SlideShare une entreprise Scribd logo

FIWARE Identity Manager Exercises

Joaquín Salvachúa
Joaquín Salvachúa

FIWARE Identity Manager Exercises

Logiciels
1  sur  12
Télécharger pour lire hors ligne
Adding Identity Management and Access Control to your Application - Exercises Joaquin Salvachúa -Álvaro Alonso UPM – DIT Security Chapter. FIWARE joaquin.salvachua@upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso  
Exercises index •  Sec-1. Creating a FIWARE account •  Sec-2. Managing organizations •  Sec-3. Registering an application •  Sec-4. Adding OAuth2 to your application (based on our Node.js template) •  Sec-5. Adding OAuth2 to your application (using an OAuth2 library) •  Sec-6. Securing your backend Authentication •  Sec-7. Securing your backend Basic Authorization •  Sec-8. Securing your backend Advanced Authorization
Sec-1. Creating a FIWARE account •  Prerequisite –  To have an Internet connection J •  Steps –  Go to https://account.lab.fiware.org –  Click in “Sign Up” –  Fill your data –  Confirm your account from the email confirmation •  Hints –  If you don’t receive the email confirmation… check your spam Easy  
Sec-2. Managing organizations •  Prerequisite –  To have a FIWARE account •  Steps –  Go to https://account.lab.fiware.org –  Sign In –  Create an Organization –  Add members to it •  Hints –  To manage an organization you have to switch to it using the dropdown in the upper right corner. Easy  
Sec-3. Registering an application •  Prerequisite –  To have a FIWARE account •  Steps –  Go to https://account.lab.fiware.org –  Sign In –  Register an application •  Hints –  You have to set: •  URL: the url where your app will run •  Callback URL: the url where Account Portal will redirect your users once authenticated Easy  
Sec-4 (1). Adding OAuth2 to your application (based on our Node.js template) •  Prerequisites –  To have an application registered in the Account Portal –  To learn how OAuth2 works •  Steps –  Clone our demo example: •  https://github.com/ging/oauth2-example-client –  Follow the instructions in the README •  You will find client_secret and client_id in the application detail: Easy  
Sec-4 (2). Adding OAuth2 to your application (based on our Node.js template) •  Hints –  Learn about OAuth2: •  http://oauth.net/2/ –  FIWARE Account flows: •  http://es.slideshare.net/alvaroalonsogonzalez/id-m-andac –  FIWARE Account OAuth2 docs •  https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance –  Advanced courses: •  http://edu.fi-ware.org/course/view.php?id=79 •  http://edu.fi-ware.org/course/view.php?id=63 Easy  
Sec-5. Adding OAuth2 to your application (using an OAuth2 library) •  Prerequisite –  To have an application registered in the Account Portal –  To have your own application •  Steps –  Include an OAuth2 library in your app –  Configure it using the OAuth credentials generated in the Account Portal –  Follow the library instructions to use it •  Hints –  OAuth2 libraries •  http://oauth.net/2/ Medium  
Sec-6. Securing your backend Authentication •  Prerequisite –  To have a frontend app using OAuth and FIWARE Account –  To have a REST-based backend service •  Steps –  Clone our PEP-Proxy Wilma •  https://github.com/ging/fi-ware-pep-proxy –  Configure it following the README •  app_host and app_port are the coordinates of your backend REST API –  Now your requests to your backend •  Has to be sent to the proxy •  Has to include “X-Auth-Token” header with the OAuth2 access token •  Hints –  Wilma docs •  http://catalogue.fiware.org/enablers/pep-proxy-wilma Medium  
Sec-7. Securing your backend Basic Authorization •  Prerequisite –  To have a Wilma deployed on top of your backend •  Steps –  Enable the “check_permissions” option in Wilma’s config –  Edit your application in Account Portal •  Create a new role •  Create a new permission with –  HTTP action – GET, POST, PUT, DELETE –  REST resource – the url of your resource •  Assign the role to a user •  Check the request in your App •  Hints –  AuthZForce docs •  http://catalogue.fiware.org/enablers/authorization-pdp-authzforce Hard  
Sec-8. Securing your backend Advanced Authorization •  Prerequisite –  To have a Wilma deployed on top of your backend •  Steps –  Modify Wilma in order to manage XACML Requests •  You can check request params such as body, headers… –  Edit your application in Account Portal •  Create a new role •  Create a new permission with an advanced rule (XACML) •  Assign the role to a user •  Check the request in your App •  Hints –  AuthZForce docs •  http://catalogue.fiware.org/enablers/authorization-pdp-authzforce –  XACML •  https://www.oasis-open.org/committees/xacml/ Hard  
Adding Identity Management and Access Control to your Application - Exercises Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso  

