OAuth 2 and Native Apps

Size: px
Start display at page:

Download "OAuth 2 and Native Apps"

Transcription

1 OAuth 2 and Native Apps Flows While all OAuth 2 flows can be used by native apps, only the user delegation flows will be considered in this document: Web Server, User-Agent and Device flows. The Web Server and User-Agent flows are similar in that information in the browser must be captured by the native app at some point. Transferring control and information from the browser back to the native app is a hard problem. The next section lists techniques that allow that. The Device flow does not have the above problem, but it has a potential session fixation vulnerability. Also, this flow is relatively new and it was not used by native apps so it is not proved in practice. Changes needed by current spec so native apps are supported: Web Server flow define standard result page if redirect_uri is missing make sure unregistered clients are properly supported make sure registered by insecure clients are supported display name parameter may be required User-Agent flow display name parameter may be required Device flow should define standard parameter name for user code display name parameter may be required Information Transfer Techniques After the end user approves that the native application gets access to the requested scopes the user-agent is redirected to the redirect_uri. The result page at the redirect_uri should display the information that the native application needs along with instructions for the end user. This information is a verification code (Web Server flow) or access/refresh tokens (User-Agent flow). The information can also include some client state, if it was initially sent by the client. If the end user denies access, then ideally the result page should also be displayed but the information will be a relevant error code and some explanation for the end user. The following techniques allow native applications to extract the needed information from the result page.

2 Manual copy-and-paste The result page shows only one piece of text that the end user can copy and then should paste into the native app. Instructions on how to do that should also be provided. The text to be copied could be a single code/token or an encoded data structure. The authorization dance can happen on a different machine and be controller by a separate web server. The native app could instruct the user to go to a URL and grab an activation code from there. The web application at the URL will start the OAuth dance with the same client Id as used by the native app and at the end show an appropriate result page. easy to implement loop is not closed automatically user has to copy-paste or memorize-type Automatic copy-and-paste The result page uses JavaScript and/or Flash to copy the information to the system clipboard. The native application is watching the clipboard in a loop. hard to copy to system clipboard from HTML page, may need flash text copied to clipboard can be seen by other apps, can leak, may need to encrypt native app must ensure it grabs the proper text from clipboard, client state can help requires JavaScript to be enabled in browser to copy to clipboard Custom URI Scheme The native app registers a custom URI scheme that will launch the application itself, or a helper app. The redirect_uri would use this scheme. no standard way to register schemes possible security issues if a newer app grabs an existing scheme

3 does not work as well on desktop apps as on phones Local Web Server The native app starts a local web server on some available port and the redirect_uri will point to this server. native app needs to embed a web server local firewall may block access to local web server Embedded Browser The native app embeds a browser. good integration with native app, no focus issues embedded browser uses different cookie jar, no active session, user forced to login (apparently on Mac and iphone cookies are shared by embedded browser) no browser plugins present, user may have difficulties to login probably no username/password auto-completion if some form of strong auth is used once per browser the user is forced to do it again what is embedded may not be the user s preferred browser does not work with CLI apps user still enters credentials in native app Monitor Cookies The native app watches the cookie jar of the browser it launched. The result page will save the information to a cookie using JavaScript. each browser saves cookies differently access to cookie files cannot be synchronized

4 requires JavaScript to be enabled in browser to save cookie Monitor Window Title The native application launches a browser and then keeps tracking the process and the corresponding OS window title. The result page should make sure the information shows up in the window title. only shorter text can be transferred no guarantee that each window manager or browser will display the title consistently Browser Extension The native app relies on a browser extension it can communicate with. The extension notices when the result page is rendered, extracts the information and passes it to the native app. only method that can close the loop even if user wanders off or closes browser extensions must be created for all browser user needs to install extension Types of Result Pages Dynamic web page controlled by the native app publisher on some external web server. Default dynamic web page provided by the authorization server. Dynamic web page controlled by the native app on local machine. Custom scheme URI that invokes native app or helper. Static HTML page on local machine. Types of Native Apps GUI Desktop App CLI Desktop App Smart Phone App

5 Technique vs Flow Web Server User-Agent Manual copy-paste Yes No 1 Automatic copy-paste Yes Yes 2 Custom Scheme Yes Yes Local Server Yes Yes Embedded Browser Yes Yes Monitor Cookie Yes Yes 2 Monitor Title Yes No 3 Extension Yes Yes Notes: 1. Access token, expiry time and potentially refresh token all would have to be copied. May not be practical. 2. Important tokens could be leaked. 3. Information probably too long to fit into window title. Technique vs Native App Type GUI Desktop CLI Desktop Smart Phone Manual copy-paste Yes Yes No 1 Automatic copy-paste Yes Yes? Custom Scheme Yes Yes Yes 2 Local Server Yes Yes No Embedded Browser Yes No Yes Monitor Cookie Yes Yes? Monitor Title Yes Yes No Extension Yes Yes No Notes:

6 1. Could work for simple verification code. Approval can even be done on a different computer. 2. This seems to work particularly well for phone apps.

sanction Documentation

sanction Documentation sanction Documentation Release 0.4 Demian Brecht May 14, 2014 Contents 1 Overview 3 2 Quickstart 5 2.1 Instantiation............................................... 5 2.2 Authorization Request..........................................

More information

Using OAuth 2.0 to Access ionbiz APIs

Using OAuth 2.0 to Access ionbiz APIs Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and

More information

Inland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE

Inland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE Inland Revenue Build Pack Identity and Access Services Date: 04/09/2017 Version: 1.5 IN CONFIDENCE About this Document This document is intended to provide Service Providers with the technical detail required

More information

How to Configure Authentication and Access Control (AAA)

How to Configure Authentication and Access Control (AAA) How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual

More information

The OAuth 2.0 Authorization Protocol

The OAuth 2.0 Authorization Protocol The OAuth 2.0 Authorization Protocol Abstract The OAuth 2.0 authorization protocol enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by

More information

Single Sign-On for PCF. User's Guide

Single Sign-On for PCF. User's Guide Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans

More information

Cisco Mobile Skill Manager

Cisco Mobile Skill Manager The Unified CCX supervisor can use the on a smart phone to remotely manage the skill data of all associated agents. This application is not a native one and can run on smart phone browsers. The devices

More information

CMX Connected Experiences- Social, SMS and Custom Portal Registration Configuration Example

CMX Connected Experiences- Social, SMS and Custom Portal Registration Configuration Example CMX Connected Experiences- Social, SMS and Custom Portal Registration Configuration Example Contents Introduction Prerequisites Requirements Components Used Configure Network Diagram Configurations Authentication

More information

Salesforce Mobile App Security Guide

Salesforce Mobile App Security Guide Salesforce Mobile App Security Guide Version 3, 0 @salesforcedocs Last updated: October 11, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,

More information

SSL VPN Web Portal User Guide

SSL VPN Web Portal User Guide The SSL VPN web portal provides easy access to your organization s web resources via the web browser on your desktop or mobile device. The SSL VPN web portal's responsive interface automatically detects

More information

The OAuth 2.0 Authorization Framework draft-ietf-oauth-v2-30

The OAuth 2.0 Authorization Framework draft-ietf-oauth-v2-30 OAuth Working Group D. Hardt, Ed. Internet-Draft Microsoft Obsoletes: 5849 (if approved) D. Recordon Intended status: Standards Track Facebook Expires: January 16, 2013 July 15, 2012 The OAuth 2.0 Authorization

More information

How to Join Skype Meetings

How to Join Skype Meetings How to Join Skype Meetings Scroll through to find the device you are using: Windows, Skype App, Mac or iphone. Windows 1. Open the email / calendar request that you received from your host and select the

More information

Create and Apply Clientless SSL VPN Policies for Accessing. Connection Profile Attributes for Clientless SSL VPN

Create and Apply Clientless SSL VPN Policies for Accessing. Connection Profile Attributes for Clientless SSL VPN Create and Apply Clientless SSL VPN Policies for Accessing Resources, page 1 Connection Profile Attributes for Clientless SSL VPN, page 1 Group Policy and User Attributes for Clientless SSL VPN, page 3

More information

Workplace Online Using a standard web browser, simply login at us.awp.autotask.net using the credentials you ve been given.

Workplace Online Using a standard web browser, simply login at us.awp.autotask.net using the credentials you ve been given. Quick Start Guide WELCOME Thank you for taking the time to evaluate Autotask Workplace. This guide will help you quickly see how Workplace can benefit your business, especially for collaboration and working

More information

Introduction Secure Message Center (Webmail, Mobile & Visually Impaired) Webmail... 2 Mobile & Tablet... 4 Visually Impaired...

Introduction Secure Message Center (Webmail, Mobile & Visually Impaired) Webmail... 2 Mobile & Tablet... 4 Visually Impaired... WEB MESSAGE CENTER END USER GUIDE The Secure Web Message Center allows users to access and send and receive secure messages via any browser on a computer, tablet or other mobile devices. Introduction...

More information

BIG-IP Access Policy Manager : Portal Access. Version 12.1

BIG-IP Access Policy Manager : Portal Access. Version 12.1 BIG-IP Access Policy Manager : Portal Access Version 12.1 Table of Contents Table of Contents Overview of Portal Access...7 Overview: What is portal access?...7 About portal access configuration elements...7

More information

1000 Ways to Die in Mobile OAuth. Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague

1000 Ways to Die in Mobile OAuth. Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague 1000 Ways to Die in Mobile OAuth Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague What is this work about? In 2014, Studied OAuth usage in 200 Android/iOS OAuth applications.

More information

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14 Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.

More information

Building the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017

Building the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017 Building the Modern Research Data Portal using the Globus Platform Rachana Ananthakrishnan rachana@globus.org GlobusWorld 2017 Platform Questions How do you leverage Globus services in your own applications?

More information

Tutorial: Building the Services Ecosystem

Tutorial: Building the Services Ecosystem Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service

More information

Administering Jive Mobile Apps for ios and Android

Administering Jive Mobile Apps for ios and Android Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile

More information

Client Type Windows Linux Mac ios Android

Client Type Windows Linux Mac ios Android Client Type Windows Linux Mac ios Android Windows 10 UWP HTML Access Chrome OS Client Version 4.5 4.5 4.5 4.5 4.5 4.5 4.5 4.5 Minimum Client OS Windows 7 Varies OS X 10.10+ ios 8.0+ Android 4.0+ Windows

More information

Stop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico

Stop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico 1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become

More information

Grandstream Networks, Inc. Captive Portal Authentication via Facebook

Grandstream Networks, Inc. Captive Portal Authentication via Facebook Grandstream Networks, Inc. Table of Content SUPPORTED DEVICES... 4 INTRODUCTION... 5 CAPTIVE PORTAL SETTINGS... 6 Policy Configuration Page... 6 Landing Page Redirection... 8 Pre-Authentication Rules...

More information

ArcGIS Enterprise Security. Gregory Ponto & Jeff Smith

ArcGIS Enterprise Security. Gregory Ponto & Jeff Smith ArcGIS Enterprise Security Gregory Ponto & Jeff Smith Agenda Focus: Security best practices for ArcGIS Enterprise ArcGIS Server Portal for ArcGIS 10.5 Features Strongly Recommend: Knowledge of ArcGIS Server

More information

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013 Ping Identity RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 13, 2013 Product Information Partner Name Ping Identity Web Site www.pingidentity.com Product Name PingFederate

More information

Grandstream Networks, Inc. Captive Portal Authentication via Twitter

Grandstream Networks, Inc. Captive Portal Authentication via Twitter Grandstream Networks, Inc. Table of Content SUPPORTED DEVICES... 4 INTRODUCTION... 5 CAPTIVE PORTAL SETTINGS... 6 Policy Configuration Page... 6 Landing Page Redirection... 8 Pre-Authentication Rules...

More information

MFA Pilot Instructions

MFA Pilot Instructions MFA Pilot Instructions Getting Started You will need the following: Your smartphone, a computer, and Internet access. Before using MFA your computer will need to be running Office 2016. If you are still

More information

Introduction to T-Mobile ID

Introduction to T-Mobile ID Introduction to T-Mobile ID Michael Engan Identity Vision for T-Mobile Agenda Background Why an identity project What is going on with identity in the industry T-Mobile ID Technical details Architecture

More information

Building the Modern Research Data Portal. Developer Tutorial

Building the Modern Research Data Portal. Developer Tutorial Building the Modern Research Data Portal Developer Tutorial Thank you to our sponsors! U. S. DEPARTMENT OF ENERGY 2 Presentation material available at www.globusworld.org/workshop2016 bit.ly/globus-2016

More information

Warm Up to Identity Protocol Soup

Warm Up to Identity Protocol Soup Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital

More information

Student Access to Smith s Wood Sports College Remote Applications

Student Access to Smith s Wood Sports College Remote Applications Page 1 of 45 Table of Contents... 1 Version History... 3 Using a Microsoft Windows device... 4 Minimum Windows Client OS Requirements... 4 Accessing Remote Desktop Services... 5 Using an Apple Mac OS X

More information

Cloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6

Cloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6 for Office Contents 2 Contents Cloud Help for Community Managers...3 Release Notes... 4 System Requirements... 5 Administering Jive for Office... 6 Getting Set Up...6 Installing the Extended API JAR File...6

More information

Grandstream Networks, Inc. Captive Portal Authentication via Facebook

Grandstream Networks, Inc. Captive Portal Authentication via Facebook Grandstream Networks, Inc. Table of Content SUPPORTED DEVICES... 4 INTRODUCTION... 5 CAPTIVE PORTAL SETTINGS... 6 Policy Configuration Page... 6 Landing Page Redirection... 8 Pre-Authentication Rules...

More information

Goverlan Remote Control v7 vs. Microsoft Remote Assistance

Goverlan Remote Control v7 vs. Microsoft Remote Assistance Product Comparison vs. SYNOPSIS and both offer remote access services for Windows platforms. This paper provides a feature comparison between these two products. Publication Information This document was

More information

Liferay Security Features Overview. How Liferay Approaches Security

Liferay Security Features Overview. How Liferay Approaches Security Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................

More information

Salesforce1 Mobile Security White Paper. Revised: April 2014

Salesforce1 Mobile Security White Paper. Revised: April 2014 Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing

More information

Guide for Windows users with Internet Explorer and Firefox

Guide for Windows users with Internet Explorer and Firefox Velocity@ocbc Guide for Windows users with Internet Explorer and Firefox Version 2.0 070513 1 of 18 Check the Java version 1. Launch a browser and go to http://www.java.com/en/download/installed.jsp?detect=jre

More information

Parallels Remote Application Server

Parallels Remote Application Server Parallels Remote Application Server Parallels Client for Mac User's Guide v16 Parallels International GmbH Vordergasse 59 8200 Schaffhausen Switzerland Tel: + 41 52 672 20 30 www.parallels.com Copyright

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications

More information

Monitise. RSA Adaptive Authentication On-Premise Implementation Guide. Partner Information. Monitise Mobile Banking Solution

Monitise. RSA Adaptive Authentication On-Premise Implementation Guide. Partner Information. Monitise Mobile Banking Solution RSA Adaptive Authentication On-Premise Implementation Guide Partner Information Last Modified: June 12, 2013 Product Information Partner Name Web Site www.monitise.com Product Name Version & Platform 5.0

More information

GOING WHERE NO WAFS HAVE GONE BEFORE

GOING WHERE NO WAFS HAVE GONE BEFORE GOING WHERE NO WAFS HAVE GONE BEFORE Andy Prow Aura Information Security Sam Pickles Senior Systems Engineer, F5 Networks NZ Agenda: WTF is a WAF? View from the Trenches Example Attacks and Mitigation

More information

Cookies, sessions and authentication

Cookies, sessions and authentication Cookies, sessions and authentication TI1506: Web and Database Technology Claudia Hauff! Lecture 7 [Web], 2014/15 1 Course overview [Web] 1. http: the language of Web communication 2. Web (app) design &

More information

TIBCO LiveView Web Getting Started Guide

TIBCO LiveView Web Getting Started Guide TIBCO LiveView Web Getting Started Guide Contents Introduction... 1 Prerequisites... 1 Installation... 2 Installation Overview... 2 Downloading and Installing for Windows... 3 Downloading and Installing

More information

Check to enable generation of refresh tokens when refreshing access tokens

Check to enable generation of refresh tokens when refreshing access tokens VERSION User: amadmin Server: sp.example.com LOG OUT OAuth2 Provider Save Reset Back to Services Realm Attributes Indicates required field Authorization Code Lifetime Refresh (seconds) If this field is

More information

Securing Office 365 with Okta

Securing Office 365 with Okta Securing Office 365 with Okta Index Background Terms & Definitions Introduction Office 365 Authentication Methods Securing Federated Office 365 Using Okta Known Email Clients that Support Modern Authentication

More information

User Management. Jabber IDs

User Management. Jabber IDs Jabber IDs, page 1 IM Address Scheme, page 2 Service Discovery using Jabber IDs, page 2 SIP URI, page 3 LDAP User ID, page 3 User ID Planning for Federation, page 3 Proxy Addresses for User Contact Photos,

More information

WEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F

WEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F WEB API v 1. 1 0 8. 0 5. 2 0 1 8 1. Introduction 2. Calling URL 3. Swagger Interface Example API call through Swagger 4. Authentication API Tokens OAuth 2 Code Flow OAuth2 Authentication Example 1. Authorization

More information

Beginner s Guide to Cordova and Mobile Application Development

Beginner s Guide to Cordova and Mobile Application Development November 13, 2018 Beginner s Guide to Cordova and Mobile Application Development George Campbell Lead Software Engineer Doug Davies Lead Software Engineer George Campbell Lead Software Engineer Doug Davies

More information

Identity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014

Identity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014 Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2

More information

WHY CSRF WORKS. Implicit authentication by Web browsers

WHY CSRF WORKS. Implicit authentication by Web browsers WHY CSRF WORKS To explain the root causes of, and solutions to CSRF attacks, I need to share with you the two broad types of authentication mechanisms used by Web applications: 1. Implicit authentication

More information

8.0 Help for Community Managers Release Notes System Requirements Administering Jive for Office... 6

8.0 Help for Community Managers Release Notes System Requirements Administering Jive for Office... 6 for Office Contents 2 Contents 8.0 Help for Community Managers... 3 Release Notes... 4 System Requirements... 5 Administering Jive for Office... 6 Getting Set Up...6 Installing the Extended API JAR File...6

More information

Multi-factor Authentication Instructions

Multi-factor Authentication Instructions What is MFA? Multi-factor Authentication (MFA) is a security measure to confirm your identity in addition to your username and password. It helps in the prevention of unauthorized access to your account.

More information

Session 8. Reading and Reference. en.wikipedia.org/wiki/list_of_http_headers. en.wikipedia.org/wiki/http_status_codes

Session 8. Reading and Reference. en.wikipedia.org/wiki/list_of_http_headers. en.wikipedia.org/wiki/http_status_codes Session 8 Deployment Descriptor 1 Reading Reading and Reference en.wikipedia.org/wiki/http Reference http headers en.wikipedia.org/wiki/list_of_http_headers http status codes en.wikipedia.org/wiki/_status_codes

More information

Contents Overview... 2 Part I Connecting to the VPN via Windows OS Accessing the Site with the View Client Installing...

Contents Overview... 2 Part I Connecting to the VPN via Windows OS Accessing the Site with the View Client Installing... CSEC 640 Lab Access Contents Overview... 2 Part I Connecting to the VPN via Windows OS... 2 Accessing the Site with the View Client... 2 Installing... 3 Launching Your Client... 4 Part II Windows Access

More information

PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility

PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility 2013 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means

More information

SSL VPN Web Portal User Guide

SSL VPN Web Portal User Guide The SSL VPN web portal provides easy access to your organization s web resources via the web browser on your desktop or mobile device. The SSL VPN web portal's responsive interface automatically detects

More information

TIBCO LiveView Web Getting Started Guide

TIBCO LiveView Web Getting Started Guide TIBCO LiveView Web Getting Started Guide Introduction 2 Prerequisites 2 Installation 2 Installation Overview 3 Downloading and Installing for Windows 3 Downloading and Installing for macos 4 Installing

More information

Leveraging the Globus Platform in your Web Applications. GlobusWorld April 26, 2018 Greg Nawrocki

Leveraging the Globus Platform in your Web Applications. GlobusWorld April 26, 2018 Greg Nawrocki Leveraging the Globus Platform in your Web Applications GlobusWorld April 26, 2018 Greg Nawrocki greg@globus.org Topics and Goals Platform Overview Why expose the APIs A quick touch of the Globus Auth

More information

APPLICATION INTERFACE

APPLICATION INTERFACE WEB PLATFORM OVERVIEW v.1.4.0 APPLICATION INTERFACE Start view and server selection options: Test progress view: Summary view: Mobile view: USER INTERFACE FIREPROBE is a platform designed for Internet

More information

Multi-factor Authentication Instructions

Multi-factor Authentication Instructions What is MFA? (MFA) is a security measure to confirm your identity in addition to your username and password. It helps in the prevention of unauthorized access to your account. MFA authentication is typically

More information

SSL VPN INSTALLATION GUIDE

SSL VPN INSTALLATION GUIDE SSL VPN INSTALLATION GUIDE Sonicwall VPN Client Download & Installation Guide For Windows Machines : 1) Open Browser and Browse the following URL to download the client. https://103.237.170.61/cgi-bin/welcome/virtualoffice

More information

Advanced Authentication 6.0 includes new features, improves usability, and resolves several previous issues.

Advanced Authentication 6.0 includes new features, improves usability, and resolves several previous issues. Advanced Authentication 6.0 Release Notes May 2018 Advanced Authentication 6.0 includes new features, improves usability, and resolves several previous issues. Many of these improvements were made in direct

More information

ArcGIS Enterprise Security: Advanced. Gregory Ponto & Jeff Smith

ArcGIS Enterprise Security: Advanced. Gregory Ponto & Jeff Smith Enterprise Security: Advanced Gregory Ponto & Jeff Smith Agenda Focus: Security best practices for Enterprise Server Portal for 10.5.x Features Strongly Recommend: Knowledge of Server and Portal for Security

More information

Deployment User Guide

Deployment User Guide Deployment User Guide Version: 010319-2 Contents STEP 1: (Windows Users Only): Determine if your PC is running the 32-bit or 64-bit version of Windows. If you are not a PC user, please proceed to step

More information

VMware Horizon Client for Windows User Guide. Modified on 03 OCT 2017 VMware Horizon Client for Windows 4.6 VMware Horizon Client for Windows 4.6.

VMware Horizon Client for Windows User Guide. Modified on 03 OCT 2017 VMware Horizon Client for Windows 4.6 VMware Horizon Client for Windows 4.6. VMware Horizon Client for Windows User Guide Modified on 03 OCT 2017 VMware Horizon Client for Windows 4.6 VMware Horizon Client for Windows 4.6.1 VMware Horizon Client for Windows User Guide You can find

More information

WP Voting Plugin - Ohiowebtech Video Extension - Youtube Documentation

WP Voting Plugin - Ohiowebtech Video Extension - Youtube Documentation WP Voting Plugin - Ohiowebtech Video Extension - Youtube Documentation Overview This documentation includes details about the WP Voting Plugin - Video Extension Plugin for Youtube. This extension will

More information

Aruba Central Guest Access Application

Aruba Central Guest Access Application Aruba Central Guest Access Application User Guide Copyright Information Copyright 2017Hewlett Packard Enterprise Development LP. Open Source Code This product includes code licensed under the GNU General

More information

Single Sign-On Showdown

Single Sign-On Showdown Single Sign-On Showdown ADFS vs Pass-Through Authentication Max Fritz Solutions Architect SADA Systems #ITDEVCONNECTIONS Azure AD Identity Sync & Auth Timeline 2009 2012 DirSync becomes Azure AD Sync 2013

More information

Advanced API Security

Advanced API Security Advanced API Security ITANA Group Nuwan Dias Architect 22/06/2017 Agenda 2 HTTP Basic Authentication Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 3 API Security is about controlling Access Delegation

More information

Exploring Chrome Internals. Darin Fisher May 28, 2009

Exploring Chrome Internals. Darin Fisher May 28, 2009 Exploring Chrome Internals Darin Fisher May 28, 2009 Simple interface, powerful core Modern browsers resemble the cooperatively multi-tasked operating systems of the past. Guiding sentiment, 2006 Goals

More information

Authentication in the Cloud. Stefan Seelmann

Authentication in the Cloud. Stefan Seelmann Authentication in the Cloud Stefan Seelmann Agenda Use Cases View Points Existing Solutions Upcoming Solutions Use Cases End user needs login to a site or service End user wants to share access to resources

More information

P2_L12 Web Security Page 1

P2_L12 Web Security Page 1 P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction

More information

Microsoft OWA 2013 IIS Integration

Microsoft OWA 2013 IIS Integration Microsoft OWA 2013 IIS Integration Contents 1 Introduction 2 Compatibility 3 Prerequisites 4 File Downloads 5 Architecture 6 Installation 6.1 Software Installation 6.2 Configuration of the IIS Filter 6.2.1

More information

DPHremote.ucsf.edu for Webconnect Users

DPHremote.ucsf.edu for Webconnect Users Page 1 of 10 DPHremote.ucsf.edu for Webconnect Users The current version of DPH WebConnect heavily depends on Java and Safari preferences and these settings periodically are changed as Java, Citrix, and

More information

ClickToCall SkypeTest Documentation

ClickToCall SkypeTest Documentation ClickToCall SkypeTest Documentation Release 0.0.1 Andrea Mucci August 04, 2015 Contents 1 Requirements 3 2 Installation 5 3 Database Installation 7 4 Usage 9 5 Contents 11 5.1 REST API................................................

More information

E POSTBUSINESS API Login-API Reference. Version 1.1

E POSTBUSINESS API Login-API Reference. Version 1.1 E POSTBUSINESS API Login-API Reference Imprint Software and documentation are protected by copyright and may not be copied, reproduced, stored, translated, or otherwise reproduced without the written approval

More information

Parallels Remote Application Server

Parallels Remote Application Server Parallels Remote Application Server Parallels Client for Chrome User's Guide v16 Parallels International GmbH Vordergasse 59 8200 Schaffhausen Switzerland Tel: + 41 52 672 20 30 www.parallels.com Copyright

More information

Identity and Data Access: OpenID & OAuth

Identity and Data Access: OpenID & OAuth Feedback: http://goo.gl/dpubh #io2011 #TechTalk Identity and Data Access: OpenID & OAuth Ryan Boyd @ryguyrg https://profiles.google.com/ryanboyd May 11th 2011 Agenda Feedback: http://goo.gl/dpubh #io2011

More information

Let your customers login to your store after pre-approval

Let your customers login to your store after pre-approval Customer Approve & Disapprove Let your customers login to your store after pre-approval Extension Specification Document Version: 2.0.0 Magento 2 Extension URL: https://www.extensionhut.com/customer-approve-disapprove-for-magento-2.html

More information

VMware Browser Admin Guide Configuring and deploying the VMware Browser

VMware Browser Admin Guide Configuring and deploying the VMware Browser VMware Browser Admin Guide Configuring and deploying the VMware Browser AirWatch v9.1 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

More information

CNIT 129S: Securing Web Applications. Ch 4: Mapping the Application

CNIT 129S: Securing Web Applications. Ch 4: Mapping the Application CNIT 129S: Securing Web Applications Ch 4: Mapping the Application Mapping Enumerate application's content and functionality Some is hidden, requiring guesswork and luck to discover Examine every aspect

More information

CSCE 813 Internet Security Case Study II: XSS

CSCE 813 Internet Security Case Study II: XSS CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that

More information

Enterprise Access Gateway Management for Exostar s IAM Platform June 2018

Enterprise Access Gateway Management for Exostar s IAM Platform June 2018 Enterprise Access Gateway Management for Exostar s IAM Platform June 2018 Copyright 2018 Exostar LLC All rights reserved. 1 Version Impacts Date Owner Enterprise Access Gateway (EAG) Guide Revised June

More information

Sticky Notes for Cognos Analytics by Tech Data BSP Software

Sticky Notes for Cognos Analytics by Tech Data BSP Software Sticky Notes for Cognos Analytics by Tech Data BSP Software Installation Guide Sticky Notes for Cognos Analytics is an easy to install extension that allows report authors to record notes directly from

