SlideShare ist ein Scribd-Unternehmen logo

Id fiware upm-dit

Als PPTX, PDF herunterladen
Joaquín Salvachúa
Joaquín Salvachúa

Introduction to Fiware Idm and the Oauth 2 usage

Technologie
1 von 24
Securing Access with Oauth2 in KeyRock Javier Cerviño Álvaro Alonso Joaquin Salvachua (DIT-UPM)
How to authenticate users in your apps using FI-WARE Account In this course you will learn to: Use FI-WARE Account to create users, organizations and register your Applications. Authenticate users in your apps with their credentials on FI-WARE using OAuth 2.0. They’ll securely access resources thanks to authorization in FI-WARE Account. 1
Content 1. Introduction. Introduction to FI-WARE Account and OAuth 2.0. We’ll see key concepts and topics. 2. First steps in FI-WARE Account. Register on FI-WARE Account, create organizations and manage roles of users in your organizations. 3. Secure your web applications using OAuth 2.0. Secure your own web applications to authenticate your users with their username and password in FI-WARE Account. 4. Authenticate your users from native applications using OAuth 2.0. Adapt your native applications to authenticate your users with their username and password in FI-WARE Account. 5. Developing secured APIs using OAuth 2.0. Deploy a FI-WARE PEP Security Proxy in front of your backend to secure requests to your APIs. 6. Authorizing access to protected resources. Create roles in your applications to allow or deny access of users to protected resources. 2
Identity Management 3
Identity Management in FI-WARE 4
Identity Management in FI-WARE  Management of users, their authentication and authorization, and privileges within organizations.  Resources used: • Users • Organizations • Roles • Applications  Users register themselves, create organizations, and assign roles into these organizations.  It enables applications to access user’s protected information. • Trusted environment • OAuth 2.0 standard  http://oauth.net/2/ • PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. 5
OAuth 2.0 (RFC 6749) 6
OAuth 2.0 7
OAuth 2.0  Mechanism to provide applications access to restricted resources without sharing credentials.  Applications use access tokens, issued by OAuth providers (e.g. FI-WARE), to access resources.  OAuth 2.0 specification is designed for use with HTTP.  Roles: • Resource Owner: Entity capable of granting access to a protected resource (e.g. end-user) • Resource Server: Server hosting protected resources. • Client: Application making protected resource requests on behalf of the resource owner. • Authorization Server: The server issuing access tokens to the client. 8
OAuth Message Flow 9 Web App Account redirect request access-token access-token access-code OAuthLibrary Request user info using access-token
Web Applications and GEs 10 Generic Enabler Account Request+ access-token redirect access-code request access-token access-token access-token + path OK + user info Web App OAuthLibrary
Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
AA for free! 12 Back-end Apps Account Request+ access-token Web App OauthLibrary Proxy redirect access-code request access-token access-token access-token + path OK + user info
OAuth 2.0 Architecture 13
OAuth 2.0 Architecture Authorization Code Grant 14 OAuth provider account.lab.fi-ware.org OAuth consumer myservice.com 6. Response code + myservice.com credentials 7. Ok, this is the Access Token 8. Access user’s resources with Access Token
OAuth 2.0 Architecture Implicit Grant 15 OAuth provider account.lab.fi-ware.org OAuth consumer myservice.com 6. Access user’s resources with Access Token
OAuth 2.0 Arch. Resource Owner Password Credentials Grant 16 OAuth provider account.lab.fi-ware.org OAuth consumer myservice.com 2. Give access with myservice.com credentials and user’s password credentials 3. OK, this is the access token 4. Access user’s resources with Access Token
OAuth 2.0 Architecture Client Credentials Grant 17 OAuth provider account.lab.fi-ware.org OAuth consumer myservice.com 1. Client authentication with myservice.com credentials 2. OK, this is the access token 3. Access myservice.com resources with Access Token
Using the Access Token 18
Using the Access Token FI-WARE Resource Providers 19 OAuth provider account.lab.fi-ware.org OAuth consumer myservice.com Access protected user info with Access Token Generic Enablers *.fi-ware.org GET https://ge_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token GET /user?access_token=access_token
Using the Access Token Third-Party Resource Providers 20 PEP ProxyOAuth consumer myservice.com Access protected user info with Access Token Unsecured Resource Provider GET https://protected_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token
Using the Access Token Cloud Hosting I 21 OAuth provider account.lab.fi-ware.org OAuth consumer myservice.com Retrieve list of organizations POST http://cloud.lab.fi-ware.eu:4730/v2.0/tokens { "auth":{ "tenantID":”ORG_ID", "token":{ "id":"access_token" } } } GET /user?access_token=access_token Keystone Proxy cloud.lab.fi-ware.org
Using the Access Token Cloud Hosting II 22 OAuth consumer myservice.com PaaS GE pegasus.lab.fi-ware.org Access using Scoped Token DCRM GE cloud.lab.fi-ware.org SDC GE saggita.lab.fi-ware.org Object Storage GE 130.206.82.9 Access using Scoped Token Access using Scoped Token Access using Scoped Token
Links FI-LAB Account: • Source Code: https://github.com/ging/fi-ware-idm • Documentation: https://github.com/ging/fi-ware-idm/wiki FI-LAB OAuth Demo using node.js: • https://github.com/ging/oauth2-example-client FI-LAB Proxy: • https://github.com/ging/fi-ware-pep-proxy 23

Empfohlen

How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionJavier Cerviño
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Álvaro Alonso González
 
Keyrock - Lesson 1. Introduction
Keyrock - Lesson 1. IntroductionKeyrock - Lesson 1. Introduction
Keyrock - Lesson 1. IntroductionÁlvaro Alonso González
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
Api security with o auth2
Api security with o auth2Api security with o auth2
Api security with o auth2Anthony Chow
 
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId ConnectModern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId ConnectManfred Steyer
 
Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Álvaro Alonso González
 

Empfohlen

How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionJavier Cerviño
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Álvaro Alonso González
 
Keyrock - Lesson 1. Introduction
Keyrock - Lesson 1. IntroductionKeyrock - Lesson 1. Introduction
Keyrock - Lesson 1. IntroductionÁlvaro Alonso González
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
Api security with o auth2
Api security with o auth2Api security with o auth2
Api security with o auth2Anthony Chow
 
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId ConnectModern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect
Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId ConnectManfred Steyer
 
Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Álvaro Alonso González
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
OAuth Linking-Social Networks
OAuth Linking-Social NetworksOAuth Linking-Social Networks
OAuth Linking-Social NetworksG Jayendra Kartheek
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationÁlvaro Alonso González
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesÁlvaro Alonso González
 
OAuth
OAuthOAuth
OAuthTom Elrod
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauthPriyanka Aash
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
Deltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingDeltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingdivyeshkharade
 
Let's shield Liferay
Let's shield LiferayLet's shield Liferay
Let's shield LiferayJosé A. Jiménez
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREÁlvaro Alonso González
 
Lesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portalLesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portalÁlvaro Alonso González
 
Android app security
Android app securityAndroid app security
Android app securityPositive Hack Days
 
Single sign on assistant an authentication brokers
Single sign on assistant an authentication brokersSingle sign on assistant an authentication brokers
Single sign on assistant an authentication brokersFinalyear Projects
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
OWASP
OWASPOWASP
OWASPgehad hamdy
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2axykim00
 
OAuth 2.0 101
OAuth 2.0 101OAuth 2.0 101
OAuth 2.0 101Anand Sharma
 
Web application security I
Web application security IWeb application security I
Web application security IMd Syed Ahamad
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Ubisecure
 

Weitere ähnliche Inhalte

Was ist angesagt?

Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationÁlvaro Alonso González
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesÁlvaro Alonso González
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauthPriyanka Aash
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
Deltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingDeltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingdivyeshkharade
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREÁlvaro Alonso González
 
Lesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portalLesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portalÁlvaro Alonso González
 
Single sign on assistant an authentication brokers
Single sign on assistant an authentication brokersSingle sign on assistant an authentication brokers
Single sign on assistant an authentication brokersFinalyear Projects
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2axykim00
 
Web application security I
Web application security IWeb application security I
Web application security IMd Syed Ahamad
 

Was ist angesagt? (20)

Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
 
OAuth Linking-Social Networks
OAuth Linking-Social NetworksOAuth Linking-Social Networks
OAuth Linking-Social Networks
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - Exersices
 
OAuth
OAuthOAuth
OAuth
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauth
 
Secure Code Warrior - Os command injection
Secure Code Warrior - Os command injectionSecure Code Warrior - Os command injection
Secure Code Warrior - Os command injection
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
 
Deltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingDeltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testing
 
Let's shield Liferay
Let's shield LiferayLet's shield Liferay
Let's shield Liferay
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
 
Lesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portalLesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portal
 
Android app security
Android app securityAndroid app security
Android app security
 
Single sign on assistant an authentication brokers
Single sign on assistant an authentication brokersSingle sign on assistant an authentication brokers
Single sign on assistant an authentication brokers
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
OWASP
OWASPOWASP
OWASP
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2
 
OAuth 2.0 101
OAuth 2.0 101OAuth 2.0 101
OAuth 2.0 101
 
Web application security I
Web application security IWeb application security I
Web application security I
 

Ähnlich wie Id fiware upm-dit

Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Ubisecure
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
OAuth2 Implementation Presentation (Java)
OAuth2 Implementation Presentation (Java)OAuth2 Implementation Presentation (Java)
OAuth2 Implementation Presentation (Java)Knoldus Inc.
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0Yury Roa
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19aminmesbahi
 
Social Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectSocial Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectJames Melville
 
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Adam Lewis
 

Ähnlich wie Id fiware upm-dit (20)

Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
 
Api security
Api security Api security
Api security
 
FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity Manager
 
OAuth2 Implementation Presentation (Java)
OAuth2 Implementation Presentation (Java)OAuth2 Implementation Presentation (Java)
OAuth2 Implementation Presentation (Java)
 
OAuth
OAuthOAuth
OAuth
 
OAuth
OAuthOAuth
OAuth
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
 
Oauth2.0 tutorial
Oauth2.0 tutorialOauth2.0 tutorial
Oauth2.0 tutorial
 
Social Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectSocial Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID Connect
 
Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0Securing APIs using OAuth 2.0
Securing APIs using OAuth 2.0
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 

Mehr von Joaquín Salvachúa

Introducción al ecosistema de React.js
Introducción al ecosistema de React.jsIntroducción al ecosistema de React.js
Introducción al ecosistema de React.jsJoaquín Salvachúa
 
FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesJoaquín Salvachúa
 
Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G) Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G) Joaquín Salvachúa
 
Big data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón ArecesBig data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón ArecesJoaquín Salvachúa
 

Mehr von Joaquín Salvachúa (20)

Eemov data
Eemov dataEemov data
Eemov data
 
Etica big data
Etica big dataEtica big data
Etica big data
 
FIWARE Data usage control
FIWARE Data usage controlFIWARE Data usage control
FIWARE Data usage control
 
Fiware overview3
Fiware overview3Fiware overview3
Fiware overview3
 
Fiware overview
Fiware overviewFiware overview
Fiware overview
 
Kubernetes2
Kubernetes2Kubernetes2
Kubernetes2
 
Introducción al ecosistema de React.js
Introducción al ecosistema de React.jsIntroducción al ecosistema de React.js
Introducción al ecosistema de React.js
 
FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager Exercises
 
Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G) Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G)
 
Vagrant
VagrantVagrant
Vagrant
 
Big data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón ArecesBig data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón Areces
 
Intro20 socioeconomia
Intro20 socioeconomiaIntro20 socioeconomia
Intro20 socioeconomia
 
Master w20 01
Master w20 01Master w20 01
Master w20 01
 
Blogs micro
Blogs microBlogs micro
Blogs micro
 
Social networks upm
Social networks upmSocial networks upm
Social networks upm
 
Nube redes
Nube redesNube redes
Nube redes
 
Identidad2
Identidad2Identidad2
Identidad2
 
Blogs Micro
Blogs MicroBlogs Micro
Blogs Micro
 
Blogs Micro
Blogs MicroBlogs Micro
Blogs Micro
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
 

Kürzlich hochgeladen

JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 

Kürzlich hochgeladen (20)

Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

Id fiware upm-dit

  • 1. Securing Access with Oauth2 in KeyRock Javier Cerviño Álvaro Alonso Joaquin Salvachua (DIT-UPM)
  • 2. How to authenticate users in your apps using FI-WARE Account In this course you will learn to: Use FI-WARE Account to create users, organizations and register your Applications. Authenticate users in your apps with their credentials on FI-WARE using OAuth 2.0. They’ll securely access resources thanks to authorization in FI-WARE Account. 1
  • 3. Content 1. Introduction. Introduction to FI-WARE Account and OAuth 2.0. We’ll see key concepts and topics. 2. First steps in FI-WARE Account. Register on FI-WARE Account, create organizations and manage roles of users in your organizations. 3. Secure your web applications using OAuth 2.0. Secure your own web applications to authenticate your users with their username and password in FI-WARE Account. 4. Authenticate your users from native applications using OAuth 2.0. Adapt your native applications to authenticate your users with their username and password in FI-WARE Account. 5. Developing secured APIs using OAuth 2.0. Deploy a FI-WARE PEP Security Proxy in front of your backend to secure requests to your APIs. 6. Authorizing access to protected resources. Create roles in your applications to allow or deny access of users to protected resources. 2
  • 6. Identity Management in FI-WARE  Management of users, their authentication and authorization, and privileges within organizations.  Resources used: • Users • Organizations • Roles • Applications  Users register themselves, create organizations, and assign roles into these organizations.  It enables applications to access user’s protected information. • Trusted environment • OAuth 2.0 standard  http://oauth.net/2/ • PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. 5
  • 9. OAuth 2.0  Mechanism to provide applications access to restricted resources without sharing credentials.  Applications use access tokens, issued by OAuth providers (e.g. FI-WARE), to access resources.  OAuth 2.0 specification is designed for use with HTTP.  Roles: • Resource Owner: Entity capable of granting access to a protected resource (e.g. end-user) • Resource Server: Server hosting protected resources. • Client: Application making protected resource requests on behalf of the resource owner. • Authorization Server: The server issuing access tokens to the client. 8
  • 10. OAuth Message Flow 9 Web App Account redirect request access-token access-token access-code OAuthLibrary Request user info using access-token
  • 11. Web Applications and GEs 10 Generic Enabler Account Request+ access-token redirect access-code request access-token access-token access-token + path OK + user info Web App OAuthLibrary
  • 12. Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
  • 13. AA for free! 12 Back-end Apps Account Request+ access-token Web App OauthLibrary Proxy redirect access-code request access-token access-token access-token + path OK + user info
  • 15. OAuth 2.0 Architecture Authorization Code Grant 14 OAuth provider account.lab.fi-ware.org OAuth consumer myservice.com 6. Response code + myservice.com credentials 7. Ok, this is the Access Token 8. Access user’s resources with Access Token
  • 16. OAuth 2.0 Architecture Implicit Grant 15 OAuth provider account.lab.fi-ware.org OAuth consumer myservice.com 6. Access user’s resources with Access Token
  • 17. OAuth 2.0 Arch. Resource Owner Password Credentials Grant 16 OAuth provider account.lab.fi-ware.org OAuth consumer myservice.com 2. Give access with myservice.com credentials and user’s password credentials 3. OK, this is the access token 4. Access user’s resources with Access Token
  • 18. OAuth 2.0 Architecture Client Credentials Grant 17 OAuth provider account.lab.fi-ware.org OAuth consumer myservice.com 1. Client authentication with myservice.com credentials 2. OK, this is the access token 3. Access myservice.com resources with Access Token
  • 19. Using the Access Token 18
  • 20. Using the Access Token FI-WARE Resource Providers 19 OAuth provider account.lab.fi-ware.org OAuth consumer myservice.com Access protected user info with Access Token Generic Enablers *.fi-ware.org GET https://ge_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token GET /user?access_token=access_token
  • 21. Using the Access Token Third-Party Resource Providers 20 PEP ProxyOAuth consumer myservice.com Access protected user info with Access Token Unsecured Resource Provider GET https://protected_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token
  • 22. Using the Access Token Cloud Hosting I 21 OAuth provider account.lab.fi-ware.org OAuth consumer myservice.com Retrieve list of organizations POST http://cloud.lab.fi-ware.eu:4730/v2.0/tokens { "auth":{ "tenantID":”ORG_ID", "token":{ "id":"access_token" } } } GET /user?access_token=access_token Keystone Proxy cloud.lab.fi-ware.org
  • 23. Using the Access Token Cloud Hosting II 22 OAuth consumer myservice.com PaaS GE pegasus.lab.fi-ware.org Access using Scoped Token DCRM GE cloud.lab.fi-ware.org SDC GE saggita.lab.fi-ware.org Object Storage GE 130.206.82.9 Access using Scoped Token Access using Scoped Token Access using Scoped Token
  • 24. Links FI-LAB Account: • Source Code: https://github.com/ging/fi-ware-idm • Documentation: https://github.com/ging/fi-ware-idm/wiki FI-LAB OAuth Demo using node.js: • https://github.com/ging/oauth2-example-client FI-LAB Proxy: • https://github.com/ging/fi-ware-pep-proxy 23