Recommandé

FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity Manager
Joaquín Salvachúa
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - Exersices
Álvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
Álvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
Fernando Lopez Aguilar
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solution
Javier Cerviño
 
IdM and AC
IdM and ACIdM and AC
IdM and AC
Fernando Lopez Aguilar
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - Introduction
Javier Cerviño
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, Authorization
Fernando Lopez Aguilar
 

Recommandé

FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity Manager
Joaquín Salvachúa
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - Exersices
Álvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
Álvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
Fernando Lopez Aguilar
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solution
Javier Cerviño
 
IdM and AC
IdM and ACIdM and AC
IdM and AC
Fernando Lopez Aguilar
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - Introduction
Javier Cerviño
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, Authorization
Fernando Lopez Aguilar
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
Álvaro Alonso González
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
FIWARE
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
axykim00
 
Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabath
WSO2
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFS
John Gasper
 
Api security
Api security Api security
Api security
teodorcotruta
 
D@W REST security
D@W REST securityD@W REST security
D@W REST security
Gaurav Sharma
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuth
fossmy
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
Stormpath
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
Igor Bossenko
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2
Jonathan LeBlanc
 
OAuth Tokens
OAuth TokensOAuth Tokens
OAuth Tokens
n|u - The Open Security Community
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
Stormpath
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017
Dejan Glozic
 
Intro20 socioeconomia
Intro20 socioeconomiaIntro20 socioeconomia
Intro20 socioeconomia
Joaquín Salvachúa
 
Ganar el desafio android
Ganar el desafio androidGanar el desafio android
Ganar el desafio android
Joaquín Salvachúa
 
Aide caritative
Aide caritativeAide caritative
Aide caritative
odelclos
 
Embracing Enterprise 2.0
Embracing Enterprise 2.0Embracing Enterprise 2.0
Embracing Enterprise 2.0
Alan Lepofsky
 
Conversations Connect People and Content
Conversations Connect People and ContentConversations Connect People and Content
Conversations Connect People and Content
Alan Lepofsky
 
The Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
The Future of Social in the Enterprise - by Alan Lepofsky and Dion HinchcliffeThe Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
The Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
Alan Lepofsky
 
Introducción al ecosistema de React.js
Introducción al ecosistema de React.jsIntroducción al ecosistema de React.js
Introducción al ecosistema de React.js
Joaquín Salvachúa
 

Contenu connexe

Tendances

Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabath
WSO2
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuth
fossmy
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
Igor Bossenko
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2
Jonathan LeBlanc
 

Tendances (15)

Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 
Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabath
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFS
 
Api security
Api security Api security
Api security
 
D@W REST security
D@W REST securityD@W REST security
D@W REST security
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuth
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2
 
OAuth Tokens
OAuth TokensOAuth Tokens
OAuth Tokens
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017
 

En vedette

Aide caritative
Aide caritativeAide caritative
Aide caritative
odelclos
 
Conversations Connect People and Content
Conversations Connect People and ContentConversations Connect People and Content
Conversations Connect People and Content
Alan Lepofsky
 

En vedette (8)

Intro20 socioeconomia
Intro20 socioeconomiaIntro20 socioeconomia
Intro20 socioeconomia
 
Ganar el desafio android
Ganar el desafio androidGanar el desafio android
Ganar el desafio android
 
