The Cloud
Php Development In The CloudPhp Development In The Cloud
Php Development In The CloudIvo Jansch
 
PHP in a mobile ecosystem
PHP in a mobile ecosystem PHP in a mobile ecosystem
PHP in a mobile ecosystem Ivo Jansch
 
27 Ways To Be A Better Developer (PHPBenelux 2011)
27 Ways To Be A Better Developer (PHPBenelux 2011)27 Ways To Be A Better Developer (PHPBenelux 2011)
27 Ways To Be A Better Developer (PHPBenelux 2011)Ivo Jansch
 
Building an SSO platform in php (Zendcon 2010)
Building an SSO platform in php (Zendcon 2010)Building an SSO platform in php (Zendcon 2010)
Building an SSO platform in php (Zendcon 2010)Ivo Jansch
 
PHP in a Mobile Ecosystem (Zendcon 2010)
PHP in a Mobile Ecosystem (Zendcon 2010)PHP in a Mobile Ecosystem (Zendcon 2010)
PHP in a Mobile Ecosystem (Zendcon 2010)Ivo Jansch
 
PHP and the Cloud (phpbenelux conference)
PHP and the Cloud (phpbenelux conference)PHP and the Cloud (phpbenelux conference)
PHP and the Cloud (phpbenelux conference)Ivo Jansch
 
Content Management Selection and Strategy
Content Management Selection and StrategyContent Management Selection and Strategy
Content Management Selection and StrategyIvo Jansch
 
PHP and the Cloud
PHP and the CloudPHP and the Cloud
PHP and the CloudIvo Jansch
 
PHP in the Real World
PHP in the Real WorldPHP in the Real World
PHP in the Real WorldIvo Jansch
 
Dynamic Languages In The Enterprise (4developers march 2009)
Dynamic Languages In The Enterprise (4developers march 2009)Dynamic Languages In The Enterprise (4developers march 2009)
Dynamic Languages In The Enterprise (4developers march 2009)Ivo Jansch
 
Enterprise PHP (php|works 2008)
Enterprise PHP (php|works 2008)Enterprise PHP (php|works 2008)
Enterprise PHP (php|works 2008)Ivo Jansch
 
Enterprise PHP Development - ZendCon 2008
Enterprise PHP Development - ZendCon 2008Enterprise PHP Development - ZendCon 2008
Enterprise PHP Development - ZendCon 2008Ivo Jansch
 
Enterprise PHP Development (Dutch PHP Conference 2008)
Enterprise PHP Development (Dutch PHP Conference 2008)Enterprise PHP Development (Dutch PHP Conference 2008)
Enterprise PHP Development (Dutch PHP Conference 2008)Ivo Jansch
 
Hello Enterprise, my name is PHP
Hello Enterprise, my name is PHPHello Enterprise, my name is PHP
Hello Enterprise, my name is PHPIvo Jansch
 
Introduction to PHP (Casino Affiliate Convention 2008)
Introduction to PHP (Casino Affiliate Convention 2008)Introduction to PHP (Casino Affiliate Convention 2008)
Introduction to PHP (Casino Affiliate Convention 2008)Ivo Jansch
 
Enterprise PHP (PHP London Conference 2008)
Enterprise PHP (PHP London Conference 2008)Enterprise PHP (PHP London Conference 2008)
Enterprise PHP (PHP London Conference 2008)Ivo Jansch
 

Plus de Ivo Jansch (20)

Own Your Apps
Own Your Apps Own Your Apps
Own Your Apps
 
PHP Development In The Cloud (php|tek edition)
PHP Development In The Cloud (php|tek edition)PHP Development In The Cloud (php|tek edition)
PHP Development In The Cloud (php|tek edition)
 
Mobile for PHP developers
Mobile for PHP developersMobile for PHP developers
Mobile for PHP developers
 
The Business Case For Telecommuting
The Business Case For TelecommutingThe Business Case For Telecommuting
The Business Case For Telecommuting
 
Php Development In The Cloud
Php Development In The CloudPhp Development In The Cloud
Php Development In The Cloud
 
PHP in a mobile ecosystem
PHP in a mobile ecosystem PHP in a mobile ecosystem
PHP in a mobile ecosystem
 
27 Ways To Be A Better Developer (PHPBenelux 2011)
27 Ways To Be A Better Developer (PHPBenelux 2011)27 Ways To Be A Better Developer (PHPBenelux 2011)
27 Ways To Be A Better Developer (PHPBenelux 2011)
 
