PAS for OpenEdge Support for JWT and OAuth Samples -

Size: px
Start display at page:

Download "PAS for OpenEdge Support for JWT and OAuth Samples -"

Transcription

1 PAS for OpenEdge Support for JWT and OAuth Samples - Version 1.0 November 21, 2017 Copyright 2017 and/or its subsidiaries or affiliates. All Rights Reserved.

2 2 TABLE OF CONTENTS INTRODUCTION... 3 REQUIREMENTS TO RUN THE SAMPLES... 4 OAUTH 2.0 TESTING BY CONFIGURING HMAC ALGORITHM... 8 OAUTH 2.0 TESTING WITH GOOGLE Google OAuth 2.0 Configuration Google OAuth 2.0 configuration in PAS for OpenEdge OAUTH 2.0 TESTING WITH AWS COGNITO... 29

3 3 Introduction Beginning in Progress OpenEdge , Progress Application Server (PAS) for OpenEdge Spring Security includes support for validating and using an OAuth 2.0 standard's Resource Server JSON Web Tokens (JWTs) and custom-generated JWTs. The JWT support provided by the Spring Security layer validates an OAuth 2.0 self-contained (aka ID Token) claims fields and signature, which if successful will result in the transformation of the JWT into a sealed Client Principal that is passed to your ABL business application on each request. This document and corresponding samples is provided to help you understand how to configure Spring Security validation of OAuth 2.0 self-contained & JWTs, and how an OpenEdge Client Principal can be generated that your ABL application can use. These sample cannot present all possible use cases and their configuration, but focuses instead on typical use cases. The goals of this document and samples is for you to: 1. Learn the fundamentals of how Spring Security OAuth 2.0 & JWT support provides your ABL application with a means of integrating with other non-openedge services in a single security model using shared user login identities. 2. Define which types of OAuth 2.0 and JWT tokens can be used to access an OpenEdge ABL application, and the required list of claim fields. 3. Understand the primary types of Spring Security OAuth 2.0 & JWT configurations used for validating token claims and signatures. 4. Learn how to configure the Spring Security OAuth 2.0 & JWT token conversion to a Client Principal that can be used by your ABL application, other OpenEdge application servers, and OpenEdge databases. 5. Gain exposure to some free tools that can be used to generate, validate, and test tokens that can be passed to PAS for OpenEdge for authentication & authorization. Generate and validate tokens for Hash-based Message Authentication Code (HMAC) and RSA Algorithms. Social Authentication Providers like Google. Commercial Authentication Providers like Amazon Web Services (AWS) Cognito. Before you begin, it will help if you read the OAuth 2.0 & JWT technology overview in the OpenEdge documentation. This will familiarize you with terms and basic functionality. This sample assumes you have a basic understanding before beginning. The following OAuth 2.0 & JWT features are not supported in PAS for OpenEdge Spring Security: OAuth 2.0 Authorization Server for converting authorization tokens for Access Tokens. JWTs, such as an OAuth 2.0 Random Access Token, that do not contain a user-id & scopes/roles information necessary for creating a Client Principal that allows access to OpenEdge database and other security features.

4 4 JWT creation with full JWS HMAC, RSA, and Elliptical Curve signatures. JSON Web Key (JWK) sets that contain a digital certificate with an embedded x5c character (limitation). Requirements to run the Samples S.NO Requirements 1. Progress OpenEdge with Progress Developer Studio for OpenEdge installed. 2. Node.js (at least version) - optional The latest version of node.js can be downloaded from After successful installation, you should have node.js and Node Package Manager (NPM) installed. Post installation, verify if node.js is installed correctly by running the below command from the command prompt. node -v 3. Chrome Browser The JavaScript samples provided were tested in Chrome, so we suggest you download Chrome if not available to test these samples. 4. POSTMAN REST Client For running raw HTTP requests, we have used POSTMAN as a Client. It comes with Chrome as a plug-in, but in case you want to download it as application then you can do that from here: Alternatively, you can use curl, ABL HTTP Client etc. 5. Notepad++ Or any text-editor that shows line numbers. Download OAuth2Samples.zip and unzip it to the %WRKDIR% (C:\OpenEdge\WRK by default).

5 5 The archive has the following artifacts: 1. gentoken.js - nodejs script. 2. IdmStartup.p, IdmActivate.p & dumpcp.p event procedures. 3..properties file oeablsecurity.properties file for HMAC, RSA, Google and AWS Cognito. 4. oauth HTML/JavaScript login Application. 5. outh2reg.csv domain registry file used in PAS for OpenEdge Spring Security. 6. domains.json domain registry file used by the event procedures. Generating JWT token using nodejs libraries JSON Web Token (JWT) is a self-contained way for securely transmitting information between the Client Application and the service provider as a JSON object, as they are digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA. For the samples provided in this document, we are providing HMAC and RSA tokens that never expire. In case you want to generate your own token, then please follow the following steps. To generate the JWT tokens with these two algorithms, we are using open-source tool nodejs and few of its libraries. To install the nodejs libraries to generate token, run the below npm commands. npm install fs (file I/O library) npm install jsonwebtoken (library to generate and validate JWT tokens) If you would like to read more details about JSONWebToken node library then you can find it here - Using these libraries, we have written gentoken.js script that generates tokens based on a selected algorithm, and if required we can also validate the tokens. Usage: node gentoken.js <Algorithm> Algorithm can be HS256, HS384, HS512, RS256, RS384 and RS512 For example, to generate a token in HS256 format then run the gentoken.js as below node gentoken.js HS256

6 6 eyjhbgcioijiuzi1nij9.eyjzdwiioiainzk2nwjiytqtyjy1zc00mjeylwfkyzctnmjkmjdlzmyx ODBlIiwidG9rZW5fdXNlIjogImFjY2VzcyIsInNjb3BlIjogIlBTQ1VzZXIiLCJpc3MiOiAiaHR0cHM6 Ly9ub2RlanNKV1QiLCJjbGllbnRfaWQiOiAiMTIzNDU2Nzg5IiwiaWF0IjogMTUwODE2NDY1 MCwiZXhwIjogMTUwODE2NDgwMCwianRpIjogInM5MHU0N3I5Mm9vbzB3b2s4MHNrb29 ja3n3b3d3ayisimf1zci6icjwyxnvzs5vcgvuzwrnzs5wcm9ncmvzcy11c2vycy5jb20ilcjlb WFpbCI6ICJpc3llZEBwcm9ncmVzcy5jb20iLCJ1c2VybmFtZSI6ICJpc3llZCJ9.nRYeqaQk2BhFzP 5bUxlk2Xl1kgsXfGzE_BS_1m1AWh8 We have added color coding to the token to highlight that the JWT token consists of three parts separated by (.) dots. 1. Header - definition of hashing algorithm and type of the token 2. Payload - claims that have the information about identity and any additional information 3. Signature - to create the signature part you must take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. data = base64urlencode( header ) +. + base64urlencode( payload ) signature = Hash( data, secret ); The secret is the signature stored in the server, this way the server will be able to verify existing tokens and sign new ones.

7 7 If we decode the token online ( then it should show it as below. In the script gentoken.js, we are signing HS256 JWT token with secret password. If we use the secret value then the signature should be validated correctly.

8 8 Now that we know how the tokens are generated and validated, we will configure PAS for OpenEdge to validate HMAC-based JWT tokens and generate an OpenEdge Client Principal. OAuth 2.0 testing by configuring HMAC Algorithm We shall be using a newly created oepas1 instance of for configuring and testing OAuth 2.0 on PAS for OpenEdge. 1. As you may know, starting with 11.7, all of the Spring security configuration files are available in the oeablsecurity.properties file instead of multiple XML files, for better management. Take a backup of the default oeablsecurity.properties file in the ROOT oeabl Web Application of the oepas1 PAS for OpenEdge Instance. proenv> move %WRKDIR%\oepas1\webapps\ROOT\WEB-INF\oeablSecurity.properties oeablsecurity.properties.backup 2. Copy HMAC.properties to oepas1\webapps\root\web-inf\ as oeablsecurity.properties file. proenv> copy HMAC.properties oepas1\webapps\root\web-inf\oeablsecurity-properties The HMAC.properties are listed in the following table. Table 1 - oeablsecurity.properties for OAuth 2.0 HMAC Algorithm Client.login.model=oauth2 OEClientPrincipalFilter.domain=JWTdomain OEClientPrincipalFilter.registryFile=oauth2reg.bin Enables OAuth 2.0 for the ROOT Web Application When we pass a username/password or a Client Principal token that has user@domain then the domain is picked automatically. But when the username does not contain any domain or with JWT token which does not have any context of domain then we can statically define the domain name. This domain will be set inside the Client Principal and the key to seal the client-principal is mapped to the domain in the registry file. Registry information of domain-access-codes for the domains. This file is generated using gendomreg. gendomreg oauth2reg.csv oauth2reg.bin Where oauth2reg.csv has the list of the domain and domainaccess-codes in the below format: <domain1>,<domain-access-code>

9 9 jwttoken.signaturealg=hs256 Signature Algorithm chosen to validate the JWT token. jwttoken.mackey=oeph0::76e5f6c F02E4D2D1DDCD jwttoken.keystore.type=mac Secret key with which the JWT HMAC tokens will be validated. The value can be either clear-text or the one generated using stspwdutil Type of keystore for validating the JWT signature. oauth2.ressvc.audience=pas for OpenEdge.openedge.progress-users.com oauth2.ressvc.tokenservices=jwt The (aud) audience claim that is verified by PAS for OpenEdge JWT process. Every JWT token passed should have audience claim as configured, else it will be rejected. If configured to jwt then it will only check the token against the mackey and signature. If configured to oauth2 it will also verify if the JWT token has standard payload claims (like client-id). 3. Generate a domain registry file from oauth2reg.csv file in %WRKDIR%. Copy the generated oauth2reg.bin to oepas1\conf directory which is the relative path for all the registry files in PAS for OpenEdge Spring Security. proenv> gendomreg oauth2reg.csv oauth2reg.bin 4. Create a file named openedge.prop which has the properties that we want to merge into oepas\conf\openedge.properties. These properties will be used for all the samples that we are going to execute in this document. [AppServer.Agent] sessionactivateproc=idmactivate.p sessionstartupproc=idmstartup.p [oepas1.root.web] handler1=openedge.web.pingwebhandler: /_oeping We added a new WebHandler(PingWebHandler) that comes out of the box with the PAS for OpenEdge installation in OpenEdge It can be used as a health check service to see if the PAS for OpenEdge Instance and the MS-Agent are up and running. 5. Merge openedge.prop properties file with the one that is already available in oepas1 using oeprop.bat. proenv> cd oepas1\bin proenv> oeprop.bat -f %WRKDIR%\openedge.prop

10 10 6. Copy the startup and activate procedures to the default PROPATH of the oepas1 PAS for OpenEdge Instance. proenv> copy activate.p oepas1\openedge\ proenv> copy IdmStartup.p oepas1\openedge\ proenv> copy dumpcp.p oepas1\openedge\ 7. The IdmStartup.p startup procedure is responsible for loading and locking the registry for each session. The domain registry information is stored in the domains.json file that is stored in %WRKDIR%. In domains.json, the domain is in clear-text, but the domain-access-code is encrypted using the genpassword utility which is equivalent to AUDIT-POLICY:ENCRYPT-AUDIT-MAC- KEY(). 8. Start the PAS for OpenEdge Server using pasman PAS for OpenEdgeStart proenv> pasman PAS for OpenEdgestart -I oepas1 -timeout After the PAS for OpenEdge instance has been started successfully, use the below HS256 JWT token or generate your own JWT token using gentoken.js by running node gentoken.js HS256 eyjhbgcioijiuzi1nij9.eyjzdwiioiainzk2nwjiytqtyjy1zc00mjeylwfkyzctnmjkmjdlzmy xodbliiwidg9rzw5fdxnlijogimfjy2vzcyisinnjb3blijogilbtq1vzzxiilcjpc3mioiaiahr0ch M6Ly9ub2RlanNKV1QiLCJjbGllbnRfaWQiOiAiMTIzNDU2Nzg5IiwiaWF0IjogMTUwOTIxMD IyOSwiZXhwIjogMjcwOTIxMDI1OSwianRpIjogIjVobDB0ejU1NDBnODRnZ2Nza2tnb3Njbz AwMGNjcyIsImF1ZCI6ICJvcGVuZWRnZS5zYW1wbGUifQ.wRaeG3942QHq5z6deffTBRm_F hl2ijmgepvx0tdn8bi 10. Capture the token that was generated earlier, using Postman Client to perform a HTTP GET Request to the URL with the below headers and see that it is executed successfully. Accept: application/json Authorization: Bearer <HS256 JWT token>

11 Spring Security in PAS for OpenEdge validates the JWT token with the provided JWT configuration in the oeablsecurity.properties file, and then converts the JWT token to a Client Principal token and seals it based on the Client Principal domain and key values from the same oeablsecurity.properties file. If the Client Principal is validated successfully in the activate procedure, it will dump the Client Principal properties as below in the oepas1.agent.log.