Aide caritative
Aide caritativeAide caritative
Aide caritative
 
Embracing Enterprise 2.0
Embracing Enterprise 2.0Embracing Enterprise 2.0
Embracing Enterprise 2.0
 
Conversations Connect People and Content
Conversations Connect People and ContentConversations Connect People and Content
Conversations Connect People and Content
 
The Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
The Future of Social in the Enterprise - by Alan Lepofsky and Dion HinchcliffeThe Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
The Future of Social in the Enterprise - by Alan Lepofsky and Dion Hinchcliffe
 
Introducción al ecosistema de React.js
Introducción al ecosistema de React.jsIntroducción al ecosistema de React.js
Introducción al ecosistema de React.js
 
Purposeful collaboration
Purposeful collaborationPurposeful collaboration
Purposeful collaboration
 

Similaire à FIWARE Identity Manager Exercises

FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
FIWARE
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocial
Bastian Hofmann
 

Similaire à FIWARE Identity Manager Exercises (20)

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-dit
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
Social Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectSocial Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID Connect
 
Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure
 
WireCloud Exercises - FIWARE Developers Week
WireCloud Exercises - FIWARE Developers WeekWireCloud Exercises - FIWARE Developers Week
WireCloud Exercises - FIWARE Developers Week
 
Cloud Portal - Lesson 1. Introduction
Cloud Portal - Lesson 1. IntroductionCloud Portal - Lesson 1. Introduction
Cloud Portal - Lesson 1. Introduction
 
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsDevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
 
PHP, OAuth, Web Services and YQL
PHP, OAuth, Web Services and YQLPHP, OAuth, Web Services and YQL
PHP, OAuth, Web Services and YQL
 
OAuth
OAuthOAuth
OAuth
 
Crossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocialCrossing the Boundaries of Web Applications with OpenSocial
Crossing the Boundaries of Web Applications with OpenSocial
 
API-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the FutureAPI-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the Future
 

Plus de Joaquín Salvachúa

Big data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón ArecesBig data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón Areces
Joaquín Salvachúa
 

Plus de Joaquín Salvachúa (20)

Eemov data
Eemov dataEemov data
Eemov data
 
Etica big data
Etica big dataEtica big data
Etica big data
 
FIWARE Data usage control
FIWARE Data usage controlFIWARE Data usage control
FIWARE Data usage control
 
Fiware overview3
Fiware overview3Fiware overview3
Fiware overview3
 
Fiware overview
Fiware overviewFiware overview
Fiware overview
 
Kubernetes2
Kubernetes2Kubernetes2
Kubernetes2
 
Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G) Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G)
 
Vagrant
VagrantVagrant
Vagrant
 
Big data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón ArecesBig data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón Areces
 
Master w20 01
Master w20 01Master w20 01
Master w20 01
 
Blogs micro
Blogs microBlogs micro
Blogs micro
 
Social networks upm
Social networks upmSocial networks upm
Social networks upm
 
Nube redes
Nube redesNube redes
Nube redes
 
Identidad2
Identidad2Identidad2
Identidad2
 
Blogs Micro
Blogs MicroBlogs Micro
Blogs Micro
 
Blogs Micro
Blogs MicroBlogs Micro
Blogs Micro
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
 

Dernier

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 

Dernier (20)