Building an SSO platform in php (Zendcon 2010)
Building an SSO platform in php (Zendcon 2010)Building an SSO platform in php (Zendcon 2010)
Building an SSO platform in php (Zendcon 2010)
 
PHP in a Mobile Ecosystem (Zendcon 2010)
PHP in a Mobile Ecosystem (Zendcon 2010)PHP in a Mobile Ecosystem (Zendcon 2010)
PHP in a Mobile Ecosystem (Zendcon 2010)
 
PHP and the Cloud (phpbenelux conference)
PHP and the Cloud (phpbenelux conference)PHP and the Cloud (phpbenelux conference)
PHP and the Cloud (phpbenelux conference)
 
Content Management Selection and Strategy
Content Management Selection and StrategyContent Management Selection and Strategy
Content Management Selection and Strategy
 
PHP and the Cloud
PHP and the CloudPHP and the Cloud
PHP and the Cloud
 
PHP in the Real World
PHP in the Real WorldPHP in the Real World
PHP in the Real World
 
Dynamic Languages In The Enterprise (4developers march 2009)
Dynamic Languages In The Enterprise (4developers march 2009)Dynamic Languages In The Enterprise (4developers march 2009)
Dynamic Languages In The Enterprise (4developers march 2009)
 
Enterprise PHP (php|works 2008)
Enterprise PHP (php|works 2008)Enterprise PHP (php|works 2008)
Enterprise PHP (php|works 2008)
 
Enterprise PHP Development - ZendCon 2008
Enterprise PHP Development - ZendCon 2008Enterprise PHP Development - ZendCon 2008
Enterprise PHP Development - ZendCon 2008
 
Enterprise PHP Development (Dutch PHP Conference 2008)
Enterprise PHP Development (Dutch PHP Conference 2008)Enterprise PHP Development (Dutch PHP Conference 2008)
Enterprise PHP Development (Dutch PHP Conference 2008)
 
Hello Enterprise, my name is PHP
Hello Enterprise, my name is PHPHello Enterprise, my name is PHP
Hello Enterprise, my name is PHP
 
Introduction to PHP (Casino Affiliate Convention 2008)
Introduction to PHP (Casino Affiliate Convention 2008)Introduction to PHP (Casino Affiliate Convention 2008)
Introduction to PHP (Casino Affiliate Convention 2008)
 
Enterprise PHP (PHP London Conference 2008)
Enterprise PHP (PHP London Conference 2008)Enterprise PHP (PHP London Conference 2008)
Enterprise PHP (PHP London Conference 2008)
 

Dernier

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 

Dernier (20)

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 

Building an SSO platform in PHP (Zend Webinar Edition)

