Presentation is loading. Please wait.

Presentation is loading. Please wait.

D Guidance 26-Jun: Would like to see a refresh of this title slide

Published byΣοφός Λύτρας Modified over 4 years ago

Similar presentations

Presentation on theme: "D Guidance 26-Jun: Would like to see a refresh of this title slide"— Presentation transcript:

1 PIEE (Procurement Integrated Enterprise Environment) Generic Single Sign On (SSO)
D Guidance 26-Jun: Would like to see a refresh of this title slide. Should be able to see representation of all services and civilians (i.e. humanitarian effort). Director would like for us to bring him a few recommendations of possible design refreshes.

2 SSO Solution OAuth (Open Authentication)
OAuth is an open standard for authentication. OAuth allows users to hand out tokens instead of credentials to their data hosted by a given service provider. Each token grants access to a specific site (e.g. Wide Area Workflow e-Business Suite) for specific resources (e.g. user’s first name, last name) and for a defined duration (e.g. the next 5 minutes). OpenID Connect OpenID Connect is used in conjunction with OAuth 2.0 to allow registered SSO client applications access to user information from PIEE Applications. OpenID requests must first be authorized by OAuth 2.0. User Info can include: User ID, First Name, Last Name, Enabled Flag, DOD ID, Address, Title, and Organization. For more information about OpenID Connect, please visit For more information about OAuth, please visit

3 SSO Overview Trusted System SSO Client Application in PIEE
Account Registration, Approval, and Single Sign On SSO Client Application in PIEE OAuth to authorize user, then OpenID to retrieve info.

4 SSO Sequence Diagram User’s Browser Trusted System Target PIEE
Application User Accesses the Trusted System Log onto Trusted System Create Session User Clicks on the SSO Client Application Sends request to specified URL provided by client application User Requests access to the SSO Client User’s Browser Receives URL Build OAuth authorization URL to User Send OAuth HTTP(S) redirect URL to user’s browser Format of the URL request: <Trustedsys Sever URL>/portal/oauth2/authorize?response_type=code &client_id=<Provided client ID>&redirect_uri=<Client provided redirect URI> Browser Redirects to provided URL Validate provided Client ID Redirect to Trusted Sys Browse Receive Redirect From Trusted System Redirect to browser Create Authorization Code

5 SSO Sequence Diagram User’s Browser Trusted System
Target PIEE Application Browser redirects back to SSO client Browser redirects to provided redirect URI in step 3 Receive authorization code Format of the URL response: <Client redirect URI>?code=<Trust generated authorization code> Validate POST Request received Send POST Request to Trust Sys Build OAuth authorization request to Trusted System POST Request must include a HTTP Authorization of base 64 encoded client ID and password provided to SSO client application (example: Authorization: Basic ZGFpY2xpZW50OIFhendzeEAx) POST Request URL format: <Trust Server URL>/portal/oauth2/ token?grant_type=authorization_code& code=<Authorization Code Provided>&redirect_uri=<Client redirect URI> Authorization JSON Data Format: { “user_id”:”<userId>”, “expires_in”:”300”, (seconds until access token expires) “refresh_token”:”<refresh token>” “access_token”:”<access token>” (token used to retrieve user information) } Create Authorization token JSON data Send POST Response to client Receive JSON Authorization token data

6 SSO Sequence Diagram User’s Browser Trusted Systems Target PIEE
Application User JSON Data Format can include: {    “userId":“<userId>",    "roles":[       { <role particular information>       }    ],    “dodId":“<EDPI Number>",    "title":“<user’s title>",    "organization":”<user’s organization>”,    "firstName":“<first name>",    "lastName":“<last name>",    "enabled":true,    " ":“< address>",    "phoneNumber":“<phone number>",    "dsnPhoneNumber":”<DSN phone>” } Note: this can change based on the SSO Client’s needs Validate the access token received Send Get Request to Trusted Sys Build request for user data (per OpenID Connect) Get Request URL format: <Trust Server URL>/userdata/ <provided user ID>?oauth_token= <provided access token> Build JSON response of User’s Data Send response to client Receive requested User JSON data

7 SSO More Information For more information on interfacing with PIEE system SSO, you may view the document linked below for sample requests and detailed steps.

8 Questions/Comments???

Download ppt "D Guidance 26-Jun: Would like to see a refresh of this title slide"

Similar presentations

The How of OAuth OAuth Hackathon – Six Apart

The How of OAuth OAuth Hackathon – Six Apart
Dating Portal showcase Copyright © 2007 Credentica Inc. All Rights Reserved. February 15th - 16th, 2007.

Dating Portal showcase Copyright © 2007 Credentica Inc. All Rights Reserved. February 15th - 16th, 2007.
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
OAuth 2.0 By “PJ” (JP on meetup.com) iOS and PHP developer, and occasional lawyer Contact me via:

OAuth 2.0 By “PJ” (JP on meetup.com) iOS and PHP developer, and occasional lawyer Contact me via:
How-to Use iLab Solutions software within Auckland Science Analytical Services in the Faculty of Science, the University of Auckland Auckland Science Analytical.

How-to Use iLab Solutions software within Auckland Science Analytical Services in the Faculty of Science, the University of Auckland Auckland Science Analytical.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.

Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.
The Graduate School URI Graduate School Application Decision Process EMT ApplyYourself WebCenter.

The Graduate School URI Graduate School Application Decision Process EMT ApplyYourself WebCenter.
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
OAuth 2.0 in Depth By Rohit Ghatol SynerzipSynerzip Passionate about TechNextTechNext.

OAuth 2.0 in Depth By Rohit Ghatol SynerzipSynerzip Passionate about TechNextTechNext.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.

Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
 In Karnataka, Digital Signatures are being extensively used in various projects right from delivery of citizen centric services through various projects.

 In Karnataka, Digital Signatures are being extensively used in various projects right from delivery of citizen centric services through various projects.
Openid Connect https://store.theartofservice.com/the-openid-connect-toolkit.html.

Openid Connect
Module 11: Securing a Microsoft ASP.NET Web Application.

Module 11: Securing a Microsoft ASP.NET Web Application.
Scarlett Gibb NIH Office of Extramural Research Office of Electronic Research and Reports Management Interim Chief, eRA User Support, Training & Documentation.

Scarlett Gibb NIH Office of Extramural Research Office of Electronic Research and Reports Management Interim Chief, eRA User Support, Training & Documentation.
Integrating and Troubleshooting Citrix Access Gateway.

Integrating and Troubleshooting Citrix Access Gateway.

Similar presentations

Ads by Google