12 12 OAuth 2.0 testing by configuring RSA Algorithm Unlike HMAC, JWT tokens generated using the RSA Algorithm are signed using a Privacyenhanced Electronic Mail (PEM) or Java Key Store (JKS) certificate. In this example, we will use a PEM file to generate and validate the JWT token for RSA Algorithm. Before generating JWT tokens, let s configure OpenSSL and generate public/private key pairs in PEM format. JWT tokens can be generated for RS256, RS384 and RS512 algorithms. OpenSSL default certificates are generated with 1024-bit keypairs. To generate all three algorithms for RSA, we need to install OpenSSL certificates with 2048-bit keypairs. 12. Generate a RSA private key using 2048-bit keypairs. Enter the passphrase as password as we are using the same name while generating tokens in the PAS for OpenEdge configuration. proenv>openssl genrsa des3 out privatecert.pem Extract the public key from the private key. Enter the same passphrase password when prompted. proenv>openssl rsa pubout in privatecert.pem out publiccert.pem Make sure that privarecert.pem and publiccert.pem are generated successfully. The nodejs script gentoken.js uses privatecert.pem to sign the RSA token. 14. Copy RSA.properties to oepas1\webapps\root\web-inf\ as oeablsecurity.properties file proenv>copy RSA.properties oepas1\webapps\root\web-inf\oeablsecurity.properties

13 13 The RSA.properties are shown in the following table. Table 2 - oeablsecurity.properties for OAuth 2.0 RSA Algorithm jwttoken.signaturealg=rs256 jwttoken.keystore.type=pem RSA Signature Algorithm chosen to validate the JWT token. Type of keystore for validating the JWT signature jwttoken.keystore.path=${catalina.base}/conf/jwtkeys jwttoken.keystore.alias=publiccert oauth2.ressvc.tokenservices=oauth2 client.login.model=oauth2 OEClientPrincipalFilter.domain=JWTdomain OEClientPrincipalFilter.registryFile=oauth2reg.bin oauth2.ressvc.audience=openedge.sample The keystore location where the public key PEM certificates are located. Name of the public key certificate <Same as in Table1> <Same as in Table1> <Same as in Table1> <Same as in Table1> <Same as in Table1> For RSA, we are choosing OAuth 2.0 as the JWT token generated as it has all the mandatory claims required for a OAuth 2.0 token. 15. If we specify oauth2.ressvc.tokenservice=oauth2, then in addition to validating the JWT tokens signature it also verifies standard OAuth 2.0 claims like client-id and authorize clients that contain only those client-id s. To register the client-id for this webapp, we have to enter in the client-id in oepas1\webapps\root\web-inf\oauth2ressvcclients.cfg.

14 Copy the public key to the JWT keystore location configured in oeablsecurity.properties. cd oepas1\conf\jwtkeys copy %WRKDIR%\publiccert.pem 17. Restart the PAS for OpenEdge Server Proenv> pasman PAS for OpenEdgestart I oepas1 -restart 18. After the PAS for OpenEdge instance has been started successfully, use the below RSA 256 JWT token or generate your own JWT token using gentoken.js by running node gentoken.js RS256 eyjhbgcioijsuzi1nij9.eyjzdwiioiainzk2nwjiytqtyjy1zc00mjeylwfkyzctnmjkmjdlzmyx ODBlIiwidG9rZW5fdXNlIjogImFjY2VzcyIsInNjb3BlIjogIlBTQ1VzZXIiLCJpc3MiOiAiaHR0cHM6 Ly9ub2RlanNKV1QiLCJjbGllbnRfaWQiOiAiMTIzNDU2Nzg5IiwiaWF0IjogMTUwOTIxMDU1O CwiZXhwIjogMjcwOTIxMDU4OCwianRpIjogImJ5bm1oNmh5NGcwOGs4MG9rMDRjb3M0O HN3c2c0OCIsImF1ZCI6ICJvcGVuZWRnZS5zYW1wbGUifQ.JyozdRv5MACCnSX_NqYFeZy4k0 f2r1flkrjf_9r77eznrnijsbrq-ueciepcfemvjs- Dfug_n7GKxTEz1gfa_NxCO_rHWqME3kPmlIELcuOAqX89BjnEtRIfvd0W9rK4yKWcsjpzoID M2OvCrbivm5hoY_raAEJJrgLjgu4c5DKBwHGx9R47yLnKBdZ0zIe83uMJJivIU9dBw2q1- R6KPqOx7 hsshznz85rkdrjemceqyqbdsfrqoz9l57ifugouflwjj0ocqvilak6isravqjinv7 3FNILfHKfwMhO54e1QGkbnaeBCAKvYz1IHQBkU5XuDZ2BVdx7wXRTjZ-kA 19. Capture the token that is generated earlier, using Postman Client perform a HTTP GET Request to the URL with the below headers and see that it is executed successfully. Accept: application/json Authorization: Bearer <RS256 JWT token>

15 Successful Client Principal validation should generate all the Client Principal properties. If you would like to see the validation of the client-id, then change the client-id value in oauth2ressvcclients.cfg, restart the server and execute the client request. You should receive a 401 Error. OAuth 2.0 testing with Google Google provides support to access its APIs using OAuth 2.0. To do that, you create credentials in the Google developer console. Documentation for that can be found here: Google documentation - Google OAuth 2.0 Configuration In case you would like to see how to do that step-by-step then follow the below instructions. 1. Navigate to below URL in your browser and login to your Google account.

16 16 2. Client on Create Credentials and select API Key.

17 17 3. A new API key is generated. Click on RESTRICT KEY. 4. Give a name to this API Key and click Save.

18 18 5. The API key should be available: select OAuth Client ID.

19 19 6. In Create client ID page, select Web application and click Create. 7. Give a name to the Client ID and enter the Authorized JavaScript Origins value as and click Save. This way, it will only allow requests from this URL to Google.

20 20 8. Click on Create and it should generate the Client ID.

21 21 You will be using the generated Client-ID and API Key in your Client Application to perform authentication with Google. Once successfully authenticated, it will return JWT tokens, and those tokens can be passed to the PAS for OpenEdge server as the user s identity. Unlike the JWT tokens that were generated locally using gentoken.js for RSA and HMAC algorithm, most of the online OAuth 2.0 Authentication providers provide access to JWKS (JSON Web Key Set) so that Resource Servers like PAS for OpenEdge can validate the tokens. Google s open-id configuration can be found at -

22 22 If you click the jwks_uri, it will provide the list of keys used to validate the JWT token. Out of this array of keys, only 1 key will be used for each request. The identifier for that is the kid value, each JWT token generated by Google will have a kid value and corresponding key which has the same kid value in JWKS will be used to validate the JWT token. Instead of us doing this processing of identifying the key, we can just provide the JWKS URI in PAS for OpenEdge and it will validate the JWT token with the given JWKS URI in the PAS for OpenEdge OAuth 2.0 configuration. Note: For this example, we are using Google s People API. So, make sure that it is enabled for the Google Project you have created in Google developer console. If not, you will be seeing 403 errors.

23 23 The token generated by Google does not have scope and client-id. If we set the oauth2.ressvc.tokenservices to oauth2, then it will look for client-id in the token. So for Google, we will configure oauth2.ressvc.tokenservices to jwt so that it will validate only the JWT token against JWKS. Google OAuth 2.0 configuration in PAS for OpenEdge 1. Copy Google.properties to oepas1\webapps\root\web-inf as oeablsecurity.properties. proenv> copy Google.properties oepas1\webapps\root\web-inf\oeablsecurity-properties The Google.properties are as below Table 3-oeablSecurity.properties for OAuth 2.0 Google jwttoken.keystore.type=jwk jwttoken.keystore.jwkurl= gleapis.com/oauth 2.0/v3/certs Type of JWT token validation mechanism supported for this configuration. Url of the JSON Web Key (JWK) against which the JWT token will be validated

24 24 oauth2.ressvc.tokenservices=jwt <Same as in Table 1> client.login.model=oauth2 <Same as in Table 1> OEClientPrincipalFilter.domain=Google <Same as in Table 1> OEClientPrincipalFilter.registryFile=oauth2re g.bin oauth2.ressvc.audience= oc8r233d4424asdf0sj05bhs6okqajvq7l5.app s.googleusercontent.com <Same as in Table 1> <Same as in Table 1>. You get this value from the JWT token obtained from Google. In-order to obtain a JWT token for Google, the Resource Owner (End-User) needs to go through the authentication process performed by the Authorization Server. To go through that process, we have written the HTML/javascript OpenID Connect example using Google s JavaScript API s which gives us the ability to authenticate the Resource Owner (End-user) with the Authorization Server (Google), and validate if the Client (HTML/javascript) is authorized to perform this action. 2. Create a new OEABL Web App and deploy the client application in the static folder. Proenv> cd oepas1/bin Proenv> tcman.bat deploy %DLC%\servers\PAS for OpenEdge\extras\oeabl.war Proenv> copy %WRKDIR%\oauth %WRKDIR%\oepas1\webapps\oeabl\static\ The folder has a HTML/javascript example that performs OAuth 2.0 with Google and AWS Cognito User Pool Authentication Providers. By default, it is configured to use the Client-ID and API key that is been used while testing the samples. While doing the testing, you must provide your own credentials (Client-ID and API key) as they will not be available for you. So, you must change the below lines oepas1/webapps/oeabl/static/oauth/loginpage.html as per the details provided by your Authentication Provider. Google - lines 13, 162, 173 AWS Cognito - lines 70, Restart the PAS for OpenEdge server proenv> pasman PAS for OpenEdgestart I oepas1 restart

25 25 4. After the PAS for OpenEdge Instance is up and running, access the URL

26 26 9. Click on Google Sign-in and you will be prompted to enter your Google credentials. Once you have successfully entered the credentials, you will see a 403 error with response Insufficient scope. If you start the Chrome console, you will see that the token is generated successfully but it is forbidden by PAS for OpenEdge. This is because the default scope for /web/** URL pattern is set to PSCUser and the Google tokens do not provide any scope. For OAuth 2.0, we have altogether a different.csv file (oeablsecurityjwt.csv) for URL Authorization. For JWT, scopes are equivalent to roles, hence oeablsecurityjwt.csv has authorization based on scopes instead of roles. 10. Open oepas1\webapps\root\web-inf\oeablsecurityjwt.csv file to modify the Authorization URL s. Modify the URL Authorization pattern from hasanyscope( PSCUser ) to permitall() for the URL pattern /web/** and restart the server. proenv> pasman PAS for OpenEdgestart I oepas1 restart Notice that we are changing the Authorization URL to permitall() but we still have a check of audience in oeablsecurity.properties. The incoming request should contain a JWT token having an aud claim matching to what we have configured in

27 27 oeablsecurity.properties, so requests without a valid Google JWT token for the configured Client-ID can only access PAS for OpenEdge services. 11. Access the loginpage.html again, click on Google Sign-in and enter your Google credentials, and this time it should invoke the _oeping Service successfully and return a valid response.

28 28 As the Client Principal is validated successfully, it generated all its properties.

29 29 OAuth 2.0 testing with AWS Cognito AWS Cognito provides the ability for AWS users to create a User Pool and authenticate users against it. In addition to static User Pool, it also provides options to integrate with Social Authentication Providers like Google, Facebook etc. Documentation on how to generate tokens with AWS Cognito User Pool can be found here: Note: The process followed for AWS Cognito is the same as for Google, so we are not providing step-by-step instructions. In the sample provided, we have tested with AWS Cognito User Pool. We have created pasuser as a user in the UserPool PAS for OpenEdgeData. JWT tokens generated by AWS Cognito provides client-id and scopes. Hence configuring oauth2.ressvc.tokenservices as oauth2 and defining the client-id in the OAuth 2.0ResSvcClients.cfg file.

30 30 You can add as many client-id s as you want in oauth2.ressvc.tokenservices for validation. Similarly, update the scope in oeablsecurityjwt.csv file. For the configuration we have used in AWS, the scope of the token was aws.cognito.signin.user.admin. Modify it based on the scope assigned to your token from AWS Cognito. Copy AWS.properties to oepas1\webapps\root\web-inf as oeablsecurity.properties and restart the server. Modify the jwkurl in oeablsecurity.properties as per your AWS Cognito UserPool. Access loginpage.html, enter the AWS Cogntio UserPool credentials and click on AWS Sign-in. If the JWT token is generated successfully, the token is sent to Spring and it will validate and convert it to a Client Principal token.

31 31

4.2. Authenticating to REST Services. Q u i c k R e f e r e n c e G u i d e. 1. IdentityX 4.2 Updates

4.2. Authenticating to REST Services. Q u i c k R e f e r e n c e G u i d e. 1. IdentityX 4.2 Updates 4.2 Authenticating to REST Services Q u i c k R e f e r e n c e G u i d e In IdentityX 4.1, REST services have an authentication and signing requirement that is handled by the IdentityX REST SDKs. In order

More information

python-jose Documentation

python-jose Documentation python-jose Documentation Release 0.2.0 Michael Davis May 21, 2018 Contents 1 Contents 3 1.1 JSON Web Signature........................................... 3 1.2 JSON Web Token............................................

More information

Guided Exercise 1.1: Setting up the sample OpenEdge Data Object Services

Guided Exercise 1.1: Setting up the sample OpenEdge Data Object Services Guided Exercise 1.1: Setting up the sample OpenEdge Data Object Services Overview Before you can develop a web app, you must set up the back-end services for the data providers that the web app will use.

More information

API Gateway. Version 7.5.1

API Gateway. Version 7.5.1 O A U T H U S E R G U I D E API Gateway Version 7.5.1 15 September 2017 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.5.1 No part

More information

NetIQ Access Manager 4.4. REST API Guide

NetIQ Access Manager 4.4. REST API Guide NetIQ Access Manager 4.4 REST API Guide Contents 1. Introduction... 3 2. API Overview... 3 3 Administration APIs... 3 3.1 Accessing the Administration APIs... 3 3.2 Detailed API Documentation... 4 3.3

More information

Connect. explained. Vladimir Dzhuvinov. :

Connect. explained. Vladimir Dzhuvinov.   : Connect explained Vladimir Dzhuvinov Email: vladimir@dzhuvinov.com : Twitter: @dzhivinov Married for 15 years to Java C Python JavaScript JavaScript on a bad day So what is OpenID Connect? OpenID Connect

More information

CS144: Sessions. Cookie : CS144: Web Applications

CS144: Sessions. Cookie : CS144: Web Applications CS144: Sessions HTTP is a stateless protocol. The server s response is purely based on the single request, not anything else Q: How does a web site like Amazon can remember a user and customize its results?

