why? Give an app access to a resource managed by someone else, without giving the app your password. A valet key for the web Allen I.
Size: px
Start display at page:

Download "why? Give an app access to a resource managed by someone else, without giving the app your password. A valet key for the web Allen I."

Transcription

1 Give an app access to a resource managed by someone else, without giving the app your password. why? Allen I. Holub Holub Associates tells the A valet key for the web Resource Owner Access the ignition, but not the trunk. Authorization Server to allow the Access for a short time. Client to access data on by presenting Resource Server Access token. 4

2 1 Digitally signed (by you) Normal Flow (preserved in OAuth 2) redirect

3 Access tokens have a limited lifetime OAuth 2 OAuth 1 + TLS Client gets a replacement by presenting a Refresh Token to the Authorization Server Good for 1 Access Token No digital signing required Not backwards compatible But, similar architecture Insecure Houston, We have a problem. IETF Draft: OAuth 2.0 Threat model and Security Considerations ( 52 Threats documented Diffuse Many parts deliberately open to interpretation Enterprise (not web) focused Google requires it Eran Lehav-Hammer (invented OAuth): Interoperability is impossible All vendors have proprietary variants. 11 He withdrew his name from the standard after 31 drafts got nowhere

4 Flows Web Server (next slide) User-Agent clients inside a web browser/javascript Username/Password really defeats the purpose Assertion via SAML assertion Client Credentials when client owns the resource Use a vendorsupplied implementation Web-server flow Typical authenticate/ authorize request: Auth Server Request access Authenticate & authorize client authorization code Client ID Exchange code for tokens op that needs resource Go here after permission from Resource Owner granted. Request resource {datatype: contents} Resource Server Refresh Access Token Client

5 On success, auth server responds to: Use the auth code to request tokens Auth code from previous step. with authorization code: which returns Request data from Request Server Request Server returns data $ curl H Authorization: OAuth ya29.ahes6zrtj1gnxaby81es- p_ypwwnbafrvbyvsyj2hzjfjhu' Access token

6 If request refused, refresh access token NONE OF THIS IS SECURE IF YOU DON T USE TLS (HTTPS) Installed-app flow (same as web application)

7 Client-side (Javascript) app Limited-input device Service accounts (owned by client app) Static IP required Set up to test

8 Set up to test (2) accounts/docs/oauth Developer s Console console.developers.google.com Cocoa 31 JavaScript

9 33 GenericUrl url = new GenericUrl(req.getRequestURL().toString()); url.setrawpath("/oauth2callback"); Allen I. Holub return url.build(); protected String getuserid(httpservletrequest req) throws ServletException, IOException { // return user ID } } public class CalendarServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet protected void onsuccess(httpservletrequest req, HttpServletResponse resp, Credential credential) throws ServletException, IOException { resp.sendredirect("/"); protected void onerror( HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorresponse) throws ServletException, IOException { // handle error protected String getredirecturi(httpservletrequest req) throws ServletException, IOException { 35 public class CalendarServletSample extends AbstractAuthorizationCodeServlet protected void doget(httpservletrequest request, HttpServletResponse response) throws IOException { // do stuff protected String getredirecturi(httpservletrequest req) throws ServletException, IOException { GenericUrl url = new GenericUrl(req.getRequestURL().toString()); url.setrawpath("/oauth2callback"); return url.build(); protected AuthorizationCodeFlow initializeflow() throws IOException { return new GoogleAuthorizationCodeFlow.Builder(new NetHttpTransport(), new JacksonFactory(), "[[ENTER YOUR CLIENT ID]]", "[[ENTER YOUR CLIENT SECRET]]", Collections.singleton(CalendarScopes.CALENDAR)).setCredentialStore( new JdoCredentialStore( JDOHelper.getPersistenceManagerFactory("transactions-optional"))).build(); protected String getuserid(httpservletrequest req) throws ServletException, IOException { Allen I. Holub // return user ID protected String getredirecturi(httpservletrequest req) throws ServletException, IOException { GenericUrl url = new GenericUrl(req.getRequestURL().toString()); url.setrawpath("/oauth2callback"); return url.build(); protected AuthorizationCodeFlow initializeflow() throws IOException { return new GoogleAuthorizationCodeFlow.Builder( new NetHttpTransport(), new JacksonFactory(), "[[ENTER YOUR CLIENT ID]]", "[[ENTER YOUR CLIENT SECRET]]", Collections.singleton(CalendarScopes.CALENDAR)).setCredentialStore( new JdoCredentialStore( JDOHelper.getPersistenceManagerFactory("transactions-optional"))).build(); protected String getuserid(httpservletrequest req) throws ServletException, IOException { // return user ID } } 36

10 get from:

11 OAUTH 1.0 (RFC 5849) OAUTH 2.0 (RFC 6749) OAUTH 2.0 Threat Model Various implementations: 41? Allen Allen I. Holub

Similar documents

Authentication in the Cloud. Stefan Seelmann

Authentication in the Cloud. Stefan Seelmann Authentication in the Cloud Stefan Seelmann Agenda Use Cases View Points Existing Solutions Upcoming Solutions Use Cases End user needs login to a site or service End user wants to share access to resources

More information

Administering Jive Mobile Apps for ios and Android

Administering Jive Mobile Apps for ios and Android Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile

More information

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of

More information

Single Sign-On for PCF. User's Guide

Single Sign-On for PCF. User's Guide Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans

More information

MediaAUTH Draft Proposal

MediaAUTH Draft Proposal MediaAUTH Draft Proposal August 21, 2012 Contents 1 Introduction 2 2 Service & User Perspective 2 2.1 Login...................................... 2 2.2 Soft Login.................................... 3

More information

OAuth securing the insecure

OAuth securing the insecure Black Hat US 2011 khash kiani khash@thinksec.com OAuth securing the insecure roadmap OAuth flow malicious sample applications mobile OAuth google app web-based OAuth facebook app insecure implementation

More information

The Current State of OAuth 2. Aaron Open Source Bridge Portland, June 2011

The Current State of OAuth 2. Aaron Open Source Bridge Portland, June 2011 The Current State of OAuth 2 Aaron Parecki Open Source Bridge Portland, June 2011 A Brief History Before OAuth aka the Dark Ages If a third party wanted access to an account, you d give them your password.

More information

NIELSEN API PORTAL USER REGISTRATION GUIDE

NIELSEN API PORTAL USER REGISTRATION GUIDE NIELSEN API PORTAL USER REGISTRATION GUIDE 1 INTRODUCTION In order to access the Nielsen API Portal services, there are three steps that need to be followed sequentially by the user: 1. User Registration

More information

Tutorial: Building the Services Ecosystem

Tutorial: Building the Services Ecosystem Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service

More information

WP Voting Plugin - Ohiowebtech Video Extension - Youtube Documentation

WP Voting Plugin - Ohiowebtech Video Extension - Youtube Documentation WP Voting Plugin - Ohiowebtech Video Extension - Youtube Documentation Overview This documentation includes details about the WP Voting Plugin - Video Extension Plugin for Youtube. This extension will

More information

Administering Jive Mobile Apps

Administering Jive Mobile Apps Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Custom App Wrapping for ios... 4 Native App Caching: Android...4 Native App

More information

Some Facts Web 2.0/Ajax Security

Some Facts Web 2.0/Ajax Security /publications/notes_and_slides Some Facts Web 2.0/Ajax Security Allen I. Holub Holub Associates allen@holub.com Hackers attack bugs. The more complex the system, the more bugs it will have. The entire

More information

PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility

PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility 2013 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means

More information

Coveo Platform 7.0. Yammer Connector Guide

Coveo Platform 7.0. Yammer Connector Guide Coveo Platform 7.0 Yammer Connector Guide Notice The content in this document represents the current view of Coveo as of the date of publication. Because Coveo continually responds to changing market conditions,

More information

Salesforce1 Mobile Security White Paper. Revised: April 2014

Salesforce1 Mobile Security White Paper. Revised: April 2014 Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing

More information

API Gateway. Version 7.5.1

API Gateway. Version 7.5.1 O A U T H U S E R G U I D E API Gateway Version 7.5.1 15 September 2017 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.5.1 No part

More information

A10: Unvalidated Redirects and Forwards Axx: Unsolicited Framing

A10: Unvalidated Redirects and Forwards Axx: Unsolicited Framing A10: Unvalidated Redirects and Forwards Axx: Unsolicited Framing A10: Unvalidated Redirects Web application redirects are very common Redirect request to a URL-supplied destination User accesses page requiring

More information

Your Auth is open! Oversharing with OpenAuth & SAML

Your Auth is open! Oversharing with OpenAuth & SAML Your Auth is open! Oversharing with OpenAuth & SAML Andrew Pollack Northern Collaborative Technologies 2013 by the individual speaker Sponsors 2013 by the individual speaker Who Am I? Andrew Pollack President

More information

Serverless Single Page Web Apps, Part Four. CSCI 5828: Foundations of Software Engineering Lecture 24 11/10/2016

Serverless Single Page Web Apps, Part Four. CSCI 5828: Foundations of Software Engineering Lecture 24 11/10/2016 Serverless Single Page Web Apps, Part Four CSCI 5828: Foundations of Software Engineering Lecture 24 11/10/2016 1 Goals Cover Chapter 4 of Serverless Single Page Web Apps by Ben Rady Present the issues

More information

OWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP

OWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes

More information

Using OAuth 2.0 to Access ionbiz APIs

Using OAuth 2.0 to Access ionbiz APIs Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and

More information

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018 Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to

More information

Grandstream Networks, Inc. Captive Portal Authentication via Twitter

Grandstream Networks, Inc. Captive Portal Authentication via Twitter Grandstream Networks, Inc. Table of Content SUPPORTED DEVICES... 4 INTRODUCTION... 5 CAPTIVE PORTAL SETTINGS... 6 Policy Configuration Page... 6 Landing Page Redirection... 8 Pre-Authentication Rules...

More information

OAuth2 Autoconfig. Copyright

OAuth2 Autoconfig. Copyright Copyright Table of Contents... iii 1. Downloading... 1 1.1. Source... 1 1.2. Maven... 1 1.3. Gradle... 2 2. Authorization Server... 3 3. Resource Server... 4 I. Token Type in User Info... 5 II. Customizing

More information

Real-world security analyses of OAuth 2.0 and OpenID Connect

Real-world security analyses of OAuth 2.0 and OpenID Connect Real-world security analyses of OAuth 2.0 and OpenID Connect Wanpeng Li and Chris J Mitchell 1 Agenda Single sign-on and identity management OAuth 2.0 Two case studies Security analyses OpenID Connect

More information

Warm Up to Identity Protocol Soup

Warm Up to Identity Protocol Soup Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital

More information

CS November 2018

CS November 2018 Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University

More information

OAuth 2 and Native Apps

OAuth 2 and Native Apps OAuth 2 and Native Apps Flows While all OAuth 2 flows can be used by native apps, only the user delegation flows will be considered in this document: Web Server, User-Agent and Device flows. The Web Server

More information

Connecting the RISC Client to non-javascriptinterfaces

Connecting the RISC Client to non-javascriptinterfaces Connecting the RISC Client to non-javascriptinterfaces Motivation In industry scenarios there is the necessity to connect the RISC client to client side subdevices or interfaces. Examples: serial / USB

More information

Authentication. Katarina

Authentication. Katarina Authentication Katarina Valalikova @KValalikova k.valalikova@evolveum.com 1 Agenda History Multi-factor, adaptive authentication SSO, SAML, OAuth, OpenID Connect Federation 2 Who am I? Ing. Katarina Valaliková

More information

The OAuth 2.0 Authorization Protocol

The OAuth 2.0 Authorization Protocol The OAuth 2.0 Authorization Protocol Abstract The OAuth 2.0 authorization protocol enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by

More information

Connect-2-Everything SAML SSO (client documentation)

Connect-2-Everything SAML SSO (client documentation) Connect-2-Everything SAML SSO (client documentation) Table of Contents Summary Overview Refined tags Summary The Connect-2-Everything landing page by Refined Data allows Adobe Connect account holders to

More information

WEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F

WEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F WEB API v 1. 1 0 8. 0 5. 2 0 1 8 1. Introduction 2. Calling URL 3. Swagger Interface Example API call through Swagger 4. Authentication API Tokens OAuth 2 Code Flow OAuth2 Authentication Example 1. Authorization

More information

API Security Management SENTINET

API Security Management SENTINET API Security Management SENTINET Overview 1 Contents Introduction... 2 Security Models... 2 Authentication... 2 Authorization... 3 Security Mediation and Translation... 5 Bidirectional Security Management...

More information

Using Twitter & Facebook API. INF5750/ Lecture 10 (Part II)

Using Twitter & Facebook API. INF5750/ Lecture 10 (Part II) Using Twitter & Facebook API INF5750/9750 - Lecture 10 (Part II) Lecture contents Connecting to popular social APIs Authentication Authorization Common calls Privacy and understanding data storage Social

More information

How to social login with Aruba controller. Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00

How to social login with Aruba controller. Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00 Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00 Overview This short document describes the basic setup for social login using Aruba ClearPass and Aruba wireless LAN controller. Aruba ClearPass, version

More information

Inland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE

Inland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE Inland Revenue Build Pack Identity and Access Services Date: 04/09/2017 Version: 1.5 IN CONFIDENCE About this Document This document is intended to provide Service Providers with the technical detail required

More information

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication

More information

Neos Google Analytics Integration

Neos Google Analytics Integration Neos Google Analytics Integration Release dev-master The Neos Team Feb 25, 2018 Contents 1 Installation 3 2 Configuration 5 2.1 Statistics display inside Neos.................................... 5 2.2

More information

THE ESSENTIAL OAUTH PRIMER: UNDERSTANDING OAUTH FOR SECURING CLOUD APIS

THE ESSENTIAL OAUTH PRIMER: UNDERSTANDING OAUTH FOR SECURING CLOUD APIS THE ESSENTIAL OAUTH PRIMER: UNDERSTANDING OAUTH FOR SECURING CLOUD APIS TABLE OF CONTENTS 03 03 05 06 07 07 09 11 EXECUTIVE OVERVIEW MOTIVATING USE CASE: TRIPIT TERMINOLOGY INTRODUCTION THE OAUTH 2.0 MODEL

More information

OAuth with On-Premise ReportPlus Server Installation Guide

OAuth with On-Premise ReportPlus Server Installation Guide OAuth with On-Premise ReportPlus Server Installation Guide ReportPlus Server OAuth On-Premise ReportPlus Server Installation 1.0 Disclaimer THE INFORMATION CONTAINED IN THIS DOCUMENT IS PROVIDED AS IS

More information

TECHNICAL GUIDE SSO SAML Azure AD

TECHNICAL GUIDE SSO SAML Azure AD 1 TECHNICAL GUIDE SSO SAML Azure AD At 360Learning, we don t make promises about technical solutions, we make commitments. This technical guide is part of our Technical Documentation. Version 1.0 2 360Learning

More information

Cookies, sessions and authentication

Cookies, sessions and authentication Cookies, sessions and authentication TI1506: Web and Database Technology Claudia Hauff! Lecture 7 [Web], 2014/15 1 Course overview [Web] 1. http: the language of Web communication 2. Web (app) design &

More information

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration

More information

How to Configure Authentication and Access Control (AAA)

How to Configure Authentication and Access Control (AAA) How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual

More information

Protect Your API with OAuth 2. Rob Allen

Protect Your API with OAuth 2. Rob Allen Protect Your API with OAuth 2 Authentication Know who is logging into your API Rate limiting Revoke application access if its a problem Allow users to revoke 3rd party applications How? Authorization header:

More information

OAuth 2.0 Incremental Auth

OAuth 2.0 Incremental Auth OAuth 2.0 Incremental Auth IETF 99 Prague, July 2017 William Denniss Incremental Auth Problem Statement Asking for the kitchen sink of scopes up-front is a bad thing. Users should have the context of the

More information

Salesforce Mobile App Security Guide

Salesforce Mobile App Security Guide Salesforce Mobile App Security Guide Version 3, 0 @salesforcedocs Last updated: October 11, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,

More information

DocuSign Single Sign On Implementation Guide Published: June 8, 2016

DocuSign Single Sign On Implementation Guide Published: June 8, 2016 DocuSign Single Sign On Implementation Guide Published: June 8, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents

More information

OAuth2lib. implementation

OAuth2lib. implementation OAuth2lib http://tools.ietf.org/html/ietf-oauth-v2-08 implementation 24 Junio 2010 Índice de contenido Oauth2lib v05...1 Introduction...3 Documentation...4 OAuth2 Assertion Flow...4 Authorization Flow...4

More information

Advanced API Security

Advanced API Security Advanced API Security ITANA Group Nuwan Dias Architect 22/06/2017 Agenda 2 HTTP Basic Authentication Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 3 API Security is about controlling Access Delegation

More information

Oracle Communications WebRTC Session Controller

Oracle Communications WebRTC Session Controller Oracle Communications WebRTC Session Controller Security Guide Release 7.0 E40975-01 November 2013 Oracle Communications WebRTC Session Controller Security Guide, Release 7.0 E40975-01 Copyright 2013,

More information

SDK Developer s Guide

SDK Developer s Guide SDK Developer s Guide 2005-2012 Ping Identity Corporation. All rights reserved. PingFederate SDK Developer s Guide Version 6.10 October, 2012 Ping Identity Corporation 1001 17 th Street, Suite 100 Denver,

More information

The OAuth 2.0 Authorization Framework draft-ietf-oauth-v2-30

The OAuth 2.0 Authorization Framework draft-ietf-oauth-v2-30 OAuth Working Group D. Hardt, Ed. Internet-Draft Microsoft Obsoletes: 5849 (if approved) D. Recordon Intended status: Standards Track Facebook Expires: January 16, 2013 July 15, 2012 The OAuth 2.0 Authorization

More information

CoreBlox Integration Kit. Version 2.2. User Guide

CoreBlox Integration Kit. Version 2.2. User Guide CoreBlox Integration Kit Version 2.2 User Guide 2015 Ping Identity Corporation. All rights reserved. PingFederate CoreBlox Integration Kit User Guide Version 2.2 November, 2015 Ping Identity Corporation

More information

SDK Developer s Guide

SDK Developer s Guide SDK Developer s Guide 2005-2013 Ping Identity Corporation. All rights reserved. PingFederate SDK Developer s Guide Version 7.1 August, 2013 Ping Identity Corporation 1001 17 th Street, Suite 100 Denver,

More information

Mobile Procurement REST API (MOBPROC): Access Tokens

Mobile Procurement REST API (MOBPROC): Access Tokens Mobile Procurement REST API (MOBPROC): Access Tokens Tangoe, Inc. 35 Executive Blvd. Orange, CT 06477 +1.203.859.9300 www.tangoe.com TABLE OF CONTENTS HOW TO REQUEST AN ACCESS TOKEN USING THE PASSWORD

More information

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Better MDM

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Better MDM SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Once all of the features of Intel Active Management Technology (Intel