More information

Partner Center: Secure application model

Partner Center: Secure application model Partner Center: Secure application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including

More information

Leveraging the Globus Platform in your Web Applications

Leveraging the Globus Platform in your Web Applications Leveraging the Globus Platform in your Web Applications Steve Tuecke tuecke@uchicago.edu NCAR September 5, 2018 Globus serves as A platform for building science gateways, web portals and other applications

More information

TO ENABLE FINGERPRINT AUTHENTICATION

TO ENABLE FINGERPRINT AUTHENTICATION TO ENABLE FINGERPRINT AUTHENTICATION When end user first launches the imobile app, the app will determine whether the device has Fingerprint support. If so, the First time fingerprint authentication availability

More information

Microsoft Remote Desktop setup for OSX, ios and Android devices

Microsoft Remote Desktop setup for OSX, ios and Android devices Microsoft Remote Desktop setup for OSX, ios and Android devices Table of Contents Microsoft Remote Desktop Installation and Use: Introduction.. 3 OSX setup. 4 ios setup...10 Android setup..22 Page 2 of

More information

BT Lancashire Services

BT Lancashire Services Remote Access to Corporate Desktop (RACD) User Guide In confidence BT Lancashire Services Remote Access to Corporate Desktop (RACD) User Guide Working in partnership Confidentiality Statement BT Lancashire

More information

How to social login with Aruba controller. Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00

How to social login with Aruba controller. Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00 Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00 Overview This short document describes the basic setup for social login using Aruba ClearPass and Aruba wireless LAN controller. Aruba ClearPass, version

More information

Table of Contents HOL-1757-MBL-6

Table of Contents HOL-1757-MBL-6 Table of Contents Lab Overview - - VMware AirWatch: Technology Partner Integration... 2 Lab Guidance... 3 Module 1 - F5 Integration with AirWatch (30 min)... 8 Getting Started... 9 F5 BigIP Configuration...

More information

Remote Desktop Services

Remote Desktop Services Remote Desktop Services AMERICAN INSTITUTES FOR RESEARCH AIR REMOTE DESKTOP SERVICES (RDS) GUIDE Overview Welcome to! can be accessed from a Windows computer, a Mac, and even a mobile device; such as an

More information

APSCN VPN SETUP F5 VPN October Update

APSCN VPN SETUP F5 VPN October Update APSCN VPN SETUP F5 VPN 2018 October Update Table of Contents Description of Role Access... 1 Windows OS VPN Setup... 3 MAC OS VPN Setup... 8 Chrome OS VPN Setup... 13 Disconnecting the VPN... 18 Reconnecting

More information

Kerberos and Single Sign On with HTTP

Kerberos and Single Sign On with HTTP Kerberos and Single Sign On with HTTP Joe Orton Red Hat Overview Introduction The Problem Current Solutions Future Solutions Conclusion Introduction WebDAV: common complaint of poor support for authentication

More information

VMware AirWatch Android Platform Guide

VMware AirWatch Android Platform Guide VMware AirWatch Android Platform Guide Workspace ONE UEM v9.4 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com. This product

More information

Web Application Security. Philippe Bogaerts

Web Application Security. Philippe Bogaerts Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security

More information

MFA Instructions. Getting Started. 1. Go to Apps, select Play Store 2. Search for Microsoft Authenticator 3. Click Install

MFA Instructions. Getting Started. 1. Go to Apps, select Play Store 2. Search for Microsoft Authenticator 3. Click Install MFA Instructions Getting Started You will need the following: Your smartphone, a computer, and Internet access. Before using MFA your computer will need to be running Office 2016 if you use the full version

More information

VMware Horizon Workspace Security Features WHITE PAPER

VMware Horizon Workspace Security Features WHITE PAPER VMware Horizon Workspace WHITE PAPER Table of Contents... Introduction.... 4 Horizon Workspace vapp Security.... 5 Virtual Machine Security Hardening.... 5 Authentication.... 6 Activation.... 6 Horizon

More information

Integrating with ClearPass HTTP APIs

Integrating with ClearPass HTTP APIs Integrating with ClearPass HTTP APIs HTTP based APIs The world of APIs is full concepts that are not immediately obvious to those of us without software development backgrounds and terms like REST, RPC,

More information