Soumettre la recherche
Mettre en ligne
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
•
0 j'aime
•
531 vues
Hitachi, Ltd. OSS Solution Center.
Suivre
The presentation for DevConf.CZ 2020, Brno, Czech Republic.
Lire moins
Lire la suite
Logiciels
Signaler
Partager
Signaler
Partager
1 sur 23
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...
Hitachi, Ltd. OSS Solution Center.
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...
Hitachi, Ltd. OSS Solution Center.
Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...
Hitachi, Ltd. OSS Solution Center.
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
Yuichi Nakamura
Apache con@home 2021_sha
Apache con@home 2021_sha
Hitachi, Ltd. OSS Solution Center.
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
Yuichi Nakamura
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Hitachi, Ltd. OSS Solution Center.
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Hitachi, Ltd. OSS Solution Center.
Recommandé
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...
Hitachi, Ltd. OSS Solution Center.
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...
Hitachi, Ltd. OSS Solution Center.
Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...
Hitachi, Ltd. OSS Solution Center.
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
Yuichi Nakamura
Apache con@home 2021_sha
Apache con@home 2021_sha
Hitachi, Ltd. OSS Solution Center.
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
Yuichi Nakamura
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Hitachi, Ltd. OSS Solution Center.
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Hitachi, Ltd. OSS Solution Center.
Secure Webservices
Secure Webservices
Matthias Käppler
Vbrownbag container networking for real workloads
Vbrownbag container networking for real workloads
Cisco DevNet
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Ioan Eugen Stan
DEVNET-2010 Remote Expert Mobile Web/Android/iOS SDK Live Coding Tutorial and...
DEVNET-2010 Remote Expert Mobile Web/Android/iOS SDK Live Coding Tutorial and...
Cisco DevNet
API Design Principles Essential
API Design Principles Essential
Oracle Korea
Enterprise Single Sign On
Enterprise Single Sign On
WSO2
Authlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API Economy
Tatsuo Kudo
Keycloak Single Sign-On
Keycloak Single Sign-On
Ravi Yasas
DEVNET-2011 Jabber Guest - Android SDK Live Coding Tutorial
DEVNET-2011 Jabber Guest - Android SDK Live Coding Tutorial
Cisco DevNet
Service Mesh - Why? How? What?
Service Mesh - Why? How? What?
Orkhan Gasimov
Cloud Native Java with Spring Cloud Services
Cloud Native Java with Spring Cloud Services
Chris Sterling
WSO2 API Microgateway for Easier Development and Greater Scalability
WSO2 API Microgateway for Easier Development and Greater Scalability
WSO2
Kasten securing access to your kubernetes applications
Kasten securing access to your kubernetes applications
LibbySchulze
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
Nov Matake
Liferay Module Framework
Liferay Module Framework
Miguel Pastor
Implementing PII Encryption with PDX Serialization
Implementing PII Encryption with PDX Serialization
VMware Tanzu
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi
Rafik HARABI
Liferay on docker
Liferay on docker
Geeta Raghu Vamsi Kotipalli
Moved to https://slidr.io/azzazzel/leveraging-osgi-to-create-extensible-plugi...
Moved to https://slidr.io/azzazzel/leveraging-osgi-to-create-extensible-plugi...
Milen Dyankov
OpenId Connect Protocol
OpenId Connect Protocol
Michael Furman
KubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdf
Hitachi, Ltd. OSS Solution Center.
WebAuthn & FIDO2
WebAuthn & FIDO2
Leonard Moustacchis
Contenu connexe
Tendances
Secure Webservices
Secure Webservices
Matthias Käppler
Vbrownbag container networking for real workloads
Vbrownbag container networking for real workloads
Cisco DevNet
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Ioan Eugen Stan
DEVNET-2010 Remote Expert Mobile Web/Android/iOS SDK Live Coding Tutorial and...
DEVNET-2010 Remote Expert Mobile Web/Android/iOS SDK Live Coding Tutorial and...
Cisco DevNet
API Design Principles Essential
API Design Principles Essential
Oracle Korea
Enterprise Single Sign On
Enterprise Single Sign On
WSO2
Authlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API Economy
Tatsuo Kudo
Keycloak Single Sign-On
Keycloak Single Sign-On
Ravi Yasas
DEVNET-2011 Jabber Guest - Android SDK Live Coding Tutorial
DEVNET-2011 Jabber Guest - Android SDK Live Coding Tutorial
Cisco DevNet
Service Mesh - Why? How? What?
Service Mesh - Why? How? What?
Orkhan Gasimov
Cloud Native Java with Spring Cloud Services
Cloud Native Java with Spring Cloud Services
Chris Sterling
WSO2 API Microgateway for Easier Development and Greater Scalability
WSO2 API Microgateway for Easier Development and Greater Scalability
WSO2
Kasten securing access to your kubernetes applications
Kasten securing access to your kubernetes applications
LibbySchulze
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
Nov Matake
Liferay Module Framework
Liferay Module Framework
Miguel Pastor
Implementing PII Encryption with PDX Serialization
Implementing PII Encryption with PDX Serialization
VMware Tanzu
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi
Rafik HARABI
Liferay on docker
Liferay on docker
Geeta Raghu Vamsi Kotipalli
Moved to https://slidr.io/azzazzel/leveraging-osgi-to-create-extensible-plugi...
Moved to https://slidr.io/azzazzel/leveraging-osgi-to-create-extensible-plugi...
Milen Dyankov
OpenId Connect Protocol
OpenId Connect Protocol
Michael Furman
Tendances
(20)
Secure Webservices
Secure Webservices
Vbrownbag container networking for real workloads
Vbrownbag container networking for real workloads
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
DEVNET-2010 Remote Expert Mobile Web/Android/iOS SDK Live Coding Tutorial and...
DEVNET-2010 Remote Expert Mobile Web/Android/iOS SDK Live Coding Tutorial and...
API Design Principles Essential
API Design Principles Essential
Enterprise Single Sign On
Enterprise Single Sign On
Authlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API Economy
Keycloak Single Sign-On
Keycloak Single Sign-On
DEVNET-2011 Jabber Guest - Android SDK Live Coding Tutorial
DEVNET-2011 Jabber Guest - Android SDK Live Coding Tutorial
Service Mesh - Why? How? What?
Service Mesh - Why? How? What?
Cloud Native Java with Spring Cloud Services
Cloud Native Java with Spring Cloud Services
WSO2 API Microgateway for Easier Development and Greater Scalability
WSO2 API Microgateway for Easier Development and Greater Scalability
Kasten securing access to your kubernetes applications
Kasten securing access to your kubernetes applications
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
Liferay Module Framework
Liferay Module Framework
Implementing PII Encryption with PDX Serialization
Implementing PII Encryption with PDX Serialization
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi
Liferay on docker
Liferay on docker
Moved to https://slidr.io/azzazzel/leveraging-osgi-to-create-extensible-plugi...
Moved to https://slidr.io/azzazzel/leveraging-osgi-to-create-extensible-plugi...
OpenId Connect Protocol
OpenId Connect Protocol
Similaire à DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
KubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdf
Hitachi, Ltd. OSS Solution Center.
WebAuthn & FIDO2
WebAuthn & FIDO2
Leonard Moustacchis
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
FIDO Alliance
Securing a Web App with Security Keys
Securing a Web App with Security Keys
FIDO Alliance
Guide of authentication and authorization for cloud native applications with ...
Guide of authentication and authorization for cloud native applications with ...
Hitachi, Ltd. OSS Solution Center.
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
APIsecure_ Official
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
Hitachi, Ltd. OSS Solution Center.
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
Christian Glahn
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST Services
Intuit Developer
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
FIDO Alliance
Microservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity Server
Anupam Gogoi
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
Amazon Web Services
OpenStack Architecture
OpenStack Architecture
Mirantis
OpenStack Architecture
OpenStack Architecture
Mirantis
Digital Locker Requester Api Specification v1 0
Digital Locker Requester Api Specification v1 0
DigiLocker
Digital Locker Requester API Specification v1 0
Digital Locker Requester API Specification v1 0
Amit Ranjan
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
MOnCloud
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE
OAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
Calvin Noronha
Similaire à DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
(20)
KubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdf
WebAuthn & FIDO2
WebAuthn & FIDO2
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Security Keys
Securing a Web App with Security Keys
Guide of authentication and authorization for cloud native applications with ...
Guide of authentication and authorization for cloud native applications with ...
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST Services
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Microservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity Server
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
OpenStack Architecture
OpenStack Architecture
OpenStack Architecture
OpenStack Architecture
Digital Locker Requester Api Specification v1 0
Digital Locker Requester Api Specification v1 0
Digital Locker Requester API Specification v1 0
Digital Locker Requester API Specification v1 0
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
OAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
Plus de Hitachi, Ltd. OSS Solution Center.
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
Hitachi, Ltd. OSS Solution Center.
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
Hitachi, Ltd. OSS Solution Center.
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
Hitachi, Ltd. OSS Solution Center.
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Hitachi, Ltd. OSS Solution Center.
Challenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with Keycloak
Hitachi, Ltd. OSS Solution Center.
NGINXでの認可について考える
NGINXでの認可について考える
Hitachi, Ltd. OSS Solution Center.
Security Considerations for API Gateway Aggregation
Security Considerations for API Gateway Aggregation
Hitachi, Ltd. OSS Solution Center.
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
Hitachi, Ltd. OSS Solution Center.
IDガバナンス&管理の基礎
IDガバナンス&管理の基礎
Hitachi, Ltd. OSS Solution Center.
Keycloakのステップアップ認証について
Keycloakのステップアップ認証について
Hitachi, Ltd. OSS Solution Center.
NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話
Hitachi, Ltd. OSS Solution Center.
KeycloakでAPI認可に入門する
KeycloakでAPI認可に入門する
Hitachi, Ltd. OSS Solution Center.
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Hitachi, Ltd. OSS Solution Center.
Node-RED Installer, Standalone Installer using Electron
Node-RED Installer, Standalone Installer using Electron
Hitachi, Ltd. OSS Solution Center.
Hacktoberfest 概要、Node-REDプロジェクト貢献手順
Hacktoberfest 概要、Node-REDプロジェクト貢献手順
Hitachi, Ltd. OSS Solution Center.
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
Hitachi, Ltd. OSS Solution Center.
Node-RED v2.0新機能紹介
Node-RED v2.0新機能紹介
Hitachi, Ltd. OSS Solution Center.
Node-REDからREST APIに接続
Node-REDからREST APIに接続
Hitachi, Ltd. OSS Solution Center.
Node-RED v1.3新機能紹介
Node-RED v1.3新機能紹介
Hitachi, Ltd. OSS Solution Center.
社会のコードを、書き換えよう~エンジニア起点のNew Normalな働き方~
社会のコードを、書き換えよう~エンジニア起点のNew Normalな働き方~
Hitachi, Ltd. OSS Solution Center.
Plus de Hitachi, Ltd. OSS Solution Center.
(20)
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Challenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with Keycloak
NGINXでの認可について考える
NGINXでの認可について考える
Security Considerations for API Gateway Aggregation
Security Considerations for API Gateway Aggregation
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
IDガバナンス&管理の基礎
IDガバナンス&管理の基礎
Keycloakのステップアップ認証について
Keycloakのステップアップ認証について
NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話
KeycloakでAPI認可に入門する
KeycloakでAPI認可に入門する
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Node-RED Installer, Standalone Installer using Electron
Node-RED Installer, Standalone Installer using Electron
Hacktoberfest 概要、Node-REDプロジェクト貢献手順
Hacktoberfest 概要、Node-REDプロジェクト貢献手順
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
Node-RED v2.0新機能紹介
Node-RED v2.0新機能紹介
Node-REDからREST APIに接続
Node-REDからREST APIに接続
Node-RED v1.3新機能紹介
Node-RED v1.3新機能紹介
社会のコードを、書き換えよう~エンジニア起点のNew Normalな働き方~
社会のコードを、書き換えよう~エンジニア起点のNew Normalな働き方~
Dernier
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
kalichargn70th171
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
aagamshah0812
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
ryanfarris8
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
ICS
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
shikhaohhpro
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
AmarnathKambale
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
Wave PLM
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
SolGuruz
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
Fatema Valibhai
Define the academic and professional writing..pdf
Define the academic and professional writing..pdf
PearlKirahMaeRagusta1
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
Willy Marroquin (WillyDevNET)
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
ComplianceQuest1
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
Jhone kinadey
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
OnePlan Solutions
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
Mind IT Systems
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
kalichargn70th171
Dernier
(20)
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
Define the academic and professional writing..pdf
Define the academic and professional writing..pdf
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
1.
© Hitachi, Ltd.
2020. All rights reserved. WebAuthn support for keycloak DevConf.CZ 2020 @ Brno University of Technology, Czech Republic Hitachi, Ltd. OSS Solution Center 26 January 2020 Takashi Norimatsu
2.
1© Hitachi, Ltd.
2020. All rights reserved. Self Introduction Engaging in : ◼ providing support services about OSS. ◼ implementing and contributing promising features to OSS. The current works : contributing WebAuthn support to keycloak. contributing Financial-grade API Security Profile support to keycloak. Takashi Norimatsu (tnorimat in github) : OSS Solution Center, Hitachi, Ltd. @ Yokohama, Japan * Yokohama : The 2nd largest city in Japan by population, about 35km south west from Tokyo. * keycloak : The Identity and Access Management (IAM) OSS. Its community is led by Red Hat.
3.
© Hitachi, Ltd.
2020. All rights reserved. 1. What is WebAuthn? 2. Contribution to Keycloak Contents 2 3. Use Case
4.
3© Hitachi, Ltd.
2020. All rights reserved. 1. What is WebAuthn?
5.
4© Hitachi, Ltd.
2020. All rights reserved. 1-1 Overview: WebAuthn (W3C Web Authentication) [ Motivation : Why we try to support WebAuthn for keycloak ? ] WebAuthn is promising technology. Therefore, it will be nothing special for IAM products to support it in the future. WebAuthn := Asymmetric Cryptography used Web based authentication standard by W3C achieving Password-less and Multi-Factor Authentication, resolving problems arising when using password-based authentication. < WebAuthn Authentication UI (windows) >
6.
5© Hitachi, Ltd.
2020. All rights reserved. User/Browser WebAuthn RP (keycloak) Registration := WebAuthn Relying Party(RP) registers a public key generated by WebAuthn Authenticator and bind it with an authenticated user’s ID. WebAuthn Authenticator Authenticate user locally Generate authenticator attestation response including user’s public key and its related information Sign it by vendor’s private key Verify it by vendor’s public key. WebAuthn RP can confirm : * The response was generated by the legitimate WebAuthn Authenticator, not tampered and forged. * The response itself was not tampered, forged. => RP can trust its contents. Authenticate user user ID user’s private key authentication authenticator attestation response 1-2 WebAuthn - Registration vendor’s private key vendor’s public key user’s public key Generate key pair and bind them with user ID Bind user ID with user’s public key WebAuthn RP binds authenticated user’s ID with public key generated by WebAuthn Authenticator. vendor’s certificate username/ password
7.
6© Hitachi, Ltd.
2020. All rights reserved. User/Browser Authentication := WebAuthn Relying Party(RP) verifies the assertion stating the user was authenticated by WebAuthn Authenticator by registered user’s public key. WebAuthn Authenticator Verify it by user’s public key. Authenticate user by 1st factor (password). user ID user’s public key authentication username/ password Compare user ID by 1st factor authentication with one by 2nd factor authentication. authenticator assertion response 1-3 WebAuthn - Authentication - Multi Factor Authentication Due to WebAuthn Authenticator’s nature, its authentication factor is basically “ownership factor”. user’s private key user ID (handle) authentication fingerprint Authenticate user by 2nd factor (biometrics) locally. Generate authenticator assertion response including user’s public key ID. Sign it by user’s private key. WebAuthn RP (keycloak) WebAuthn RP can confirm : * The response itself was not tampered, forged. => RP can trust its contents. * The user bound with the public key was authenticated by multifactor authentication. 1st authentication factor : knowledge factor by WebAuthn RP 2nd authentication factor : ownership factor / inherence factor by WebAuthn Authenticator
8.
7© Hitachi, Ltd.
2020. All rights reserved. User/Browser WebAuthn Authenticator Look up user ID user ID username authenticator assertion response 1-4 WebAuthn - Authentication - Password-less Authentication := WebAuthn Relying Party(RP) verifies the assertion stating the user was authenticated by WebAuthn Authenticator by registered user’s public key. Due to WebAuthn Authenticator’s nature, its authentication factor is basically “ownership factor”. Compare user ID looked up with one authenticated by WebAuthn Authenticator. Verify it by user’s public key. user’s public key user’s private key user ID (handle) authentication fingerprint Authenticate user by 1st factor (biometrics) locally. Generate authenticator assertion response including user’s public key ID. Sign it by user’s private key. WebAuthn RP (keycloak) WebAuthn RP can confirm : * The response itself was not tampered, forged. => RP can trust its contents. * The user bound with the public key was authenticated by password-less authentication. 1st authentication factor : ownership factor / inherence factor by WebAuthn Authenticator
9.
8© Hitachi, Ltd.
2020. All rights reserved. User/Browser WebAuthn Authenticator Verify it by user’s public key. authenticator assertion response 1-5 WebAuthn - Authentication - ID & Password-less Authentication := WebAuthn Relying Party(RP) verifies the assertion stating the user was authenticated by WebAuthn Authenticator by registered user’s public key. Due to WebAuthn Authenticator’s nature, its authentication factor is basically “ownership factor”. user’s public key Look up user’s public keyuser’s private key user ID (handle) authentication fingerprint Authenticate user by 1st factor (biometrics) locally. Generate authenticator assertion response including user’s public key ID. Sign it by user’s private key. WebAuthn RP (keycloak) WebAuthn RP can confirm : * The response itself was not tampered, forged. => RP can trust its contents. * The user bound with the public key was authenticated by ID & password-less authentication. 1st authentication factor : ownership factor / inherence factor by WebAuthn Authenticator
10.
9© Hitachi, Ltd.
2020. All rights reserved. 2. Contribution to keycloak
11.
10© Hitachi, Ltd.
2020. All rights reserved. 2-1 Contribution Plan / Merged Pull-Requests Develop ✓ Build a prototype for feasibility study ✓ Write and submit design documents to community to be reviewed and approved ✓ Implement WebAuthn RP’s features to keycloak based on the approved design Merged ✓ Issue pull requests to keycloak to be reviewed and approved ✓ Make them merged onto keycloak Certified Pass conformance Self-Validation Testing against keycloak Get certificate confirming that keycloak complies with FIDO2 2.0 Specification for Servers (managed and presented by FIDO Alliance) # JIRA Ticket Description Pull Request Included Version 1 KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - WIP 1st impl phase 6248 8.0.0 2 KEYCLOAK-11743 Update to webauthn4j 0.9.14.RELEASE and add apache-kerby-asn1:2.0.0 dependency 6401 8.0.0 3 KEYCLOAK-11372 Support for attestation statement verification 6449 8.0.0 Merged Pull-Requests
12.
11© Hitachi, Ltd.
2020. All rights reserved. 2-2 Design [ Design Document ] https://github.com/keycloak/keycloak-community/blob/master/design/web-authn- authenticator.md Major topics (two picked up here): Verifying Attestation Statement and Authentication Assertion • On registration, an attestation certificate should be verified. Need to manage trust anchor certificate sources. • On registration and authentication, keycloak need to verify information returned from Web Authentication API (e.g. navigator.credentials.create(), .get()) Need to choose an appropriate library to treat them. We adopted “webauthn4j” (https://github.com/webauthn4j/webauthn4j) as a core library where all mandatory test cases and optional Android Key attestation test cases of FIDO2 Test Tools provided by FIDO Alliance has been passed.
13.
12© Hitachi, Ltd.
2020. All rights reserved. 2-3 Current Status Basic WebAuthn support has been merged and released on keycloak-8.0.0. Registration • Settings (navigator.credentials.create(), .get() options) https://www.keycloak.org/docs/8.0/server_admin/index.html#managing-webauthn-as-an-administrator • Attestation Statement Verification https://www.keycloak.org/docs/8.0/server_admin/index.html#attestation-statement-verification Authentication • 2FA https://www.keycloak.org/docs/8.0/server_admin/index.html#setup • Password-less https://www.keycloak.org/docs/8.0/server_admin/index.html#creating-a-password-less-browser-login- flow Notes: Whether WebAuthn’s operations succeed depends on a user’s WebAuthn supporting authenticator, browser and platform.
14.
13© Hitachi, Ltd.
2020. All rights reserved. 2-4 In the Future Account Recovery If my smart device (WebAuthn Authenticator) has been lost … https://fidoalliance.org/recommended-account-recovery-practices/ Registration Acceptance Control based on various kind of criteria The admin wants to accept only the WebAuthn Authenticator that has the capability of authentication by fingerprint. The admin wants to accept only the WebAuthn Authenticator to which no vulnerability is reported. ⇒ Metadata Statement from FIDO Alliance Metadata Services(MDS) https://fidoalliance.org/metadata/ Authentication Acceptance Control based on various kind of criteria The admin wants to accept only the result of the authentication by biometrics factor. ⇒ WebAuthn Extension: User Verification Method Extension (uvm) https://www.w3.org/TR/webauthn/#sctn-uvm-extension
15.
14© Hitachi, Ltd.
2020. All rights reserved. 3. Use Case
16.
15© Hitachi, Ltd.
2020. All rights reserved. 3-1 Financial-grade API (FAPI) Security Profile [ What’s FAPI ? ] OAuth 2.0’s security profile of APIs intended for financial institutes [ Motivation : Why we try it? ] We would like to apply keycloak in financial sector requiring high security level for APIs. (*) Based on survey of Japanese Bankers Association as of Dec 2017 Quoted from Report about open API by the Japanese Bankers Association https://www.zenginkyo.or.jp/fileadmin/res/news/news290713_3.pdf In Japan… ◆ The revised banking act was published in Jun 2017 to promote API. Similar to PSD2 in EU. ◆ 83% of banks (114 banks) answered they will open API by Jun 2020(*). ◆ OAuth 2.0 is recognized as a key technology to secure API. FAPI is also being required. In UK… ◆ UK OpenBanking security profile is based on FAPI. (https://bitbucket.org/openid/obuk/src/master/uk-openbanking-security-profile.md)
17.
16© Hitachi, Ltd.
2020. All rights reserved. 3-2 FAPI Flow for the first API Access 1. Authz Code Request User/Browser Client App Authz Server API Server 2. User Authentication (User Consent) 3. Authz Code Response 5. API Access 4. Token Request (Client Authentication) redirect redirect [Phase] FAPI Flow for the first API Access : based on and complies with OAuth 2.0 Authorization Code Grant and OIDC Hybrid Flow. Phase 3 and 5 are required in this flow, but out of scope of OAuth 2.0 Authorization Code Grant and OIDC Hybrid Flow. Instead of that, FAPI describes its own security requirements in phase 3 and 5. Authz Code Request / Response : Client App receives the authz code indicating that a user was authenticated and authorized the API access to Client App in the range of determined scope. Token Request / Response : In return to the authz code, Client App receives an access token which has the right to access the API in the range of determined scope. authz code access token authz code access token
18.
17© Hitachi, Ltd.
2020. All rights reserved. 3-3 FAPI : Highly Credible User Authentication User/Browser Client App Authz Server API Server redirect redirect * Request not tampered. * Request generated by legitimate Client App. * User authenticated by highly credible way. * Response not tampered. * Response generated by legitimate Authz Server. * Token received by legitimate Client App. * Token exercised by legitimate Client App. [What FAPI checks in each phase] 2. User Authentication (User Consent) 3. Authz Code Response 5. API Access 4. Token Request (Client Authentication) [Phase] 1. Authz Code Request * Client App authenticated by highly credible way.
19.
18© Hitachi, Ltd.
2020. All rights reserved. 3-4 FAPI : Highly Credible User Authentication MFA by WebAuthn User/Browser Authz Server (keycloak) USE CASE : Using keycloak as Authz Server for securing APIs providing financial services to customers. It needs to satisfy high security level. WebAuthn Authenticator Authenticate user by 2nd factor (biometrics) locally. Generate authenticator assertion response including user’s public key ID. Sign it by user’s private key. keycloak can confirm : User was authenticated by multifactor authentication. [Phase] 2. User Authentication (User Consent) Authenticate user by 1st factor (password). user ID authentication/consent Need to register user’s public key in keycloak in advance by WebAuthn’s manner (Registration). FAPI does not require WebAuthn itself. FAPI requires Level of Assurance (LoA) 3 defined in ITU-T X.1254 (to say shortly, MFA). WebAuthn is a promising candidate satisfying it. authenticator assertion response user’s private key user ID (handle) Verify it by user’s public key. user’s public key Compare user ID by 1st factor authentication with one by 2nd factor authentication. username/ password authentication fingerprint Due to WebAuthn Authenticator’s nature, its authentication factor is basically “ownership factor”.
20.
19© Hitachi, Ltd.
2020. All rights reserved. Concluding Remarks ✓ WebAuthn is a promising technology for Password-less and Multi- Factor Authentication. ✓ Basic WebAuthn support for keycloak has been contributed. But there are still a lot we do in the future. ✓ Possible use case of WebAuthn is securing API providing financial services by FAPI security profile.
21.
© Hitachi, Ltd.
2020. All rights reserved. Takashi Norimatsu 26 January 2020 Hitachi, Ltd. OSS Solution Center END DevConf.CZ 2020 @ Brno University of Technology, Czech Republic WebAuthn support for keycloak 20
22.
21© Hitachi, Ltd.
2020. All rights reserved. Trademarks • FIDO is a trademark or registered trademark of FIDO Alliance, Inc. in the United States and other countries. • GitHub is a trademark or registered trademark of GitHub, Inc. in the United States and other countries. • Red Hat is a trademark or registered trademark of Red Hat, Inc. in the United States and other countries. • Other brand names and product names used in this material are trademarks, registered trademarks, or trade names of their respective holders.
Télécharger maintenant