Once all of the features of Intel Active Management Technology (Intel Chapter11 Connecting and Communicating with Intel Active Management Technology Disconnecting from change does not recapture the past. It loses the future. Kathleen Norris, O Magazine, January 2004 Once

More information

Web Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext

More information

INTRODUCTION TO SERVLETS AND WEB CONTAINERS. Actions in Accord with All the Laws of Nature

INTRODUCTION TO SERVLETS AND WEB CONTAINERS. Actions in Accord with All the Laws of Nature INTRODUCTION TO SERVLETS AND WEB CONTAINERS Actions in Accord with All the Laws of Nature Web server vs web container Most commercial web applications use Apache proven architecture and free license. Tomcat

More information

Unified Secure Access Beyond VPN

Unified Secure Access Beyond VPN Unified Secure Access Beyond VPN Luboš Klokner F5 Systems Engineer lubos@f5.com +421 908 755152 @lklokner Humans v. Technology F5 Networks, Inc Agenda Introduction General APM Use-Cases APM Use-Cases from

More information

Grandstream Networks, Inc. Captive Portal Authentication via Facebook

Grandstream Networks, Inc. Captive Portal Authentication via Facebook Grandstream Networks, Inc. Table of Content SUPPORTED DEVICES... 4 INTRODUCTION... 5 CAPTIVE PORTAL SETTINGS... 6 Policy Configuration Page... 6 Landing Page Redirection... 8 Pre-Authentication Rules...

More information

ArcGIS Server and Portal for ArcGIS An Introduction to Security

ArcGIS Server and Portal for ArcGIS An Introduction to Security ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context

More information

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager. IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS VMware Identity Manager February 2017 V1 1 2 Table of Contents Overview... 5 Benefits of BIG-IP APM and Identity

More information

Container-Native Applications

Container-Native Applications Container-Native Applications Security, Logging, Tracing Matthias Fuchs, @hias222 DOAG 2018 Exa & Middleware Days, 2018/06/19 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS

More information

API Signup Instructions

API Signup Instructions API Signup Instructions Pixabay The API Key for Pixabay is already included in the FotoPress plugin, so you don t need to do anything with it. Flickr 1. Flickr is also a part of Yahoo. If you already have

More information

Aruba Central Application Programming Interface

Aruba Central Application Programming Interface Aruba Central Application Programming Interface User Guide Copyright Information Copyright 2016 Hewlett Packard Enterprise Development LP. Open Source Code This product includes code licensed under the

More information

Partner Center: Secure application model

Partner Center: Secure application model Partner Center: Secure application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including

More information

AEM Mobile: Setting up Google as an Identity Provider

AEM Mobile: Setting up Google as an Identity Provider AEM Mobile: Setting up Google as an Identity Provider Requirement: Prerequisite knowledge Understanding of AEM Mobile Required Products AEM Mobile Google Account Generating the client ID and secret To

More information

[MS-ADFSOAL]: Active Directory Federation Services OAuth Authorization Code Lookup Protocol

[MS-ADFSOAL]: Active Directory Federation Services OAuth Authorization Code Lookup Protocol [MS-ADFSOAL]: Active Directory Federation Services OAuth Authorization Code Lookup Protocol Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft

More information

Security. SWE 432, Fall 2017 Design and Implementation of Software for the Web

Security. SWE 432, Fall 2017 Design and Implementation of Software for the Web Security SWE 432, Fall 2017 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Authorization oauth 2 Security Why is it important? Users data is

More information

Identity and Data Access: OpenID & OAuth

Identity and Data Access: OpenID & OAuth Feedback: http://goo.gl/dpubh #io2011 #TechTalk Identity and Data Access: OpenID & OAuth Ryan Boyd @ryguyrg https://profiles.google.com/ryanboyd May 11th 2011 Agenda Feedback: http://goo.gl/dpubh #io2011

