Social Single Sign-On with OpenID Connect
-
Upload
james-melville -
Category
Technology
-
view
138 -
download
2
description
Transcript of Social Single Sign-On with OpenID Connect
![Page 1: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/1.jpg)
Social Single Sign-On with OpenID ConnectJames Melville
Technical Architect
@jamesmelv
![Page 2: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/2.jpg)
James MelvilleTechnical Architect
![Page 3: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/3.jpg)
What is Social Single Sign On?
• Ability to authenticate using social profiles
![Page 4: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/4.jpg)
What is OpenID Connect?
• Identity Protocol built on OAuth 2.0
• Verify a user’s identity using authentication by another server
• Standard for sharing profile information
• Finalised February 2014
• Large backers:
![Page 5: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/5.jpg)
What can I do with Salesforce & OpenID Connect?
• Provide users with a form of Single Sign On
• Allow users to login to Salesforce using other credentials– Internal Users– Community Users
• Use a variety of providers to authenticate users:– Google– Microsoft– Paypal– Ping Identity
![Page 6: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/6.jpg)
User Benefits Business Benefits
Fewer usernames and passwords to remember Automate or Simplify User Creation
Quicker Login Reliable Source of User Details
Reduced registration effort Reduce helpdesk interactions
Why Use OpenID Connect?
![Page 7: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/7.jpg)
How do I set this up with Salesforce?Using Google as the Identity Provider
• Register as an OAuth client with Google– https://code.google.com/apis/console
• Configure “Auth. Provider” in Salesforce– Setup -> Security Controls -> Auth Provider
• Define the logic for user management
• Use Auth Provider in My Domain / Community
![Page 8: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/8.jpg)
How do I manage identities between systems?Implement a Registration Handler
• Define the logic to be executed when a user logs in– Create a registration hander in Apex– Use the profile information from the provider
• Unrecognised OpenID Connect profile– Match to an existing Salesforce user– Create a new user
• Previously logged in profile– Update profile information
![Page 9: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/9.jpg)
Login Demo
![Page 10: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/10.jpg)
What Else?• OpenID Connect is built on OAuth 2.0
• OpenID Connect Identity + OAuth 2.0 Authorisation = API Access
• Now use the Authorisation to access Resources
• Define access using Scope, as per OAuth 2.0
• Use APIs from the Identity Provider
![Page 11: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/11.jpg)
API Integration Demo
![Page 12: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/12.jpg)
Useful URLs• Google API Console:
https://code.google.com/apis/console
• Google API Documentation:
https://developers.google.com/drive/
• Apex Auth Docs:
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_namespace_Auth.htm
• Demo Repository:
https://github.com/jamesmelville/OpenIdConnectDemo
![Page 13: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/13.jpg)
Features I’d like to see
• Ability to dynamically extend Scopes
• Inspect scopes already claimed
• Ability to create / update user credentials store
![Page 14: Social Single Sign-On with OpenID Connect](https://reader034.fdocuments.in/reader034/viewer/2022052621/55838987d8b42a282c8b4a9a/html5/thumbnails/14.jpg)