Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

Published byHugo Gordon Modified over 8 years ago

Similar presentations

Presentation on theme: "FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile."— Presentation transcript:

1 FIspace SPT Seyhun Futaci

2 Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile and RESTful web services. It is an authentication server where users can centrally login, logout, register, and manage their user accounts. Security components provide federative IDM solution using separate domains. Each domain secures and manages security metadata for a set of users, applications, and registered oauth clients. Access tokens are used to secure web invocations. Access tokens contains security metadata specifying the identity of the user as well as the role mappings for that user.

3 Features provided by FIspace SSO and Single Log Out for browser applications Social Login using Google User Registration Forgot password support. User can have an email sent to them User session management. Admin can view user sessions and what applications/clients have an access token. Sessions can be invalidated per realm or per user. Integrated Browser App to REST Service token propagation OAuth Bearer token auth for REST Services OAuth 2.0 Grant requests SAML Support. Completely centrally managed user and role mapping metadata. Minimal configuration at the application side

4 What happens? Client Resource Owner Authentication Server Resource Server Authentication Request Authentication Grant Access Token Protected Resource

5 What do you need to Configure you App? Basic understanding of oauth Registered user with an “app developer” role Registered application on Keycloak Proper keycloak.json file –unique to your application-

6 Sample keycloak.json { "realm": "fispace", "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL 1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JB hjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79 NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", "auth-server-url": "https://37.131.251.129:8443/auth",https://37.131.251.129:8443/auth", "ssl-required": "none", "resource": "fispace-frontend", "credentials": { "secret": "028d7825-2bb8-480d-ac0c-6c41e1aab6de” }

7 Step by Step Create a new user Request an “app developer” role using email address fispace-user-mgmt@fispace.eufispace-user-mgmt@fispace.eu Register your application using Developer zone on FIspace frontend. Retrieve keycloak.json file unique to your application

8 Step by Step Click “Login” and start with the authentication steps.

9 How to login FIspace platform using EE? On IDM server either login with an already registered user or create a new one.

10 Accessing Developers Zone Once your request is granted by the FIspace administration for accessing the Developers zone you will see the “Developers Zone” link on Frontend.

11 Register your Application Simply enter the requested information and register your application.

12 Get keycloak.json file Get the keycloak.json file for your registered application

13 Adapters Keycloak can secure a wide variety of Java applications. However you need to use Keycloak adapters to secure your applications. Adapters can be downloaded at Keycloak official website. Adapters are unique to web server as well as the version of Keycloak. – Experimentation Environment currently uses Keycloak 1.0.4. – In Preliminary Integration Environment FIspace team is testing 1.1.0 Keycloak adapter needs to be defined as dependency for your application. For any programming language, an outh2 library would be sufficient to create authentication for your application.

14 How to Integrate Widgets? Pre-requisites… The Keycloak Server comes with a Javascript adapter which is a library you can use to secure pure HTML/Javascript applications. http:// /auth/js/keycloak.js What do you need? Basic understanding of Javascript and HTML Keycloak.json file created using FIspace frontend. Config.xml file created using FIspace Studio. JQuery JS Library

15 How to Integrate Widgets? After generating config.xml using FIspace Studio, create an HTML file like below to see if the user is authenticated.

16 Properties Object authenticated - true if the user is authenticated token - the base64 encoded token that can be sent in the Authorization header in requests to services tokenParsed - the parsed token subject - the user id Parsed Token name nickname preferred_username Profile More information can be found at https://bitbucket.org/fispace/core/wiki/Home https://bitbucket.org/fispace/core/wiki/Home

17 Thank you Contributors: Serdar Arslan Engin Dagdeviren

Download ppt "FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile."

Similar presentations

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Oracle IDM at First National Bank

Oracle IDM at First National Bank
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Wisconsin Department of Public Instruction

Wisconsin Department of Public Instruction
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
NetFutures- FIspace Tools offered to support development in Fispace NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar.

NetFutures- FIspace Tools offered to support development in Fispace NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar.
Will Darby 91.514 5 April 2010.  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Cloud Hosting and Experimentation Environment Cloud Hosting and Experimentation Environment NetFutures 2015 FIspace project Javier Romero Negrín Javier.

Cloud Hosting and Experimentation Environment Cloud Hosting and Experimentation Environment NetFutures 2015 FIspace project Javier Romero Negrín Javier.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
FIspace Project App Development Overview July 24th, 2014 Javier Romero Task 450 - Generic and Domain- specific Application Development leader Atos.

FIspace Project App Development Overview July 24th, 2014 Javier Romero Task Generic and Domain- specific Application Development leader Atos.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The powerful capabilities of JBoss Middleware as cloud based services on OpenShift. Build applications. Integrate with other systems Orchestrate using.

The powerful capabilities of JBoss Middleware as cloud based services on OpenShift. Build applications. Integrate with other systems Orchestrate using.
Confidential - © 2012 StreamWIDE © StreamWIDE 2014 1.

Confidential - © 2012 StreamWIDE © StreamWIDE
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation www.telerik.com.

Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
Framework Universal & Infinite Software Solution.

Framework Universal & Infinite Software Solution.

Similar presentations

Ads by Google