More information

THE INTEROPERATION BETWEEN CASIDP AND INCOMMON ETC. JIWU JING

THE INTEROPERATION BETWEEN CASIDP AND INCOMMON ETC. JIWU JING THE INTEROPERATION BETWEEN IDP AND INCOMMON ETC. JIWU JING OUTLINE Introduction of IDP( s IDP) Concerns on the IDP s Interoperability An Approach of Interoperation Project IDP SYSTEM Identity Management

More information

Grandstream Networks, Inc. Captive Portal Authentication via Facebook

Grandstream Networks, Inc. Captive Portal Authentication via Facebook Grandstream Networks, Inc. Table of Content SUPPORTED DEVICES... 4 INTRODUCTION... 5 CAPTIVE PORTAL SETTINGS... 6 Policy Configuration Page... 6 Landing Page Redirection... 8 Pre-Authentication Rules...

More information

SSO Integration Overview

SSO Integration Overview SSO Integration Overview 2006-2014 Ping Identity Corporation. All rights reserved. PingFederate SSO Integration Overview Version 7.2 June, 2014 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,

More information

DaDaDocs for Microsoft Dynamics 365 Administrator Guide

DaDaDocs for Microsoft Dynamics 365 Administrator Guide DaDaDocs for Microsoft Dynamics 365 Administrator Guide Requirements: Microsoft Dynamics 365 organization. PDFfiller user account. Installation and configuration 2 Install DaDaDocs 2 Update to the latest

More information

Deploying OAuth with Cisco Collaboration Solution Release 12.0

Deploying OAuth with Cisco Collaboration Solution Release 12.0 White Paper Deploying OAuth with Cisco Collaboration Solution Release 12.0 Authors: Bryan Morris, Kevin Roarty (Collaboration Technical Marketing) Last Updated: December 2017 This document describes the

More information

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14 Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.

More information

WHITE PAPER. OAuth A new era in Identity Management and its Applications. Abstract

WHITE PAPER. OAuth A new era in Identity Management and its Applications. Abstract WHITE PAPER OAuth A new era in Identity Management and its Applications Abstract OAuth protocol is a standard which allows end users to share their web resources with the third-party applications without

More information

API Security. PHP Tek Rob Richards

API Security. PHP Tek Rob Richards API Security PHP Tek 2012 Rob Richards rrichards@mashery.com Who am I? Rob Richards Mashery Email: rrichards@mashery.com Twitter: @mashery Slides: www.cdatazone.org WWW Danger! Danger! Traditional Web

More information

Identity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014

Identity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014 Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2

More information

BECOMING A DATA-DRIVEN BROADCASTER AND DELIVERING A UNIFIED AND PERSONALISED BROADCAST USER EXPERIENCE

BECOMING A DATA-DRIVEN BROADCASTER AND DELIVERING A UNIFIED AND PERSONALISED BROADCAST USER EXPERIENCE BECOMING A DATA-DRIVEN BROADCASTER AND DELIVERING A UNIFIED AND PERSONALISED BROADCAST USER EXPERIENCE M. Barroco EBU Technology & Innovation, Switzerland ABSTRACT Meeting audience expectations is becoming

More information

API Security Management with Sentinet SENTINET

API Security Management with Sentinet SENTINET API Security Management with Sentinet SENTINET Overview 1 Contents Introduction... 2 Security Mediation and Translation... 3 Security Models... 3 Authentication... 4 Authorization... 5 Bidirectional Security

More information

Salesforce IoT REST API Getting Started Guide

Salesforce IoT REST API Getting Started Guide Salesforce IoT REST API Getting Started Guide Version 42.0, Spring 18 @salesforcedocs Last updated: March 9, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered

More information

MS Switch Access Policies (802.1X) Host Modes

MS Switch Access Policies (802.1X) Host Modes MS Switch Access Policies (802.1X) Cisco Meraki MS switches offer the ability to configure access policies, which require connecting devices to authenticate against a RADIUS server before they are granted

More information

Oracle Fusion Middleware. Oracle API Gateway OAuth User Guide 11g Release 2 ( )