  • 1. Building an SSO platform Ivo Jansch (@ijansch) - Egeniq March 31, 2011 - Zend Webinar Thursday, March 31, 2011
  • 2. About Egeniq Startup Mobile Tech Knowledge Geeks Development Thursday, March 31, 2011
  • 3. About Me @ijansch Developer Author Entreprenerd PHP Thursday, March 31, 2011
  • 4. Single Sign On Why do we need it? Thursday, March 31, 2011
  • 5. We use many applications Your Your other corporate corporate application application Thursday, March 31, 2011
  • 6. Across devices and locations Your Your other corporate corporate application application Thursday, March 31, 2011
  • 7. A quick poll Thursday, March 31, 2011
  • 8. Level 0 - One Password To Rule Them All Thursday, March 31, 2011
  • 9. 1 password to rule them all Your Your other corporate corporate application application Thursday, March 31, 2011
  • 10. Level 1 - Shared Identity Using a single authentication backend for apps Thursday, March 31, 2011
  • 11. Shared Identity LDAP Server Your Your other corporate corporate application application Thursday, March 31, 2011
  • 12. Level 2 - OpenID Using OpenID for external Identity Management Thursday, March 31, 2011
  • 13. OpenID Flow OpenID OpenID Consumer Provider Thursday, March 31, 2011
  • 14. OpenID Demo OpenID Consumer login.php OpenID Provider consume index.php .php Thursday, March 31, 2011
  • 16. Delegate to OpenID provider Thursday, March 31, 2011
  • 18. Caveats OpenID providers hesitant to be OpenID consumers No trust establishment between consumer and provider Thursday, March 31, 2011
  • 19. Level 3 - OAuth Using OAuth for external IDM and authorization Thursday, March 31, 2011
  • 20. OAuth Flow OAuth OAuth Consumer Provider Thursday, March 31, 2011
  • 21. Landing adjusted for OAuth Thursday, March 31, 2011
  • 23. Delegate auth to Twitter Thursday, March 31, 2011
  • 25. Level 4 - SAML Creating our own Identity Provider Thursday, March 31, 2011
  • 26. SAML Security Assertion Markup Language XML standard by OASIS Assertions contain: Proof of Identity Attributes Supports XML signatures and encryption Thursday, March 31, 2011
  • 27. SAML Flow Auth Backend (LDAP, ...) Service Identity Provider Provider Thursday, March 31, 2011
  • 28. SimpleSAMLphp Auth Backend (LDAP, ...) Identity Provider Simple Service SAML Provider SimpleSAMLPHP PHP Thursday, March 31, 2011
  • 30. IDP Auth Source Configuration Thursday, March 31, 2011
  • 33. IDP Virtual Host Apache Config Thursday, March 31, 2011
  • 34. Testing the IDP Thursday, March 31, 2011
  • 36. SP Auth Source Configuration Thursday, March 31, 2011
  • 38. Back to our landing page Thursday, March 31, 2011
  • 39. Delegate auth to the IDP Thursday, March 31, 2011
  • 40. Integrating 3d party apps Simplesamlphp is easy to integrate Thursday, March 31, 2011
  • 41. Wordpress Plugin: http://wordpress.org/extend/plugins/simplesamlphp-authentication/ Thursday, March 31, 2011
  • 42. MediaWiki Plugin: http://www.mediawiki.org/wiki/Extension:SAMLAuth Thursday, March 31, 2011
  • 43. SugarCRM Plugin: didn’t work Problem: auth structure Solution: hacking the source Options: Contact me if you need to get SugarCRM to do SSO :-) Wait for SugarCRM 6.1, it contains a working SAML plugin (/via @smalyshev) Thursday, March 31, 2011
  • 44. Google Apps Requires Premier or Education Edition Configure SAML endpoint => Done! Docs: http://code.google.com/googleapps/domain/sso/ saml_reference_implementation.html Thursday, March 31, 2011
  • 46. Making apps SSO ready Application Auth Plugin Start Logged in? Yes No Show Login Authenticate Site Form Thursday, March 31, 2011
  • 47. Making apps SSO ready Application Auth Plugin Start Logged in? Yes No Show Login Authenticate Site Form Thursday, March 31, 2011
  • 48. Making apps SSO ready Application Auth Plugin Start Logged in? Yes No Show Login Site Form Authenticate Thursday, March 31, 2011
  • 49. Making apps SSO ready Application Auth Plugin Start Logged in? No Yes Login Form Show Login Site Form Authenticate Thursday, March 31, 2011
  • 50. Conclusion What should you take away from this talk? Thursday, March 31, 2011
  • 51. In your next project... You will NOT create more userids !! You WILL use standard protocols !! Thursday, March 31, 2011
  • 52. Thank You ivo@egeniq.com http://www.egeniq.com @ijansch @egeniq Thursday, March 31, 2011
  • 53. Credits Pictures used in this presentation are creative commons attribution licensed pictures. Here are the owners and the URLS where the originals can be found: ‘Multiple Padlock Farm Gate’ by Mike Baird - http://www.flickr.com/photos/mikebaird/2354116406/ ‘Love Locks’ by James Manners - http://www.flickr.com/photos/jmanners/443421045/ ‘Seguridad’ by Juan J. Martinez - http://www.flickr.com/photos/reidrac/4696900602/ ‘Hotel Keys by Henri Bergius - http://www.flickr.com/photos/bergie/3468886680/ ‘OAuth Shiny’ by Chris Messina - http://www.flickr.com/photos/factoryjoe/3343062926/ ‘Take a number please’ by Andres Rueda - http://www.flickr.com/photos/andresrueda/3259487071/ ’38/365 Puzzled’ by Mykl Roventine - http://www.flickr.com/photos/myklroventine/3261364899/ ‘Visiting Portage’ by Jeremy Bronson - http://www.flickr.com/photos/jbrons/4444017497/ ‘_dsc8037’ by Sergey Vladimirov - http://www.flickr.com/photos/vlsergey/4138735474/ Application logo’s and other icons have been used under the assumption that use of them in this context is considered fair use. Thursday, March 31, 2011