FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
description
Transcript of FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
![Page 1: FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces](https://reader036.fdocuments.in/reader036/viewer/2022062406/5592591d1a28ab87418b4634/html5/thumbnails/1.jpg)
The FI-WARE Project – Base Platform for Future Service Infrastructures
Follow @FIWARE #FIWARE-AZ on Twitter !
FI-WARE Access Control GEPart 3 – IdM OAuth Setup & Interfaces
Cyril DANGERVILLE, ThalesFI-WARE / WP8 / [email protected]
![Page 2: FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces](https://reader036.fdocuments.in/reader036/viewer/2022062406/5592591d1a28ab87418b4634/html5/thumbnails/2.jpg)
The FI-WARE Project – Base Platform for Future Service Infrastructures
IdM OAuth Setup Steps
1.IdM GE steps (contact: DT (W. Steigerwald), NSN (R. Seidl))
1.Request new instance (OAuth only in R2.3.3 for NSN One-IDM)
2.Connect to the IdM Admin UI and register the following:1.Target service (OAuth Resource Server)2.Client App (OAuth Client)3.End-users (OAuth Resource Owners)
3.Check the OAuth Token Service4.Set custom user attributes with the REST API
![Page 3: FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces](https://reader036.fdocuments.in/reader036/viewer/2022062406/5592591d1a28ab87418b4634/html5/thumbnails/3.jpg)
The FI-WARE Project – Base Platform for Future Service Infrastructures
Target Service - Registration
![Page 4: FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces](https://reader036.fdocuments.in/reader036/viewer/2022062406/5592591d1a28ab87418b4634/html5/thumbnails/4.jpg)
The FI-WARE Project – Base Platform for Future Service Infrastructures
Target Service - Credentials
![Page 5: FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces](https://reader036.fdocuments.in/reader036/viewer/2022062406/5592591d1a28ab87418b4634/html5/thumbnails/5.jpg)
The FI-WARE Project – Base Platform for Future Service Infrastructures
Target Service – Add attributes to OAuth Access Token (1/2)
![Page 6: FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces](https://reader036.fdocuments.in/reader036/viewer/2022062406/5592591d1a28ab87418b4634/html5/thumbnails/6.jpg)
The FI-WARE Project – Base Platform for Future Service Infrastructures
Target Service – Add attributes to token (2/2)
![Page 7: FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces](https://reader036.fdocuments.in/reader036/viewer/2022062406/5592591d1a28ab87418b4634/html5/thumbnails/7.jpg)
The FI-WARE Project – Base Platform for Future Service Infrastructures
Client App Registration
![Page 8: FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces](https://reader036.fdocuments.in/reader036/viewer/2022062406/5592591d1a28ab87418b4634/html5/thumbnails/8.jpg)
The FI-WARE Project – Base Platform for Future Service Infrastructures
Recommendations for Client App
For implementation, check the following:OAuth 2.0 spec (RFC), §4. Obtaining Authorization, §7.
Accessing Protected Resources §5.3 Client App Security of OAuth 2.0 Threat Model and
Security Considerations (IETF RFC 6819) for implementation
![Page 9: FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces](https://reader036.fdocuments.in/reader036/viewer/2022062406/5592591d1a28ab87418b4634/html5/thumbnails/9.jpg)
The FI-WARE Project – Base Platform for Future Service Infrastructures
End-User Self Registration
![Page 10: FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces](https://reader036.fdocuments.in/reader036/viewer/2022062406/5592591d1a28ab87418b4634/html5/thumbnails/10.jpg)
The FI-WARE Project – Base Platform for Future Service Infrastructures
OAuth Token Service
![Page 11: FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces](https://reader036.fdocuments.in/reader036/viewer/2022062406/5592591d1a28ab87418b4634/html5/thumbnails/11.jpg)
The FI-WARE Project – Base Platform for Future Service Infrastructures
IdM REST API for managing user attributes
No common API among IdM GEis. SCIM standard proposed.
GCP API samples
![Page 12: FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces](https://reader036.fdocuments.in/reader036/viewer/2022062406/5592591d1a28ab87418b4634/html5/thumbnails/12.jpg)
The FI-WARE Project – Base Platform for Future Service Infrastructures
http://fi-ppp.eu
http://fi-ware.eu
Follow @FIWARE #FIWARE-AZ on Twitter !
Thanks !
12