Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

33
Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317

TAGS:

Transcript of Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Page 1: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Authentication in the cloud:Step by StepFelix JorkowskiSenior Developer, Planet Software

AZR317

Page 2: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Agenda

Components Of Authentication

Breaking Implicit TrustOAuth / Open ID

Federated AuthenticationWS-Federation / WS-Trust

Page 3: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Components of Authentication

Tokens

“A thing serving as a visible or tangible representation of something abstract”

User

Time

Cookie

Query

JSON

SOAP

Page 4: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Components of Authentication

Trust

Encryption

Explicit or Implicit

Extending trust using tokens

Trust

Page 5: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Breaking Implicit Trust

Identity Provider (IdP)

The User Store

Relying Party (RP)

Service for those Users

Page 6: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Breaking Implicit Trust

OAuth (2)

OpenID

Page 7: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: OAuth/OpenID

Client User Source (IdP)

Services

Server (RP)

Page 8: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: OAuth/OpenID

Client

Server (RP)

User Source (IdP)

Services

Page 9: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: OAuth/OpenID

Client

Server (RP)

User Source (IdP)

Services

Page 10: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: OAuth/OpenID

Client

Server (RP)

User Source (IdP)

Services

Page 11: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: OAuth/OpenID

OAuth Only!

Client

Server (RP)

User Source (IdP)

Services

Page 12: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: OAuth/OpenID

Client

Server (RP)

User Source (IdP)

Services

Page 13: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: OAuth/OpenID

OAuth Only!

Client

Server (RP)

User Source (IdP)

Services

Page 14: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: OAuth/OpenID

Client

Server (RP)

User Source (IdP)

Services

Page 15: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: OAuth/OpenID

Client

Server (RP)

User Source (IdP)

Services

Page 16: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

demo

Forms -> OAuth/OpenID

Page 17: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Federated Authentication

Page 18: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Federated Authentication

Passive (WS-Federation)

Active (WS-Trust)

Page 19: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Federated Authentication

Claims

Passed in your tokens

Holds user’s name, email…

Page 20: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Endpoints

Only for WS-Trust

Lots of configurations!

Federated Authentication

Page 21: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: WS-Federation

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Page 22: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: WS-Federation

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Page 23: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: WS-Federation

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Page 24: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Page 25: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Page 26: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Page 27: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Page 28: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Page 29: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Page 30: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Page 31: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

demo

Forms -> WS-Federation

net.tcp -> WS-Trust

Page 32: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Thank you!

Projects available at: https://github.com/ajorkowski/techeddemos

Questions? Meet and Greet - Thursday 11-11:30 Speaker Lounge

Twitter: @felixinmelb

https://github.com/ajorkowski/techeddemos
https://github.com/ajorkowski/techeddemos
Page 33: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.


Authentication Step-Up Protocol and Metadata …docs.oasis-open.org/.../v1.0/csprd01/trust-el-protocol-v… · Web viewAuthentication Step-Up Protocol and Metadata Version 1.0 Committee

Authentication Step-Up Protocol and Metadata …docs.oasis-open.org/.../v1.0/csprd01/trust-el-protocol-v… · Web viewAuthentication Step-Up Protocol and Metadata Version 1.0 Committee

Building a DC-DC Step-Down (Buck) Converter Circuit · PDF fileBuilding a DC-DC Step-Down (Buck) Converter Circuit Using Positive Voltage Regulator Felix Adisaputra November 19, 2010

Building a DC-DC Step-Down (Buck) Converter Circuit · PDF fileBuilding a DC-DC Step-Down (Buck) Converter Circuit Using Positive Voltage Regulator Felix Adisaputra November 19, 2010

Master Authentication/MCC Migration Guidemkt.acquisio.com/rs/acquisio/images/Master Authentication... · 2020. 8. 11. · July 4, 2014 Master Authentication Guide Page 3 of 10 Step

Master Authentication/MCC Migration Guidemkt.acquisio.com/rs/acquisio/images/Master Authentication... · 2020. 8. 11. · July 4, 2014 Master Authentication Guide Page 3 of 10 Step

Two-Step Authentication Patents December 2013 CONFIDENTIAL - ATTORNEY WORK - PRODUCT CONFIDENTIAL - ATTORNEY WORK PRODUCT - PRIVILEGED1.

Two-Step Authentication Patents December 2013 CONFIDENTIAL - ATTORNEY WORK - PRODUCT CONFIDENTIAL - ATTORNEY WORK PRODUCT - PRIVILEGED1.

Two Factor Authentication - USER GUIDE - Nominet · Two Factor Authentication - USER GUIDE Two Factor Authentication (or 2FA) is a two step verification process that provides an extra

Two Factor Authentication - USER GUIDE - Nominet · Two Factor Authentication - USER GUIDE Two Factor Authentication (or 2FA) is a two step verification process that provides an extra

Managing Web Authentication - Cisco · Cisco Wireless LAN Controller Configuration Guide, ... Step 1 ChooseSecurity>WebAuth>WebLoginPagetoopentheWebLoginpage. ... Managing …

Managing Web Authentication - Cisco · Cisco Wireless LAN Controller Configuration Guide, ... Step 1 ChooseSecurity>WebAuth>WebLoginPagetoopentheWebLoginpage. ... Managing …

godaddy two step authentication

godaddy two step authentication

FELIX SCHOLARSHIPS 2014 - The Felix Scholarship

FELIX SCHOLARSHIPS 2014 - The Felix Scholarship

Step 2 - University of Georgiabusfin.uga.edu/bursar/athena_accessing_your_1098t_statement.pdf · Step 1: Step 2: Step 3: Step 4: Step 5: Step 6: Step 7: m EITS CENTRAL AUTHENTICATION

Step 2 - University of Georgiabusfin.uga.edu/bursar/athena_accessing_your_1098t_statement.pdf · Step 1: Step 2: Step 3: Step 4: Step 5: Step 6: Step 7: m EITS CENTRAL AUTHENTICATION

Using RADIUS Authentication for Remote Access VPN...Using RADIUS Authentication for Remote Access VPN This guide will show step by step instructions for configuring Remote Access VPN

Using RADIUS Authentication for Remote Access VPN...Using RADIUS Authentication for Remote Access VPN This guide will show step by step instructions for configuring Remote Access VPN

Fusion Remote User Guide - jujotech.com · Step 5: “Yes” maintains authentication after exiting Fusion Remote and proceeds to step 6 “ No ” requires authentication after exiting

Fusion Remote User Guide - jujotech.com · Step 5: “Yes” maintains authentication after exiting Fusion Remote and proceeds to step 6 “ No ” requires authentication after exiting

Vodafone User Authentication (2-Step Login) User Manual

Vodafone User Authentication (2-Step Login) User Manual

1. Password 2. Validate 3. Access€¦ · Enable two-Step verification a app To app to Code Two-factor authentication Scan this barcode with your authentication app: Recovery code:

1. Password 2. Validate 3. Access€¦ · Enable two-Step verification a app To app to Code Two-factor authentication Scan this barcode with your authentication app: Recovery code:

Buck DC-DC Step-Down Felix

Buck DC-DC Step-Down Felix

One Time Password/SMS authentication to Bluecoat ProxySG ...€¦ · Step by Step Guide to implement SMS authentication to Bluecoat ProxySG Installation guide for securing the authentication

One Time Password/SMS authentication to Bluecoat ProxySG ...€¦ · Step by Step Guide to implement SMS authentication to Bluecoat ProxySG Installation guide for securing the authentication

AFTER SMS ONE-TIME PASSWORDS - GSMA€¦ · One-Time Passwords Dominate Online Step-Up Authentication Figure 2: Prevalence of Online Banking Login and Step-Up Authentication Methods

AFTER SMS ONE-TIME PASSWORDS - GSMA€¦ · One-Time Passwords Dominate Online Step-Up Authentication Figure 2: Prevalence of Online Banking Login and Step-Up Authentication Methods

What is Multi-Factor Authentication?€¦ · Multi-Factor Authentication (MFA) or sometimes called two-step verification, is an advanced security layer included with Office 365 that

What is Multi-Factor Authentication?€¦ · Multi-Factor Authentication (MFA) or sometimes called two-step verification, is an advanced security layer included with Office 365 that

. Define authentication Authentication credentials Authentication models Authentication servers Extended authentication protocols Virtual.

. Define authentication Authentication credentials Authentication models Authentication servers Extended authentication protocols Virtual.

Step-by-Step Guide Turning on two-factor authentication ...

Step-by-Step Guide Turning on two-factor authentication ...

Authentication. TOPICS Objectives Legacy Authentication Protocols IEEE 802.1X Authentication Extensible Authentication Protocol (EAP) Authentication Servers.

Authentication. TOPICS Objectives Legacy Authentication Protocols IEEE 802.1X Authentication Extensible Authentication Protocol (EAP) Authentication Servers.