Oracle Fusion Middleware. Oracle API Gateway OAuth User Guide 11g Release 2 ( ) Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.3.0) April 2014 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.3.0) Copyright 1999, 2014, Oracle and/or its

More information

Servlets by Example. Joe Howse 7 June 2011

Servlets by Example. Joe Howse 7 June 2011 Servlets by Example Joe Howse 7 June 2011 What is a servlet? A servlet is a Java application that receives HTTP requests as input and generates HTTP responses as output. As the name implies, it runs on

More information

Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,

Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April, Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques

More information

Lesson 13 Securing Web Services (WS-Security, SAML)

Lesson 13 Securing Web Services (WS-Security, SAML) Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element

More information

Security Guide Release 7.1

Security Guide Release 7.1 [1]Oracle Communications WebRTC Session Controller Security Guide Release 7.1 E55124-01 March 2015 Oracle Communications WebRTC Session Controller Security Guide, Release 7.1 E55124-01 Copyright 2013,

More information

Introduction to application management

Introduction to application management Introduction to application management To deploy web and mobile applications, add the application from the Centrify App Catalog, modify the application settings, and assign roles to the application to

More information

ClickToCall SkypeTest Documentation

ClickToCall SkypeTest Documentation ClickToCall SkypeTest Documentation Release 0.0.1 Andrea Mucci August 04, 2015 Contents 1 Requirements 3 2 Installation 5 3 Database Installation 7 4 Usage 9 5 Contents 11 5.1 REST API................................................

More information

Building the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017

Building the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017 Building the Modern Research Data Portal using the Globus Platform Rachana Ananthakrishnan rachana@globus.org GlobusWorld 2017 Platform Questions How do you leverage Globus services in your own applications?

More information

Introduction to SciTokens

Introduction to SciTokens Introduction to SciTokens Brian Bockelman, On Behalf of the SciTokens Team https://scitokens.org This material is based upon work supported by the National Science Foundation under Grant No. 1738962. Any

More information

Privacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras

Privacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras Privacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 08 Tutorial 2, Part 2, Facebook API (Refer Slide Time: 00:12)

More information

NotifySCM Workspace Administration Guide

NotifySCM Workspace Administration Guide NotifySCM Workspace Administration Guide TABLE OF CONTENTS 1 Overview... 3 2 Login... 4 2.1 Main View... 5 3 Manage... 6 3.1 PIM... 6 3.2 Document...12 3.3 Server...13 4 Workspace Configuration... 14 4.1

More information

BlackBerry AtHoc Networked Crisis Communication. BlackBerry AtHoc API Quick Start Guide

BlackBerry AtHoc Networked Crisis Communication. BlackBerry AtHoc API Quick Start Guide BlackBerry AtHoc Networked Crisis Communication BlackBerry AtHoc API Quick Start Guide Release 7.6, September 2018 Copyright 2018 BlackBerry Limited. All Rights Reserved. This document may not be copied,

More information

USER MANUAL. SalesPort Salesforce Customer Portal for WordPress (Lightning Mode) TABLE OF CONTENTS. Version: 3.1.0

USER MANUAL. SalesPort Salesforce Customer Portal for WordPress (Lightning Mode) TABLE OF CONTENTS. Version: 3.1.0 USER MANUAL TABLE OF CONTENTS Introduction...1 Benefits of Customer Portal...1 Prerequisites...1 Installation...2 Salesforce App Installation... 2 Salesforce Lightning... 2 WordPress Manual Plug-in installation...

More information

Introduction Secure Message Center (Webmail, Mobile & Visually Impaired) Webmail... 2 Mobile & Tablet... 4 Visually Impaired...

Introduction Secure Message Center (Webmail, Mobile & Visually Impaired) Webmail... 2 Mobile & Tablet... 4 Visually Impaired... WEB MESSAGE CENTER END USER GUIDE The Secure Web Message Center allows users to access and send and receive secure messages via any browser on a computer, tablet or other mobile devices. Introduction...

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback