DCC17 - Identity Server 4

•Als PPTX, PDF herunterladen•

0 gefällt mir•1,496 views

This document discusses Identity Server and authentication. It introduces Chris Holwerda and his background. It then covers topics like today's authentication landscape, security token services, identity servers, claims, tokens, and building an identity server demo using ASP.NET MVC, ASP.NET Web API, and external providers like Facebook and Google. Potential gotchas with claim and token sizes are also mentioned.

Technologie

About me
Chris Holwerda
Architect and Developer for 20 years.
Currently a consultant for Neudesic.
@cholwerda
www.chrisholwerda.com
therealchrisholwerda@gmail.com

Today’s Landscape
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
https://identityserver4.readthedocs.io/en/release/intro/big_picture.html

Security Token Service
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
https://identityserver4.readthedocs.io/en/release/intro/big_picture.html

Identity Server
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
https://identityserver4.readthedocs.io/en/release/intro/terminology.html

Claims
Identity information about a user
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
Examples
sub 12345
name John Doe
given_name John
family_name Doe
website www.johndoe.com
email john@johndoe.com
phone_number 620-867-5309

Tokens
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
Identity Token
Identifying information for a user
and authentication info.
Access Token
Allows access to an API resource.
Contains info about the client
and the user
Refresh Token
Allows requesting new access
tokens without user interaction.
One time password.
https://jwt.io
/

What are we going to build
today?
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA
ASP.NET MVC
App
ASP.NET MVC
Web Api

Demo – Local Store
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA

Demo – Facebook
https://developers.facebook.com
Add App
Update Settings
◦ Update Website to allow authentication from (IdentityServer URL)
Use AppID / App Secret
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA

Demo - Google
https://console.developers.google.com
Create Project
Enable Google+ API
Create OAuth Consent
Create Credentials
Use Client Id /Secret
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA

Gotchas
You will need to do some legwork, it is not a boxed product
Be aware of Claim and Token Size as they will have an impact on
performance
Be aware of Refresh Tokens and any expiry implementation
Use .NET Core 1.1 for Identity Server
◦ As of 10/5 , .NET CORE 2.0 Implementation is now available !!
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA

Questions
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA

Resources
http://identityserver.io/
https://github.com/IdentityServer/IdentityServer4
https://github.com/IdentityServer/IdentityServer4.Samples
https://github.com/IdentityServer/IdentityServer4.Quickstart.UI
http://openid.net/connect/
https://oauth.net/2/
https://developers.facebook.com
https://console.developers.google.com
@CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to OpenID Connect

Nat Sakimura

IBM API Connect Deployment `Good Practices - IBM Think 2018

Chris Phillips

Single Sign On Considerations

Venkat Gattamaneni

OpenID Connect: An Overview

Pat Patterson

Building secure applications with keycloak

Abhishek Koserwal

What is an API Gateway?

LunchBadger

Introduction to Google APIs

Siva Arunachalam

With the growing interest in the API economy, IBM Integration Bus (IIB) has provided many recent enhancements in the area of REST APIs and JSON support. This session will discuss how to create an IIB REST API, either from scratch or starting from a Swagger (OpenAPI specification) document. We will also cover the new JSON Schema support for the Graphical Data Mapper, and the new REST Request node for calling REST APIs from IIB, which can be easily configured by drag-and-drop. Easy integration of IIB Rest APIs with an API Connect catalog is also possible, from both the IIB Toolkit and the IIB Web UI. We will talk through these new capabilities and how they relate to IBM's Application Integration Suite (AIS) solution.

IBM Integration Bus and REST APIs - Sanjay Nagchowdhury

Karen Broughton-Mabbitt

RESTful API - Best Practices

Tricode (part of Dept)

SIngle Sign On with Keycloak

Julien Pivotto

WSO2 Identity Server - Getting Started

Ismaeel Enjreny

OpenID Connect Federation

Andreas Åkre Solberg

Session 3 - i4Trust components for Identity Management and Access Control i4T...

FIWARE

An Introduction to OAuth2

Aaron Parecki

パスワード氾濫時代のID管理とは？～最新のOpenIDが目指すユーザー認証の効率的な強化～

Tatsuo Kudo

Prepared for Google Cloud INSIDE FinTech https://inthecloud.withgoogle.com/fintech-jp-02-19/register.html Authlete は、OAuth 2.0 / OpenID Connect サーバーを「正しく」実装するための API サービスです。金融 API の標準と目される Financial-grade API (FAPI) と、Google Apigee と Authlete の連携による FAPI 対応、そして SaaS 事業者としての弊社の Google Cloud 活用についてご紹介します。

Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside

Tatsuo Kudo

Although security and identity management is a crucial aspect for any application, its implementation can be difficult. Worse, it’s often neglected, poorly implemented, and intrusive in the code. Recently, identity management servers have appeared that allow one to outsource and delegate all aspects of authentication and authorization, such as https://auth0.com/. Of these servers, one of the most promising is Keycloak—open source, flexible, agnostic of any technology and is easily deployable and adaptable in its own infrastructure.

Secure Spring Boot Microservices with Keycloak

Red Hat Developers

Foreman Single Sign-On Made Easy with Keycloak

Nikhil Kathole

OpenID Connect入門

土岐孝平

Ldap introduction (eng)

Anatoliy Okhotnikov

Was ist angesagt? (20)

Introduction to OpenID Connect

IBM API Connect Deployment `Good Practices - IBM Think 2018

Single Sign On Considerations

OpenID Connect: An Overview

Building secure applications with keycloak

What is an API Gateway?

Introduction to Google APIs

IBM Integration Bus and REST APIs - Sanjay Nagchowdhury

RESTful API - Best Practices

SIngle Sign On with Keycloak

WSO2 Identity Server - Getting Started

OpenID Connect Federation

Session 3 - i4Trust components for Identity Management and Access Control i4T...

An Introduction to OAuth2

パスワード氾濫時代のID管理とは？～最新のOpenIDが目指すユーザー認証の効率的な強化～

Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside

Secure Spring Boot Microservices with Keycloak

Foreman Single Sign-On Made Easy with Keycloak

OpenID Connect入門

Ldap introduction (eng)

Kürzlich hochgeladen

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Top 10 Most Downloaded Games on Play Store in 2024

SynarionITSolutions

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Kürzlich hochgeladen (20)

HTML Injection Attacks: Impact and Mitigation Strategies

Data Cloud, More than a CDP by Matt Robison

MINDCTI Revenue Release Quarter One 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Powerful Google developer tools for immediate impact! (2023-24 C)

Why Teams call analytics are critical to your entire business

Boost Fertility New Invention Ups Success Rates.pdf

Top 10 Most Downloaded Games on Play Store in 2024

presentation ICT roal in 21st century education

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Artificial Intelligence Chap.5 : Uncertainty

A Year of the Servo Reboot: Where Are We Now?

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Axa Assurance Maroc - Insurer Innovation Award 2024

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

GenAI Risks & Security Meetup 01052024.pdf

DCC17 - Identity Server 4

1. Identity Server ARE YOU AUTHENTICATED?

2. About me Chris Holwerda Architect and Developer for 20 years. Currently a consultant for Neudesic. @cholwerda www.chrisholwerda.com therealchrisholwerda@gmail.com

3. Today’s Landscape @CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA https://identityserver4.readthedocs.io/en/release/intro/big_picture.html

4. Security Token Service @CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA https://identityserver4.readthedocs.io/en/release/intro/big_picture.html

5. Identity Server @CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA https://identityserver4.readthedocs.io/en/release/intro/terminology.html

6. Claims Identity information about a user @CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA Examples sub 12345 name John Doe given_name John family_name Doe website www.johndoe.com email john@johndoe.com phone_number 620-867-5309

7. Tokens @CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA Identity Token Identifying information for a user and authentication info. Access Token Allows access to an API resource. Contains info about the client and the user Refresh Token Allows requesting new access tokens without user interaction. One time password. https://jwt.io /

8. What are we going to build today? @CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA ASP.NET MVC App ASP.NET MVC Web Api

9. Demo – Local Store @CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA

10. Demo – Facebook https://developers.facebook.com Add App Update Settings ◦ Update Website to allow authentication from (IdentityServer URL) Use AppID / App Secret @CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA

11. Demo - Google https://console.developers.google.com Create Project Enable Google+ API Create OAuth Consent Create Credentials Use Client Id /Secret @CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA

12. Gotchas You will need to do some legwork, it is not a boxed product Be aware of Claim and Token Size as they will have an impact on performance Be aware of Refresh Tokens and any expiry implementation Use .NET Core 1.1 for Identity Server ◦ As of 10/5 , .NET CORE 2.0 Implementation is now available !! @CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA

13. Questions @CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA

14. Resources http://identityserver.io/ https://github.com/IdentityServer/IdentityServer4 https://github.com/IdentityServer/IdentityServer4.Samples https://github.com/IdentityServer/IdentityServer4.Quickstart.UI http://openid.net/connect/ https://oauth.net/2/ https://developers.facebook.com https://console.developers.google.com @CHOLWERDA | CHRISHOLWERDA.COM | GITHUB.COM/HOLWERDA

Hinweis der Redaktion

Describe briefly what OpenID and OAuth2 are…
eyJhbGciOiJSUzI1NiIsImtpZCI6IjdFODlFNkZCMjlBOUM0MUZEODJGQkI3MTUxMzVDMTk3QjAyOTlEMDgiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJmb25tLXltcHhCX1lMN3R4VVRYQmw3QXBuUWcifQ.eyJuYmYiOjE1MDc2NTc5MTgsImV4cCI6MTUwNzY1ODIxOCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjoibXZjIiwibm9uY2UiOiI2MzY0MzI1NDY3MzAwNDEwMDkuWkRsaU5tVXdPVGt0WVRnNU9TMDBOMlkwTFdGbE1UUXRNRFkzTldZNU5UUTBaRGRqWm1VeFpEVXpPR1l0T1dKalpTMDBNakl3TFRnMVpqTXRZek16WXpZM05tTXpPRFV6IiwiaWF0IjoxNTA3NjU3OTE4LCJhdF9oYXNoIjoiOXpnWGFtbDdRQmpYYUR0clpxUW05ZyIsInNpZCI6ImJmODMwN2Y2NGZjYjFiNzU0NWZlMWFkNzE1MzY5ODM4Iiwic3ViIjoiMTIzNDUiLCJhdXRoX3RpbWUiOjE1MDc2NTc5MDQsImlkcCI6ImxvY2FsIiwiYW1yIjpbInB3ZCJdfQ.joioMlisnIXSXXwXu8_kXGOFfIFVP9I71mpjc1Mddu7wUaR_YZ-jNzxtx-apebQRrcIcAWHm4AIKV1DmYW0nQUse_cUr8LSGTH7yelZ_Cr-xiisR4Q3g05mHtaXMnO3Ec9RP4D13SI-DEwDJuJ61pCUPgZX-8jKX4GS2KQg8q-tENG04FfxTTp-wC4pKhMJUjJYfEropgcpF10Wm7ywDpbcZg9N_AG9Njuje1O6c9b0Ru0zfeCurA9zkI-jt7q4sOee7GGcGQK-RPH2jf3DmexBww8LJwM6z8mbI-zY3x3Fr2yKRIZ12J6HqOff0SSsbIymxcHA_jDwR98MV9bG4fA

DCC17 - Identity Server 4

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

DCC17 - Identity Server 4

Hinweis der Redaktion