More information

openid connect all the things

openid connect all the things openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017-2017-07-01 Problem - More Client Devices per-human - Many Cloud Accounts - More Apps: yay k8s - More Distributed Teams - VPNs aren

More information

SAS Event Stream Processing 4.2: Security

SAS Event Stream Processing 4.2: Security SAS Event Stream Processing 4.2: Security Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically, you

More information

NIELSEN API PORTAL USER REGISTRATION GUIDE

NIELSEN API PORTAL USER REGISTRATION GUIDE NIELSEN API PORTAL USER REGISTRATION GUIDE 1 INTRODUCTION In order to access the Nielsen API Portal services, there are three steps that need to be followed sequentially by the user: 1. User Registration

More information

Integrating with ClearPass HTTP APIs

Integrating with ClearPass HTTP APIs Integrating with ClearPass HTTP APIs HTTP based APIs The world of APIs is full concepts that are not immediately obvious to those of us without software development backgrounds and terms like REST, RPC,

More information

PyJWT Documentation. Release José Padilla

PyJWT Documentation. Release José Padilla PyJWT Documentation Release 1.6.1 José Padilla Apr 08, 2018 Contents 1 Sponsor 3 2 Installation 5 3 Example Usage 7 4 Command line 9 5 Index 11 5.1 Installation................................................

More information

Single Sign-On for PCF. User's Guide

Single Sign-On for PCF. User's Guide Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans

More information

Advanced API Security

Advanced API Security Advanced API Security ITANA Group Nuwan Dias Architect 22/06/2017 Agenda 2 HTTP Basic Authentication Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 3 API Security is about controlling Access Delegation

More information

NetIQ Access Manager 4.3. REST API Guide

NetIQ Access Manager 4.3. REST API Guide NetIQ Access Manager 4.3 REST API Guide Contents 1. Introduction... 3 2. API Overview... 3 3 Administration APIs... 3 3.1 Accessing the Administration APIs... 3 3.2 Detailed API Documentation... 4 3.3

More information

Guided exercise 1: Setting up your development environment

Guided exercise 1: Setting up your development environment Guided exercise 1: Setting up your development environment Overview In this guided exercise you will set up the development environment for creating Data Object Services. The exercise steps take approximately

More information

Easily Secure your Microservices with Keycloak. Sébastien Blanc Red

Easily Secure your Microservices with Keycloak. Sébastien Blanc Red Easily Secure your Microservices with Keycloak Sébastien Blanc Red Hat @sebi2706 Keycloak? Keycloak is an open source Identity and Access Management solution aimed at modern applications and services.

More information

Release 3.0. Delegated Admin Application Guide

Release 3.0. Delegated Admin Application Guide Release 3.0 Delegated Admin Application Guide Notice PingDirectory Product Documentation Copyright 2004-2018 Ping Identity Corporation. All rights reserved. Trademarks Ping Identity, the Ping Identity

More information

Stateless Microservice Security via JWT, TomEE and MicroProfile

Stateless Microservice Security via JWT, TomEE and MicroProfile Stateless Microservice Security via JWT, TomEE and MicroProfile Jean-Louis Monteiro Tomitribe Why am I here today? Microservices architecture case Security opeons OAuth2 with JWT HTTP Signatures Demo with

More information

FAS Authorization Server - OpenID Connect Onboarding

FAS Authorization Server - OpenID Connect Onboarding FAS Authorization Server - OpenID Connect Onboarding 1 Table of Content FAS as an authorization server 3 1 OpenID Connect Authorization Code Request and Response 4 1.1 OPENID CONNECT AUTHORIZATION CODE

More information

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013 Ping Identity RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 13, 2013 Product Information Partner Name Ping Identity Web Site www.pingidentity.com Product Name PingFederate

More information

Oracle Communications WebRTC Session Controller

Oracle Communications WebRTC Session Controller Oracle Communications WebRTC Session Controller Security Guide Release 7.0 E40975-01 November 2013 Oracle Communications WebRTC Session Controller Security Guide, Release 7.0 E40975-01 Copyright 2013,

More information

TIBCO LiveView Web Getting Started Guide

TIBCO LiveView Web Getting Started Guide TIBCO LiveView Web Getting Started Guide Introduction 2 Prerequisites 2 Installation 2 Installation Overview 3 Downloading and Installing for Windows 3 Downloading and Installing for macos 4 Installing

More information

flask-jwt-simple Documentation

flask-jwt-simple Documentation flask-jwt-simple Documentation Release 0.0.3 vimalloc rlam3 Nov 17, 2018 Contents 1 Installation 3 2 Basic Usage 5 3 Changing JWT Claims 7 4 Changing Default Behaviors 9 5 Configuration Options 11 6 API

More information

PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility

PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility 2013 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means

More information

Qualys Cloud Platform (VM, PC) v8.x Release Notes

Qualys Cloud Platform (VM, PC) v8.x Release Notes Qualys Cloud Platform (VM, PC) v8.x Release Notes Version 8.18.1 April 1, 2019 This new release of the Qualys Cloud Platform (VM, PC) includes improvements to Vulnerability Management and Policy Compliance.

More information

Copyright. Copyright Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 4.

Copyright. Copyright Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 4. Server 4.3 Copyright 1 Copyright 2017 Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 4.3 June, 2017 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,

More information

Cloud Access Manager Configuration Guide

Cloud Access Manager Configuration Guide Cloud Access Manager 8.1.3 Configuration Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide

More information

FAS Authorization Server - OpenID Connect Onboarding

FAS Authorization Server - OpenID Connect Onboarding FAS Authorization Server - OpenID Connect Onboarding Table of Contents Table of Contents 1 List of Figures 2 1 FAS as an authorization server 3 2 OpenID Connect Authorization Code Request and Response

More information

Using OAuth 2.0 to Access ionbiz APIs

Using OAuth 2.0 to Access ionbiz APIs Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and

More information

Lab 5: Working with REST APIs

Lab 5: Working with REST APIs Lab 5: Working with REST APIs Oracle's Autonomous Transaction Processing cloud service provides all of the performance of the market-leading Oracle Database in an environment that is tuned and optimized

More information

FAS Authorization Server - OpenID Connect Onboarding

FAS Authorization Server - OpenID Connect Onboarding FAS Authorization Server - OpenID Connect Onboarding Table of Contents Table of Contents 1 List of Figures 2 1 FAS as an authorization server 3 2 OpenID Connect Authorization Code Request and Response

More information

Bitnami OSQA for Huawei Enterprise Cloud

Bitnami OSQA for Huawei Enterprise Cloud Bitnami OSQA for Huawei Enterprise Cloud Description OSQA is a question and answer system that helps manage and grow online communities similar to Stack Overflow. First steps with the Bitnami OSQA Stack

More information

Technical Overview. Version March 2018 Author: Vittorio Bertola

Technical Overview. Version March 2018 Author: Vittorio Bertola Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which

More information

REST API: Guide for Implementers

REST API: Guide for Implementers REST API: Guide for Implementers Version 1.03 SP-API-REST-IG-201805--R001.03 Sage 2018. All rights reserved. This document contains information proprietary to Sage and may not be reproduced, disclosed,

More information

ReportPlus Embedded Web SDK Guide

ReportPlus Embedded Web SDK Guide ReportPlus Embedded Web SDK Guide ReportPlus Web Embedding Guide 1.4 Disclaimer THE INFORMATION CONTAINED IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY EXPRESS REPRESENTATIONS OF WARRANTIES. IN ADDITION,

More information

Copyright. Copyright Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 5.

Copyright. Copyright Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 5. Server 5.0 Copyright 1 Copyright 2018 Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 5.0 February, 2018 Ping Identity Corporation 1001 17th Street, Suite 100 Denver,

More information

VMware Horizon JMP Server Installation and Setup Guide. 13 DEC 2018 VMware Horizon 7 7.7

VMware Horizon JMP Server Installation and Setup Guide. 13 DEC 2018 VMware Horizon 7 7.7 VMware Horizon JMP Server Installation and Setup Guide 13 DEC 2018 VMware Horizon 7 7.7 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you

More information

Serverless Single Page Web Apps, Part Four. CSCI 5828: Foundations of Software Engineering Lecture 24 11/10/2016

Serverless Single Page Web Apps, Part Four. CSCI 5828: Foundations of Software Engineering Lecture 24 11/10/2016 Serverless Single Page Web Apps, Part Four CSCI 5828: Foundations of Software Engineering Lecture 24 11/10/2016 1 Goals Cover Chapter 4 of Serverless Single Page Web Apps by Ben Rady Present the issues

More information

Cloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6

Cloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6 for Office Contents 2 Contents Cloud Help for Community Managers...3 Release Notes... 4 System Requirements... 5 Administering Jive for Office... 6 Getting Set Up...6 Installing the Extended API JAR File...6

More information

Administering Jive Mobile Apps for ios and Android

Administering Jive Mobile Apps for ios and Android Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile

More information

SaaS Identity and Isolation with Amazon Cognito on the AWS Cloud

SaaS Identity and Isolation with Amazon Cognito on the AWS Cloud SaaS Identity and Isolation with Amazon Cognito on the AWS Cloud Quick Start Reference Deployment Judah Bernstein, Tod Golding, and Santiago Cardenas Amazon Web Services October 2017 Last updated: December

More information

Security Guide Release 7.1

Security Guide Release 7.1 [1]Oracle Communications WebRTC Session Controller Security Guide Release 7.1 E55124-01 March 2015 Oracle Communications WebRTC Session Controller Security Guide, Release 7.1 E55124-01 Copyright 2013,

More information

SSL Configuration Oracle Banking Liquidity Management Release [April] [2017]

SSL Configuration Oracle Banking Liquidity Management Release [April] [2017] SSL Configuration Oracle Banking Liquidity Management Release 12.4.0.0.0 [April] [2017] Table of Contents 1. CONFIGURING SSL ON ORACLE WEBLOGIC... 1-1 1.1 INTRODUCTION... 1-1 1.2 SETTING UP SSL ON ORACLE

More information

ROLLBASE ACCESS TO ABL BUSINESS LOGIC VIA OPENCLIENT

ROLLBASE ACCESS TO ABL BUSINESS LOGIC VIA OPENCLIENT W HITE PAPER www. p rogres s.com ROLLBASE ACCESS TO ABL BUSINESS LOGIC VIA OPENCLIENT 1 TABLE OF CONTENTS Introduction... 2 What is Progress Rollbase?... 2 Installation and setup... 2 Expose Openedge Appserver

More information

Google Apps Integration

Google Apps Integration Google Apps Integration Contents 1 Using Swivel for Google Apps Authentication 2 Prerequisites 3 Google SSO 4 Swivel and Google Apps 5 User Experience 6 Install the Swivel Google software 7 Create private

More information

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of

More information

2 Oracle WebLogic Overview Prerequisites Baseline Architecture...6

2 Oracle WebLogic Overview Prerequisites Baseline Architecture...6 Table of Contents 1 Oracle Access Manager Integration...1 1.1 Overview...1 1.2 Prerequisites...1 1.3 Deployment...1 1.4 Integration...1 1.5 Authentication Process...1 2 Oracle WebLogic...2 3 Overview...3

More information

Integration Service. Admin Console User Guide. On-Premises

Integration Service. Admin Console User Guide. On-Premises Kony Fabric Integration Service Admin Console User Guide On-Premises Release V8 SP1 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and the

More information

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at Document Date: May 16, 2017 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL

More information

External HTTPS Trigger AXIS Camera Station 5.06 and above

External HTTPS Trigger AXIS Camera Station 5.06 and above HOW TO External HTTPS Trigger AXIS Camera Station 5.06 and above Created: October 17, 2016 Last updated: November 19, 2016 Rev: 1.2 1 Please note that AXIS does not take any responsibility for how this

More information

What is JOSE. Jim Schaad Co-chair JOSE August Cellars. Friday, March 15, 13

What is JOSE. Jim Schaad Co-chair JOSE August Cellars. Friday, March 15, 13 What is JOSE Jim Schaad Co-chair JOSE August Cellars 1 Overview Use JSON for data structure representations Try and meet the goal of easy to implement and use Allow for complex uses Allow for arbitrary

More information

Oracle Fusion Middleware. API Gateway OAuth User Guide 11g Release 2 ( )

Oracle Fusion Middleware. API Gateway OAuth User Guide 11g Release 2 ( ) Oracle Fusion Middleware API Gateway OAuth User Guide 11g Release 2 (11.1.2.2.0) August 2013 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.2.0) Copyright 1999, 2013, Oracle and/or its affiliates.