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 

FIWARE Identity Manager Exercises

  • 1. Adding Identity Management and Access Control to your Application - Exercises Joaquin Salvachúa -Álvaro Alonso UPM – DIT Security Chapter. FIWARE joaquin.salvachua@upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso  
  • 2. Exercises index •  Sec-1. Creating a FIWARE account •  Sec-2. Managing organizations •  Sec-3. Registering an application •  Sec-4. Adding OAuth2 to your application (based on our Node.js template) •  Sec-5. Adding OAuth2 to your application (using an OAuth2 library) •  Sec-6. Securing your backend Authentication •  Sec-7. Securing your backend Basic Authorization •  Sec-8. Securing your backend Advanced Authorization
  • 3. Sec-1. Creating a FIWARE account •  Prerequisite –  To have an Internet connection J •  Steps –  Go to https://account.lab.fiware.org –  Click in “Sign Up” –  Fill your data –  Confirm your account from the email confirmation •  Hints –  If you don’t receive the email confirmation… check your spam Easy  
  • 4. Sec-2. Managing organizations •  Prerequisite –  To have a FIWARE account •  Steps –  Go to https://account.lab.fiware.org –  Sign In –  Create an Organization –  Add members to it •  Hints –  To manage an organization you have to switch to it using the dropdown in the upper right corner. Easy  
  • 5. Sec-3. Registering an application •  Prerequisite –  To have a FIWARE account •  Steps –  Go to https://account.lab.fiware.org –  Sign In –  Register an application •  Hints –  You have to set: •  URL: the url where your app will run •  Callback URL: the url where Account Portal will redirect your users once authenticated Easy  
  • 6. Sec-4 (1). Adding OAuth2 to your application (based on our Node.js template) •  Prerequisites –  To have an application registered in the Account Portal –  To learn how OAuth2 works •  Steps –  Clone our demo example: •  https://github.com/ging/oauth2-example-client –  Follow the instructions in the README •  You will find client_secret and client_id in the application detail: Easy  
  • 7. Sec-4 (2). Adding OAuth2 to your application (based on our Node.js template) •  Hints –  Learn about OAuth2: •  http://oauth.net/2/ –  FIWARE Account flows: •  http://es.slideshare.net/alvaroalonsogonzalez/id-m-andac –  FIWARE Account OAuth2 docs •  https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance –  Advanced courses: •  http://edu.fi-ware.org/course/view.php?id=79 •  http://edu.fi-ware.org/course/view.php?id=63 Easy  
  • 8. Sec-5. Adding OAuth2 to your application (using an OAuth2 library) •  Prerequisite –  To have an application registered in the Account Portal –  To have your own application •  Steps –  Include an OAuth2 library in your app –  Configure it using the OAuth credentials generated in the Account Portal –  Follow the library instructions to use it •  Hints –  OAuth2 libraries •  http://oauth.net/2/ Medium  
  • 9. Sec-6. Securing your backend Authentication •  Prerequisite –  To have a frontend app using OAuth and FIWARE Account –  To have a REST-based backend service •  Steps –  Clone our PEP-Proxy Wilma •  https://github.com/ging/fi-ware-pep-proxy –  Configure it following the README •  app_host and app_port are the coordinates of your backend REST API –  Now your requests to your backend •  Has to be sent to the proxy •  Has to include “X-Auth-Token” header with the OAuth2 access token •  Hints –  Wilma docs •  http://catalogue.fiware.org/enablers/pep-proxy-wilma Medium  
  • 10. Sec-7. Securing your backend Basic Authorization •  Prerequisite –  To have a Wilma deployed on top of your backend •  Steps –  Enable the “check_permissions” option in Wilma’s config –  Edit your application in Account Portal •  Create a new role •  Create a new permission with –  HTTP action – GET, POST, PUT, DELETE –  REST resource – the url of your resource •  Assign the role to a user •  Check the request in your App •  Hints –  AuthZForce docs •  http://catalogue.fiware.org/enablers/authorization-pdp-authzforce Hard  
  • 11. Sec-8. Securing your backend Advanced Authorization •  Prerequisite –  To have a Wilma deployed on top of your backend •  Steps –  Modify Wilma in order to manage XACML Requests •  You can check request params such as body, headers… –  Edit your application in Account Portal •  Create a new role •  Create a new permission with an advanced rule (XACML) •  Assign the role to a user •  Check the request in your App •  Hints –  AuthZForce docs •  http://catalogue.fiware.org/enablers/authorization-pdp-authzforce –  XACML •  https://www.oasis-open.org/committees/xacml/ Hard  
  • 12. Adding Identity Management and Access Control to your Application - Exercises Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso