Presentation on theme: "FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem."— Presentation transcript:
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem
FIspace Project FIspace Security Components
Technology behind FIspace Authentication and Authorization IDM service of FIspace provides SSO solution for web apps, mobile and RESTful web services. It is an authentication server where users can centrally login, logout, register, and manage their user accounts. Security components provides federative IDM solution using separate domains. Each domain secures and manages security metadata for a set of users, applications, and registered oauth clients. Access tokens are used to secure web invocations. Access tokens contains security metadata specifying the identity of the user as well as the role mappings for that user.
Features provided by FIspace SSO and Single Log Out for browser applications Social Login using Google User Registration Forgot password support. User can have an email sent to them User session management. Admin can view user sessions and what applications/clients have an access token. Sessions can be invalidated per realm or per user. Integrated Browser App to REST Service token propagation OAuth Bearer token auth for REST Services OAuth 2.0 Grant requests SAML Support. Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
What happens? User Resource Owner Authentication Server Resource Server Authentication Request Authentication Grant Access Token Protected Resource
What do you need to Configure your App? Basic understanding of oauth2 Registered user with an “app developer” role Registered application on FIspace Proper configuration file –unique to your application-
Step by Step Create a new user Request an “app developer” role using email address email@example.com@fispace.eu Register your application using Developers Zone on FIspace frontend. Retrieve configuration file unique to your application
Step by Step Click “Login” and start with the authentication steps.
FIspace Frontend & Security By default, when a user is new in FIspace he/she will have “User” role. “Users” do not have access to the front-end option to manage security registration. To change his/her role is necessary to contact with FIspace Administrator
FIspace Frontend & Security If “App Developer” role is assigned to a user, a new option is shown. Clicking on this icon, users are going to access to forms related to the OAuth clients management
FIspace Frontend & Security User is only allowed to edit/delete and get Installation JSON from OAuth clients created by him/herself. OAuth clients created by others users are not visible in the application.