More information

BLACKBERRY SPARK COMMUNICATIONS PLATFORM. Getting Started Workbook

BLACKBERRY SPARK COMMUNICATIONS PLATFORM. Getting Started Workbook 1 BLACKBERRY SPARK COMMUNICATIONS PLATFORM Getting Started Workbook 2 2018 BlackBerry. All rights reserved. BlackBerry and related trademarks, names and logos are the property of BlackBerry

More information

CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide

CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide October 2014 THIS DOCUMENT CONTAINS CONFIDENTIAL AND TRADE SECRET INFORMATION OF CLOUDLINK TECHNOLOGIES AND RECEIPT OR POSSESSION DOES NOT CONVEY

More information

Oracle WebLogic. Overview. Prerequisites. Baseline. Architecture. Installation. Contents

Oracle WebLogic. Overview. Prerequisites. Baseline. Architecture. Installation. Contents Oracle WebLogic Contents 1 Overview 2 Prerequisites 3 Baseline 4 Architecture 5 Installation 5.1 Swivel Integration Configuration 5.1.1 Configuring Swivel for Agent XML Authentication 5.1.2 Configuring

More information

Securing APIs and Microservices with OAuth and OpenID Connect

Securing APIs and Microservices with OAuth and OpenID Connect Securing APIs and Microservices with OAuth and OpenID Connect By Travis Spencer, CEO @travisspencer, @curityio Organizers and founders ü All API Conferences ü API Community ü Active blogosphere 2018 Platform

More information

How to social login with Aruba controller. Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00

How to social login with Aruba controller. Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00 Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00 Overview This short document describes the basic setup for social login using Aruba ClearPass and Aruba wireless LAN controller. Aruba ClearPass, version

More information

8.0 Help for Community Managers Release Notes System Requirements Administering Jive for Office... 6

8.0 Help for Community Managers Release Notes System Requirements Administering Jive for Office... 6 for Office Contents 2 Contents 8.0 Help for Community Managers... 3 Release Notes... 4 System Requirements... 5 Administering Jive for Office... 6 Getting Set Up...6 Installing the Extended API JAR File...6

More information

BIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1

BIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1 BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 13.1 Table of Contents Table of Contents Authentication Concepts... 15 About AAA server support... 15 About AAA high availability

More information

Public Key Enabling Oracle Weblogic Server

Public Key Enabling Oracle Weblogic Server DoD Public Key Enablement (PKE) Reference Guide Public Key Enabling Oracle Weblogic Server Contact: dodpke@mail.mil URL: http://iase.disa.mil/pki-pke URL: http://iase.disa.smil.mil/pki-pke Public Key Enabling

More information

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book] Nimsoft Service Desk Single Sign-On Configuration Guide [assign the version number for your book] Legal Notices Copyright 2012, CA. All rights reserved. Warranty The material contained in this document

More information

DreamFactory Security Guide

DreamFactory Security Guide DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit

More information

The SciTokens Authorization Model: JSON Web Tokens & OAuth

The SciTokens Authorization Model: JSON Web Tokens & OAuth The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney Brian Bockelman This material is based upon work supported by the National Science

More information

Check to enable generation of refresh tokens when refreshing access tokens

Check to enable generation of refresh tokens when refreshing access tokens VERSION User: amadmin Server: sp.example.com LOG OUT OAuth2 Provider Save Reset Back to Services Realm Attributes Indicates required field Authorization Code Lifetime Refresh (seconds) If this field is

More information

IBM Image-Analysis Node.js

IBM Image-Analysis Node.js IBM Image-Analysis Node.js Cognitive Solutions Application Development IBM Global Business Partners Duration: 90 minutes Updated: Feb 14, 2018 Klaus-Peter Schlotter kps@de.ibm.com Version 1 Overview The

More information

Tutorial: Building the Services Ecosystem

Tutorial: Building the Services Ecosystem Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service

More information

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2 Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE Release 9.2 NOTICE The information contained in this document is believed to be accurate in all respects but is not warranted by Mitel

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

TECHNICAL GUIDE SSO JWT. At 360Learning, we don t make promises about technical solutions, we make commitments.

TECHNICAL GUIDE SSO JWT. At 360Learning, we don t make promises about technical solutions, we make commitments. 1 TECHNICAL GUIDE SSO JWT At 360Learning, we don t make promises about technical solutions, we make commitments. This technical guide is part of our Technical Documentation. Version 1.4 2 360Learning is

More information

Developing ASP.NET MVC Web Applications (486)

Developing ASP.NET MVC Web Applications (486) Developing ASP.NET MVC Web Applications (486) Design the application architecture Plan the application layers Plan data access; plan for separation of concerns, appropriate use of models, views, controllers,

More information

Xerox Connect App for Blackboard

Xerox Connect App for Blackboard Xerox Connect App for Blackboard Information Assurance Disclosure Additional information, if needed, on one or more lines Month 00, 0000 2018 Xerox Corporation. All rights reserved. Xerox,

More information

SAS Event Stream Processing 4.3: Security

SAS Event Stream Processing 4.3: Security SAS Event Stream Processing 4.3: Security Enabling Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically,

More information

OAuth 2.0 Guide. ForgeRock Access Management 5.1. ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA (US)

OAuth 2.0 Guide. ForgeRock Access Management 5.1. ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA (US) OAuth 2.0 Guide ForgeRock Access Management 5.1 ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA +1 415-599-1100 (US) www.forgerock.com Copyright 2011-2017 ForgeRock AS. Abstract Guide

More information

Developing and Deploying vsphere Solutions, vservices, and ESX Agents. 17 APR 2018 vsphere Web Services SDK 6.7 vcenter Server 6.7 VMware ESXi 6.

Developing and Deploying vsphere Solutions, vservices, and ESX Agents. 17 APR 2018 vsphere Web Services SDK 6.7 vcenter Server 6.7 VMware ESXi 6. Developing and Deploying vsphere Solutions, vservices, and ESX Agents 17 APR 2018 vsphere Web Services SDK 6.7 vcenter Server 6.7 VMware ESXi 6.7 You can find the most up-to-date technical documentation

More information

VMware Horizon JMP Server Installation and Setup Guide. Modified on 19 JUN 2018 VMware Horizon 7 7.5

VMware Horizon JMP Server Installation and Setup Guide. Modified on 19 JUN 2018 VMware Horizon 7 7.5 VMware Horizon JMP Server Installation and Setup Guide Modified on 19 JUN 2018 VMware Horizon 7 7.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

API Security Management SENTINET

API Security Management SENTINET API Security Management SENTINET Overview 1 Contents Introduction... 2 Security Models... 2 Authentication... 2 Authorization... 3 Security Mediation and Translation... 5 Bidirectional Security Management...

More information

Introduction to SciTokens

Introduction to SciTokens Introduction to SciTokens Brian Bockelman, On Behalf of the SciTokens Team https://scitokens.org This material is based upon work supported by the National Science Foundation under Grant No. 1738962. Any

More information

WEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F

WEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F WEB API v 1. 1 0 8. 0 5. 2 0 1 8 1. Introduction 2. Calling URL 3. Swagger Interface Example API call through Swagger 4. Authentication API Tokens OAuth 2 Code Flow OAuth2 Authentication Example 1. Authorization

More information

ORACLE APPLICATION EXPRESS, ORACLE REST DATA SERVICES, & WEBLOGIC 12C AUTHOR: BRAD GIBSON SENIOR SOLUTIONS ARCHITECT ADVIZEX

ORACLE APPLICATION EXPRESS, ORACLE REST DATA SERVICES, & WEBLOGIC 12C AUTHOR: BRAD GIBSON SENIOR SOLUTIONS ARCHITECT ADVIZEX ORACLE APPLICATION EXPRESS, ORACLE REST DATA SERVICES, & WEBLOGIC 12C AUTHOR: BRAD GIBSON SENIOR SOLUTIONS ARCHITECT ADVIZEX AdvizeX Technologies - A Rolta Company 6/12/2015 1 AGENDA Introductions Test

More information

Black Box DCX3000 / DCX1000 Using the API

Black Box DCX3000 / DCX1000 Using the API Black Box DCX3000 / DCX1000 Using the API updated 2/22/2017 This document will give you a brief overview of how to access the DCX3000 / DCX1000 API and how you can interact with it using an online tool.

More information

Integration Service. Admin Console User Guide. On-Premises

Integration Service. Admin Console User Guide. On-Premises Kony MobileFabric TM Integration Service Admin Console User Guide On-Premises Release 7.3 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and

More information

OAuth at Interactive Brokers

OAuth at Interactive Brokers OAuth at Interactive Brokers November 9, 2017 1 Consumer Registration Consumers will need to provide the following in order to register as an authorized oauth consumer with Interactive Brokers. 1. A 2048-bit

More information

Integration Guide. LoginTC

Integration Guide. LoginTC Integration Guide LoginTC Revised: 21 November 2016 About This Guide Guide Type Documented Integration WatchGuard or a Technology Partner has provided documentation demonstrating integration. Guide Details

More information

Application Interface Services Server Reference Guide Tools Release 9.2

Application Interface Services Server Reference Guide Tools Release 9.2 [1]JD Edwards EnterpriseOne Application Interface Services Server Reference Guide Tools Release 9.2 E61545-09 April 2018 Describes the configuration of the Application Interface Services (AIS) Server which

More information

Oracle Fusion Middleware. Oracle API Gateway OAuth User Guide 11g Release 2 ( )

Oracle Fusion Middleware. Oracle API Gateway OAuth User Guide 11g Release 2 ( ) Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.3.0) April 2014 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.3.0) Copyright 1999, 2014, Oracle and/or its

More information

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until

More information

Application notes for supporting third-party certificate in Avaya Aura System Manager 6.3.x and 7.0.x. Issue 1.3. November 2017

Application notes for supporting third-party certificate in Avaya Aura System Manager 6.3.x and 7.0.x. Issue 1.3. November 2017 Application notes for supporting third-party certificate in Avaya Aura System Manager 6.3.x and 7.0.x Issue 1.3 November 2017 THE INFORMATION PROVIDED IN HEREIN IS PROVIDED AS IS WITHOUT ANY EXPRESS OR

More information

Usage of "OAuth2" policy action in CentraSite and Mediator

Usage of OAuth2 policy action in CentraSite and Mediator Usage of "OAuth2" policy action in CentraSite and Mediator Introduction Prerequisite Configurations Mediator Configurations watt.server.auth.skipformediator The pg.oauth2 Parameters Asset Creation and

More information

BlackBerry AtHoc Networked Crisis Communication. BlackBerry AtHoc API Quick Start Guide

BlackBerry AtHoc Networked Crisis Communication. BlackBerry AtHoc API Quick Start Guide BlackBerry AtHoc Networked Crisis Communication BlackBerry AtHoc API Quick Start Guide Release 7.6, September 2018 Copyright 2018 BlackBerry Limited. All Rights Reserved. This document may not be copied,

More information

Salesforce IoT REST API Getting Started Guide

Salesforce IoT REST API Getting Started Guide Salesforce IoT REST API Getting Started Guide Version 42.0, Spring 18 @salesforcedocs Last updated: March 9, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered

More information

Highwinds CDN Content Protection Products. August 2009

Highwinds CDN Content Protection Products. August 2009 Highwinds CDN Content Protection Products August 2009 1 Highwinds CDN Content Protection Products August 2009 Table of Contents CDN SECURITY INTRO... 3 CONTENT PROTECTION BY CDN DELIVERY PRODUCT... 3 HTTP

More information

About 1. Chapter 1: Getting started with odata 2. Remarks 2. Examples 2. Installation or Setup 2. Odata- The Best way to Rest 2

About 1. Chapter 1: Getting started with odata 2. Remarks 2. Examples 2. Installation or Setup 2. Odata- The Best way to Rest 2 odata #odata Table of Contents About 1 Chapter 1: Getting started with odata 2 Remarks 2 Examples 2 Installation or Setup 2 Odata- The Best way to Rest 2 Chapter 2: Azure AD authentication for Node.js

More information

Grandstream Networks, Inc. Captive Portal Authentication via Twitter

Grandstream Networks, Inc. Captive Portal Authentication via Twitter Grandstream Networks, Inc. Table of Content SUPPORTED DEVICES... 4 INTRODUCTION... 5 CAPTIVE PORTAL SETTINGS... 6 Policy Configuration Page... 6 Landing Page Redirection... 8 Pre-Authentication Rules...

More information

Progress Application Server for OpenEdge (PASOE) Spring security configuration

Progress Application Server for OpenEdge (PASOE) Spring security configuration Progress Application Server for OpenEdge (PASOE) Spring security configuration 2017 Progress Software Corporation and/or one of its subsidiaries or affiliates. All rights reserved. These materials and

More information

EZDRM Bitmovin Configuration Encoding

EZDRM Bitmovin Configuration Encoding EZDRM Bitmovin Configuration Encoding Table of Contents Prerequisites 3 Preparing for Bitmovin Encoding 4 Step 1: API Key from Bitmovin 4 Step 2. Generating DRM Keys 5 Widevine and PlayReady 5 Apple FairPlay

More information

Combination of the PEAP Protocol with EAP-OpenID Connect

Combination of the PEAP Protocol with EAP-OpenID Connect University of Piraeus Department of Digital Systems Postgraduate Program «Digital Systems Security» Academic Year 2017-2018 (ΨΣ-ΑΦ-888) MSc Dissertation Combination of the PEAP Protocol with EAP-OpenID

More information

CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide

CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide November 2014 THIS DOCUMENT CONTAINS CONFIDENTIAL AND TRADE SECRET INFORMATION OF CLOUDLINK TECHNOLOGIES AND RECEIPT OR POSSESSION DOES NOT CONVEY

More information

Deploying OAuth with Cisco Collaboration Solution Release 12.0

Deploying OAuth with Cisco Collaboration Solution Release 12.0 White Paper Deploying OAuth with Cisco Collaboration Solution Release 12.0 Authors: Bryan Morris, Kevin Roarty (Collaboration Technical Marketing) Last Updated: December 2017 This document describes the

More information

DCCKI Interface Design Specification. and. DCCKI Repository Interface Design Specification

DCCKI Interface Design Specification. and. DCCKI Repository Interface Design Specification DCCKI Interface Design Specification and DCCKI Repository Interface Design Specification 1 INTRODUCTION Document Purpose 1.1 Pursuant to Section L13.13 of the Code (DCCKI Interface Design Specification),

More information