Deep Dive on Azure Active Directory for Developers. Jelle Druyts Premier Field Engineer Microsoft Services
|
|
- Edward Reynolds
- 5 years ago
- Views:
Transcription
1
2 Deep Dive on Azure Active Directory for Developers Jelle Druyts Premier Field Engineer Microsoft Services
3 Agenda Azure Active Directory for developers Developing for Azure Active Directory
4 Azure Active Directory for Developers
5 Today s Applications Browser JavaScript Web application Native app Server app Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages
6 Authentication Protocols Browser JavaScript WS-Federation SAML 2.0 OpenID Connect Web application Native app Server app Standard-based, HTTP-based protocols for maximum platform reach
7 What Is Azure Active Directory? Azure Active Directory for Developers Azure Active Directory Cloud-scale identity service Supports modern authorization & authentication scenarios REST-based Graph API Reduces or removes custom security implementation Authenticating users Detecting suspicious activity Authorizing users via Groups or Roles (RBAC) B2C will allow social and application local accounts
8 Tokens in Azure AD Access and Refresh Tokens Access tokens have a lifetime of 1 hour Allows quick revocation of access Refresh tokens allow silent renewal of the access token User does not have to sign in again (as long as access wasn t revoked) Refresh token lifetime Azure AD accounts: 14 days, sliding up to maximum 90 days External accounts (e.g. Microsoft Account): 12 hours Can be invalidated, e.g. when user s password changes Multi-Resource Refresh Token Can be used to get access token to a different service if delegation exists
9 JSON Web Token (JWT) Base64 URL encoded JSON with optional signature eyj0exaioijkv1qilcjhbgcio.eyjpc3mioijodhrwoi8vc3rzbnrc28uy29ti.zt8zzx6vg9i5hvtm4f8f Header <dot> Claims <dot> Signature { } "typ": "JWT", "alg": "RS256" "x5t": "7dD-gec " { } "iss": " "aud": " "client": " "iat": " ", "exp": " ", "name": "John Doe" "scope": ["read", "write"]
10 Token Signing Key Ensuring the tokens really come from Azure Active Directory Tokens for all tenants are signed by same key Keys published via metadata Keys roll on periodic basis Applications must handle Periodically refreshing keys from metadata Handling multiple keys Microsoft samples and libraries do this automatically
11 Registering Applications Azure AD must know about your app before it will issue tokens Register your application via Azure Management Portal Visual Studio Azure AD REST API s Non-admins may register applications by default Can be disabled The management portal only shows a subset of functionality Advanced features available via application manifest permissions, application roles, group claims, certificates,
12 Application Configuration What Azure AD needs to know about your app All applications Name: shown when authenticating/authorizing Client ID: GUID of the application in Azure AD Native client applications (public clients) Redirect URI s: signaling the end of the flow Web applications and/or s (confidential clients) Sign-On URL: where to send users from the application access portal Single- or Multi-Tenant Keys App ID URI: unique identifier that clients request access to Reply URL s: where to allow tokens to be sent
13 Permissions To Other Applications Declaring access to other applications Application Permissions Access another application as the calling application Delegated Permissions Access another application on behalf of the user
14 Consent Granting permissions to an application Consent can be granted by user or by organization admin Stored in Azure AD for web applications Stored in the Refresh Token for native applications
15 Multi-Tenant Applications Targeting other organizations Single tenant application App for users in a single organization Admin or user registers app in directory tenant Sign in at Multi-tenant application App for users in multiple organizations Admin or user registers app in developer s directory tenant Admin configures application to be multi-tenant Sign in at User prompted to consent based on permissions required by application Consent registers application in user s tenant
16 Groups & Roles Authorization features for applications Groups (defined in Azure or synchronized from on-premise AD) Token contains groups claims (must opt-in) When there are too many groups, overage claim points towards Graph API Not all flows support group claims (e.g. not over URL query parameters) Application Roles Application can declare application-specific roles Administrator can assign users or groups to roles Token then contains roles claims
17 Developing for Azure Active Directory
18 Developing For Azure AD And mostly equivalent when using Windows Server 2016 on-premise Register your application in Azure AD Retrieve Client ID & (optional) Keys Configure Redirect URL Configure API permissions Add code to your application for sign in Web: WS-Federation, SAML 2.0, OpenID Connect Other (native, desktop, server): Add code to your for Bearer Token authorization
19 Microsoft Security Libraries Browser JavaScript.JS Native app Server app WS-Federation SAML 2.0 OpenID Connect OIC-MW Web application OIC-MW: OpenID Connect Middleware : Bearer Token Middleware : Active Directory Authentication Library
20 Active Directory Authentication Library Acquiring, refreshing & caching tokens Consistent API across platforms for acquiring tokens Pluggable cache for token persistence Automatic refresh of Access Tokens using Refresh Tokens Works against Azure AD as well as Windows Server.JS Sign in and bearer token support for JavaScript Provides current user info Secure invocation via JavaScript/CORS
21 Adding Sign-In To ASP.NET Browser JavaScript.JS Native app Server app WS-Federation SAML 2.0 OpenID Connect OIC-MW Web application OIC-MW: OpenID Connect Middleware : Bearer Token Middleware : Active Directory Authentication Library
22 Adding Sign-In To ASP.NET OpenID Connect Use OpenID Connect OWIN Middleware Microsoft.Owin.Security.OpenIdConnect NuGet package app.useopenidconnectauthentication( new OpenIdConnectAuthenticationOptions { ClientId = "187ff6ec-eae d-5ffa3d28645b", Authority = " } ); [Authorize] public class HomeController : Controller {... }
23 Protecting s Browser JavaScript.JS Native app Server app WS-Federation SAML 2.0 OpenID Connect OIC-MW Web application OIC-MW: OpenID Connect Middleware : Bearer Token Middleware : Active Directory Authentication Library
24 Protecting s Bearer Token Authorization Use Bearer Token OWIN Middleware Microsoft.Owin.Security.ActiveDirectory NuGet Package Automatically acquires signing keys and issuer values app.usecors(... ); // For SPA clients app.usewindowsazureactivedirectorybearerauthentication new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = new TokenValidationParameters { ValidAudience = " }, Tenant = "contoso.com" } ); [Authorize] public class ProductController : ApiController {... }
25 Calling s General pattern Use Active Directory Authentication Library () Microsoft.IdentityModel.Clients.ActiveDirectory NuGet Package Retrieve an access token and send it on the Authorization HTTP header var context = new AuthenticationContext( " var result = context.acquiretoken(... ); var client = new HttpClient(); client.defaultrequestheaders.authorization = new AuthenticationHeaderValue("Bearer", result.accesstoken);
26 Calling s Web App Browser JavaScript.JS Native app Server app WS-Federation SAML 2.0 OpenID Connect OIC-MW Web application OIC-MW: OpenID Connect Middleware : Bearer Token Middleware : Active Directory Authentication Library
27 Calling s Web App OpenID Connect (user identity) At OpenID Connect sign-in Receive an ID Token + Authorization Code Use to redeem the Authorization Code for an Access + Refresh Token Save the tokens in a persistent per-user cache When you need to access a resource Initialize with the same cache you used earlier Ask for the token you need via AcquireTokenSilent Upon failure, trigger re-authentication new OpenIdConnectAuthenticationOptions { Notifications = new OpenIdConnectAuthenticationNotifications() { AuthorizationCodeReceived = async (context) => { var usertokencache = GetTokenCacheForUser(context.AuthenticationTicket.Identity); var context = new AuthenticationContext(authority, usertokencache); var result = await context.acquiretokenbyauthorizationcodeasync(... ); } } }
28 Calling s Web App Client Credentials Grant (client identity) Call a using the client identity Access a resource on behalf of the client application itself Not in the context of a particular user No user interaction required, only client id + secret ( key ) var context = new AuthenticationContext(aadAuthority); var credential = new ClientCredential(clientId, clientsecret); var authenticationresult = await context.acquiretokenasync(resourceid, credential);
29 Calling s Native Client Browser JavaScript.JS Native app Server app WS-Federation SAML 2.0 OpenID Connect OIC-MW Web application OIC-MW: OpenID Connect Middleware : Bearer Token Middleware : Active Directory Authentication Library
30 Calling s Native Client Authorization Code Grant, Public Client Native clients (phone, tablet, desktop, ) Also registered as an application in Azure AD Has a Client ID but cannot have its own credentials Authentication typically pops up a browser window Server-driven sign-in experience (same as web application sign-in) Allows consent, MFA, independently configured of the application
31 Calling s Daemon Browser JavaScript.JS Native app Server app WS-Federation SAML 2.0 OpenID Connect OIC-MW Web application OIC-MW: OpenID Connect Middleware : Bearer Token Middleware : Active Directory Authentication Library
32 Calling s Daemon Client Credentials Grant Same as Web App to using client identity Non-interactive methods depending on the platform Kerberos Name + Secret (Client ID + Key) X509 Certificate # Azure PowerShell Assign a certificate to an Azure AD application service principal $certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certificate.import("mydaemoncertificate.cer") $certificatedata = [System.Convert]::ToBase64String($certificate.GetRawCertData()); New-MsolServicePrincipalCredential -AppPrincipalId "e b1-46e4-96a8-16d811aceb87" # AAD Application Client ID -Type asymmetric -Usage Verify -Value $certificatedata -StartDate $certificate.notbefore -EndDate $certificate.notafter
33 Calling s SPA Browser JavaScript.JS Native app Server app WS-Federation SAML 2.0 OpenID Connect OIC-MW Web application OIC-MW: OpenID Connect Middleware : Bearer Token Middleware : Active Directory Authentication Library
34 Calling s SPA Implicit Flow Enable oauth2allowimplicitflow in Azure AD Application Manifest Use Active Directory Authentication Library for JavaScript (.JS) Even easier when using AngularJS // configuration adalprovider.init( { instance: " tenant: "contoso.com", clientid: "187ff6ec-eae d-5ffa3d28645b" }, $httpprovider); // Route registration $routeprovider.when("/home", { controller: "homectrl", templateurl: "views/home.html", requireadlogin: true });
35 Calling s Browser JavaScript.JS Native app Server app WS-Federation SAML 2.0 OpenID Connect OIC-MW Web application OIC-MW: OpenID Connect Middleware : Bearer Token Middleware : Active Directory Authentication Library
36 Calling s On-Behalf-Of Flow (user identity) Acquire a token based on the current authorization token Save sign-in token in the bootstrap context Acquire token based on user assertion var context = new AuthenticationContext(authority, usertokencache); var credential = new ClientCredential(clientId, clientsecret); var useridentity = (ClaimsIdentity)ClaimsPrincipal.Current.Identity; var bootstrapcontext = (BootstrapContext)userIdentity.BootstrapContext; var userassertion = new UserAssertion(bootstrapContext.Token); var result = await authcontext.acquiretokenasync( resourceid, credential, userassertion);
37 Configuring Tokens Adding groups and roles to claims Update the Azure AD Application Manifest Update groupmembershipclaims to emit group claims Add approles to declare application-specific roles "groupmembershipclaims": "SecurityGroup" "approles": [ { "allowedmembertypes": [ "User" ], "description": "Administrators can manage the application", "displayname": "Administrator", "id": "6f7a2ff f dfbcf8d", "isenabled": true, "value": "administrator" },... ]
38 Declaring Permissions Allowing clients to request access to only subsets (scopes) of functionality Update the Azure AD Application Manifest Add permission to oauth2permissions Make sure to generate a new GUID for the id { } "adminconsentdescription": "Allow the application to create todo's on behalf of the signed-in user.", "adminconsentdisplayname": "Create todo's", "id": "5f54c eaf-853c-91cf5b487d1e", "isenabled": true, "type": "User", "userconsentdescription": "Allow the application to create todo's on your behalf.", "userconsentdisplayname": "Create todo's", "value": "todo_write"
39 Requesting Permissions Getting access to scoped resources Update the Azure AD Application Manifest (or use the portal) Find the target application id ( resourceappid ) Add the permission id to requiredresourceaccess The scope claim will now contain the permission s defined value "requiredresourceaccess": [ { "resourceappid": "93fc871a-3e18-4f2c-b7a5-dcc65efd6384", "resourceaccess": [ { "id": "5f54c eaf-853c-91cf5b487d1d", "type": "Scope" } ] } ]
40 Azure AD Graph API Interacting with Azure Active Directory Use REST API directly or use a client library Microsoft.Azure.ActiveDirectory.GraphClient NuGet Package Optionally use to get an access token var client = new ActiveDirectoryClient( new Uri(" async () => { var context = new AuthenticationContext(... ); var result = await context.acquiretokenasync(... ); return result.accesstoken; } ); var groups = await client.groups.where(... ).ExecuteAsync();
41 Wrapping Up...
42 Summary Developing for Azure Active Directory Develop for a modern cloud-scale identity service Serves millions of users/organizations Supports most common identity features and protocols Security hardened out of the box Social and application local identities coming in B2C Develop using open source libraries for all scenarios for authorization OpenID Connect for authentication
43 Resources What s next? Documentation & News Open Source Tools & Samples
44 Your feedback is important! Scan the QR Code and let us know via the TechDays App. Laat ons weten wat u van de sessie vindt via de TechDays App! Scan de QR Code. Bent u al lid van de Microsot Virtual Academy?! Op MVA kunt u altijd iets nieuws leren over de laatste technologie van Microsoft. Meld u vandaag aan op de MVA Stand. MVA biedt 7/24 gratis online training on-demand voor IT- Professionals en Ontwikkelaars.
45
Architecting ASP.NET Applications
Architecting ASP.NET Applications About me Name: Gunnar Peipman Origin: Tallinn, Estonia Work: Architect, developer Microsoft: ASP.NET/IIS MVP Community: Blogger, speaker Blog: http://gunnarpeipman.com
More informationDelivering applications with Azure RemoteApp. Rasmus Hald
Delivering applications with Azure RemoteApp Rasmus Hald [Microsoft] @RasmusHaldDK Today s challenges Deliver applications to multiple mobile platforms (BYOD) Provide access to legacy applications Respond
More informationWhat s New in Exchange Online. Scott Schnoll Senior Program Manager Office 365 CXP Microsoft Corporation
What s New in Exchange Online Scott Schnoll schnoll@microsoft.com Senior Program Manager Office 365 CXP Microsoft Corporation Agenda Delivering Innovation Email Challenges What s New in Exchange Online
More informationCross premise connectivity with Microsoft Azure & Windows Server. Rasmus Hald
Cross premise connectivity with Microsoft Azure & Windows Server Rasmus Hald [Microsoft] @RasmusHaldDK Unique Azure value It all starts with networking Customer site Azure site S2S Connect. Session Demo
More informationConsuming Office 365 REST API. Paolo Pialorsi PiaSys.com
Consuming Office 365 REST API Paolo Pialorsi paolo@pialorsi.com PiaSys.com About me Project Manager, Consultant, Trainer About 50 Microsoft certification exams passed, including MC(S)M MVP Office 365 Focused
More informationTutorial: Building the Services Ecosystem
Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service
More informationMicrosoft Graph API Deep Dive
Microsoft Graph API Deep Dive Donald Hessing Lead Architect, Capgemini, The Netherlands Microsoft Certified Master (MCM) Agenda Introduction to Microsoft Graph API What is now and what is new in GA and
More informationAPI Gateway. Version 7.5.1
O A U T H U S E R G U I D E API Gateway Version 7.5.1 15 September 2017 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.5.1 No part
More informationIntroduction to IdentityServer
Introduction to IdentityServer The open source OIDC framework for.net Brock Allen http://brockallen.com @BrockLAllen brockallen@gmail.com @IdentityServer Dominick Baier http://leastprivilege.com @leastprivilege
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationSecuring APIs and Microservices with OAuth and OpenID Connect
Securing APIs and Microservices with OAuth and OpenID Connect By Travis Spencer, CEO @travisspencer, @curityio Organizers and founders ü All API Conferences ü API Community ü Active blogosphere 2018 Platform
More informationUsing OAuth 2.0 to Access ionbiz APIs
Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and
More informationBuilding the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017
Building the Modern Research Data Portal using the Globus Platform Rachana Ananthakrishnan rachana@globus.org GlobusWorld 2017 Platform Questions How do you leverage Globus services in your own applications?
More informationOAuth and OpenID Connect (IN PLAIN ENGLISH)
OAuth and OpenID Connect (IN PLAIN ENGLISH) NATE BARBETTINI @NBARBETTINI @OKTADEV A lot of confusion around OAuth. Terminology and jargon Incorrect advice Identity use cases (circa 2007) Simple login forms
More informationPartner Center: Secure application model
Partner Center: Secure application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including
More informationopenid connect all the things
openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017-2017-07-01 Problem - More Client Devices per-human - Many Cloud Accounts - More Apps: yay k8s - More Distributed Teams - VPNs aren
More informationUsing Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide
Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure Deployment Guide v1.0 May 2018 Introduction This document describes how to set up Pulse Connect Secure for SP-initiated
More informationCSP PARTNER APPLICATION OVERVIEW Multi-tenant application model
CSP PARTNER APPLICATION OVERVIEW Multi-tenant application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express
More informationAdvanced API Security
Advanced API Security ITANA Group Nuwan Dias Architect 22/06/2017 Agenda 2 HTTP Basic Authentication Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 3 API Security is about controlling Access Delegation
More informationModern SharePoint and Office 365 Development
Modern SharePoint and Office 365 Development Mastering Today s Best Practices in Web and Mobile Development Course Code Audience Format Length Course Description Student Prerequisites MSD365 Professional
More informationInland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE
Inland Revenue Build Pack Identity and Access Services Date: 04/09/2017 Version: 1.5 IN CONFIDENCE About this Document This document is intended to provide Service Providers with the technical detail required
More informationOpenID Connect Opens the Door to SAS Viya APIs
Paper SAS1737-2018 OpenID Connect Opens the Door to SAS Viya APIs Mike Roda, SAS Institute Inc. ABSTRACT As part of the strategy to be open and cloud-ready, SAS Viya services leverage OAuth and OpenID
More informationBuilding the Modern Research Data Portal. Developer Tutorial
Building the Modern Research Data Portal Developer Tutorial Thank you to our sponsors! U. S. DEPARTMENT OF ENERGY 2 Presentation material available at www.globusworld.org/workshop2016 bit.ly/globus-2016
More informationTECHNICAL GUIDE SSO SAML Azure AD
1 TECHNICAL GUIDE SSO SAML Azure AD At 360Learning, we don t make promises about technical solutions, we make commitments. This technical guide is part of our Technical Documentation. Version 1.0 2 360Learning
More informationEMS Platform Services Installation & Configuration Guides
EMS Platform Services Installation & Configuration Guides V44.1 Last Updated: August 7, 2018 EMS Software emssoftware.com/help 800.440.3994 2018 EMS Software, LLC. All Rights Reserved. Table of Contents
More informationdox42 Azure Active Directory Integration
dox4 Azure Active Directory Integration Fabian Huber Documentation Summary In this document an instruction will be provided how to configure Azure Active Directory (ADD) with dox4, the Server Web and how
More informationfredag 7 september 12 OpenID Connect
OpenID Connect OpenID Connect Necessity for communication - information about the other part Trust management not solved! (1) OP discovery The user provides an identifier (for instance an email address)
More informationIntegrate your CSP Direct Agreement
Overview: - The information needed to integrate your CSP Direct tenant is contained in this PDF Guide. You will be asked to create and access various authentication keys and which you need to do in the
More informationIntegrate your CSP Direct Agreement
Overview: - The information needed to integrate your CSP Direct tenant is contained in this PDF Guide. You will be asked to create and access various authentication keys and which you need to do in the
More informationI.AM Connect Client registration Version 1.0. This document is provided to you free of charge by the. ehealth platform
I.AM Connect Client registration Version 1.0 This document is provided to you free of charge by the ehealth platform Willebroekkaai 38 38, Quai de Willebroek 1000 BRUSSELS All are free to circulate this
More informationAzure Archival Installation Guide
Azure Archival Installation Guide Page 1 of 23 Table of Contents 1. Add Dynamics CRM Active Directory into Azure... 3 2. Add Application in Azure Directory... 5 2.1 Create application for application user...
More informationConnect. explained. Vladimir Dzhuvinov. :
Connect explained Vladimir Dzhuvinov Email: vladimir@dzhuvinov.com : Twitter: @dzhivinov Married for 15 years to Java C Python JavaScript JavaScript on a bad day So what is OpenID Connect? OpenID Connect
More informationCloud Access Manager Configuration Guide
Cloud Access Manager 8.1.3 Configuration Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide
More informationVMware Identity Manager Integration with Office 365
VMware Identity Manager Integration with Office 365 VMware Identity Manager O C T O B E R 2 0 1 7 V 7 Table of Contents Overview... 3 Configuring Single Sign-on to Office 365... 4 Authentication Profiles
More informationAuthentication in the Cloud. Stefan Seelmann
Authentication in the Cloud Stefan Seelmann Agenda Use Cases View Points Existing Solutions Upcoming Solutions Use Cases End user needs login to a site or service End user wants to share access to resources
More informationVMware Identity Manager Integration with Office 365
VMware Identity Manager Integration with Office 365 VMware Identity Manager A U G U S T 2 0 1 8 V 9 Table of Contents Overview... 3 Configuring Single Sign-on to Office 365... 4 Authentication Profiles
More informationAzure Developer Immersions API Management
Azure Developer Immersions API Management Azure provides two sets of services for Web APIs: API Apps and API Management. You re already using the first of these. Although you created a Web App and not
More informationAzure Active Directory from Zero to Hero
Azure Active Directory from Zero to Hero Azure &.NET Meetup Freiburg, 2018 Esmaeil Sarabadani What we cover today Overview on Azure AD Differences between on-prem AD and Azure AD Azure AD usage scenarios
More informationIntegrating with ClearPass HTTP APIs
Integrating with ClearPass HTTP APIs HTTP based APIs The world of APIs is full concepts that are not immediately obvious to those of us without software development backgrounds and terms like REST, RPC,
More informationEasily Secure your Microservices with Keycloak. Sébastien Blanc Red
Easily Secure your Microservices with Keycloak Sébastien Blanc Red Hat @sebi2706 Keycloak? Keycloak is an open source Identity and Access Management solution aimed at modern applications and services.
More informationAruba Central Application Programming Interface
Aruba Central Application Programming Interface User Guide Copyright Information Copyright 2016 Hewlett Packard Enterprise Development LP. Open Source Code This product includes code licensed under the
More informationDeveloping ASP.NET MVC Web Applications (486)
Developing ASP.NET MVC Web Applications (486) Design the application architecture Plan the application layers Plan data access; plan for separation of concerns, appropriate use of models, views, controllers,
More informationBIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1
BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 13.1 Table of Contents Table of Contents Authentication Concepts... 15 About AAA server support... 15 About AAA high availability
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding Table of Contents Table of Contents 1 List of Figures 2 1 FAS as an authorization server 3 2 OpenID Connect Authorization Code Request and Response
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More informationAPI Security Management SENTINET
API Security Management SENTINET Overview 1 Contents Introduction... 2 Security Models... 2 Authentication... 2 Authorization... 3 Security Mediation and Translation... 5 Bidirectional Security Management...
More informationAPI Security Management with Sentinet SENTINET
API Security Management with Sentinet SENTINET Overview 1 Contents Introduction... 2 Security Mediation and Translation... 3 Security Models... 3 Authentication... 4 Authorization... 5 Bidirectional Security
More informationAbout 1. Chapter 1: Getting started with odata 2. Remarks 2. Examples 2. Installation or Setup 2. Odata- The Best way to Rest 2
odata #odata Table of Contents About 1 Chapter 1: Getting started with odata 2 Remarks 2 Examples 2 Installation or Setup 2 Odata- The Best way to Rest 2 Chapter 2: Azure AD authentication for Node.js
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding Table of Contents Table of Contents 1 List of Figures 2 1 FAS as an authorization server 3 2 OpenID Connect Authorization Code Request and Response
More informationWho am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB
@markmorow Who am I? Identity Product Group, CXP Team Premier Field Engineer SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB Active Directory Domain Services On-premises App Server Validate credentials
More informationNetIQ Access Manager 4.3. REST API Guide
NetIQ Access Manager 4.3 REST API Guide Contents 1. Introduction... 3 2. API Overview... 3 3 Administration APIs... 3 3.1 Accessing the Administration APIs... 3 3.2 Detailed API Documentation... 4 3.3
More informationNetIQ Access Manager 4.4. REST API Guide
NetIQ Access Manager 4.4 REST API Guide Contents 1. Introduction... 3 2. API Overview... 3 3 Administration APIs... 3 3.1 Accessing the Administration APIs... 3 3.2 Detailed API Documentation... 4 3.3
More informationWho am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB
@markmorow Who am I? Identity Product Group, CXP Team Premier Field Engineer SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB Under the hood: Multiple backend services and hybrid components Hybrid Components
More informationUsage of "OAuth2" policy action in CentraSite and Mediator
Usage of "OAuth2" policy action in CentraSite and Mediator Introduction Prerequisite Configurations Mediator Configurations watt.server.auth.skipformediator The pg.oauth2 Parameters Asset Creation and
More informationOPENID CONNECT 101 WHITE PAPER
OPENID CONNECT 101 TABLE OF CONTENTS 03 04 EXECUTIVE OVERVIEW WHAT IS OPENID CONNECT? Connect Terminology Relationship to OAuth 08 Relationship to SAML CONNECT IN MORE DETAIL Trust Model Discovery Dynamic
More informationBlackBerry AtHoc Networked Crisis Communication. BlackBerry AtHoc API Quick Start Guide
BlackBerry AtHoc Networked Crisis Communication BlackBerry AtHoc API Quick Start Guide Release 7.6, September 2018 Copyright 2018 BlackBerry Limited. All Rights Reserved. This document may not be copied,
More informationWEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F
WEB API v 1. 1 0 8. 0 5. 2 0 1 8 1. Introduction 2. Calling URL 3. Swagger Interface Example API call through Swagger 4. Authentication API Tokens OAuth 2 Code Flow OAuth2 Authentication Example 1. Authorization
More informationTHE ESSENTIAL OAUTH PRIMER: UNDERSTANDING OAUTH FOR SECURING CLOUD APIS
THE ESSENTIAL OAUTH PRIMER: UNDERSTANDING OAUTH FOR SECURING CLOUD APIS TABLE OF CONTENTS 03 03 05 06 07 07 09 11 EXECUTIVE OVERVIEW MOTIVATING USE CASE: TRIPIT TERMINOLOGY INTRODUCTION THE OAUTH 2.0 MODEL
More information70-532: Developing Microsoft Azure Solutions
70-532: Developing Microsoft Azure Solutions Exam Design Target Audience Candidates of this exam are experienced in designing, programming, implementing, automating, and monitoring Microsoft Azure solutions.
More informationDATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz
Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz Osman Akagunduz Consultant @ InSpark Microsoft Country Partner Of The Year Twitter: @Osman_Akagunduz What s in this session The role of Azure
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More information70-532: Developing Microsoft Azure Solutions
70-532: Developing Microsoft Azure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Create and Manage Azure Resource Manager Virtual Machines
More informationMicrosoft Cloud Workshops. Modern Cloud Apps Learner Hackathon Guide
Microsoft Cloud Workshops Modern Cloud Apps Learner Hackathon Guide September 2017 2017 Microsoft Corporation. All rights reserved. This document is confidential and proprietary to Microsoft. Internal
More informationBest Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationIntroduction to application management
Introduction to application management To deploy web and mobile applications, add the application from the Centrify App Catalog, modify the application settings, and assign roles to the application to
More informationSHAREPOINT DEVELOPMENT FOR 2016/2013
SHAREPOINT DEVELOPMENT FOR 2016/2013 Course Code: AUDIENCE: FORMAT: LENGTH: SP16-310-GSA (CP GSA2016) Professional Developers Instructor-led training with hands-on labs 5 Days COURSE INCLUDES: 5-days of
More informationAccess Manager 4.4 Release Notes
Access Manager 4.4 Release Notes September 2017 Access Manager 4.4 includes new features, enhancements, improves usability, and resolves several previous issues. Many of these improvements are made in
More informationSingle Sign-On Showdown
Single Sign-On Showdown ADFS vs Pass-Through Authentication Max Fritz Solutions Architect SADA Systems #ITDEVCONNECTIONS Azure AD Identity Sync & Auth Timeline 2009 2012 DirSync becomes Azure AD Sync 2013
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding 1 Table of Content FAS as an authorization server 3 1 OpenID Connect Authorization Code Request and Response 4 1.1 OPENID CONNECT AUTHORIZATION CODE
More informationOffice 365 and Azure Active Directory Identities In-depth
Office 365 and Azure Active Directory Identities In-depth Jethro Seghers Program Director SkySync #ITDEVCONNECTIONS ITDEVCONNECTIONS.COM Agenda Introduction Identities Different forms of authentication
More informationProtect Your API with OAuth 2. Rob Allen
Protect Your API with OAuth 2 Authentication Know who is logging into your API Rate limiting Revoke application access if its a problem Allow users to revoke 3rd party applications How? Authorization header:
More informationEXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings
EXPERTS LIVE SUMMER NIGHT Close your datacenter and give your users-wings Stefan van der Wiele Robbert van der Zwan TSP EMS Blackbelt TSP EMS Netherlands EXPERTS LIVE SUMMER NIGHT Stefan van der Wiele
More informationNIELSEN API PORTAL USER REGISTRATION GUIDE
NIELSEN API PORTAL USER REGISTRATION GUIDE 1 INTRODUCTION In order to access the Nielsen API Portal services, there are three steps that need to be followed sequentially by the user: 1. User Registration
More informationOracle Fusion Middleware. Oracle API Gateway OAuth User Guide 11g Release 2 ( )
Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.3.0) April 2014 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.3.0) Copyright 1999, 2014, Oracle and/or its
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationKEY DISTRIBUTION AND USER AUTHENTICATION
KEY DISTRIBUTION AND USER AUTHENTICATION Key Management and Distribution No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman
More informationSlack Connector. Version 2.0. User Guide
Slack Connector Version 2.0 User Guide 2015 Ping Identity Corporation. All rights reserved. PingFederate Slack Connector User Guide Version 2.0 December, 2015 Ping Identity Corporation 1001 17th Street,
More informationWeb Messaging Configuration Guide Document Version: 1.3 May 2018
Web Messaging Configuration Guide Document Version: 1.3 May 2018 Contents Introduction... 4 Web Messaging Benefits... 4 Deployment Steps... 5 1. Tag your brand site... 5 2. Request feature enablement...
More informationVMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2
VMware Identity Manager Administration MAY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationCS144: Sessions. Cookie : CS144: Web Applications
CS144: Sessions HTTP is a stateless protocol. The server s response is purely based on the single request, not anything else Q: How does a web site like Amazon can remember a user and customize its results?
More informationAutomatically Remediating Messages in Office 365 Mailboxes
Automatically Remediating Messages in Office 365 Mailboxes This chapter contains the following sections: Performing Remedial Actions on Messages Delivered to End Users When the Threat Verdict Changes to
More informationOracle Fusion Middleware. API Gateway OAuth User Guide 11g Release 2 ( )
Oracle Fusion Middleware API Gateway OAuth User Guide 11g Release 2 (11.1.2.2.0) August 2013 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.2.0) Copyright 1999, 2013, Oracle and/or its affiliates.
More informationQUICK NOTE: MULTI-FACTOR AUTHENTICATION
Overview This Quick Note covers the steps necessary to setup your multi-factor authentication (MFA) account. Multi-factor authentication (MFA) is a method of authentication that requires the use of more
More informationBMS Managing Users in Modelpedia V1.1
BMS 3.2.0 Managing Users in Modelpedia V1.1 Version Control Version Number Purpose/Change Author Date 1.0 Initial published version Gillian Dass 26/10/2017 1.1 Changes to User roles Gillian Dass 14/11/2017
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More informationExam : Implementing Microsoft Azure Infrastructure Solutions
Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Design and Implement Azure App Service
More informationSentinet for BizTalk Server SENTINET
Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and API Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication
More informationCreating relying party clients using the Nimbus OAuth 2.0 SDK with OpenID Connect extensions
Creating relying party clients using the Nimbus OAuth 2.0 SDK with OpenID Connect extensions 2013-05-14, Vladimir Dzhuvinov Goals of the SDK Full implementation of the OIDC specs and all related OAuth
More informationFive9 Plus Adapter for Agent Desktop Toolkit
Cloud Contact Center Software Five9 Plus Adapter for Agent Desktop Toolkit Administrator s Guide September 2017 The Five9 Plus Adapter for Agent Desktop Toolkit integrates the Five9 Cloud Contact Center
More informationArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT
ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication
More informationovirt SSO Specification
ovirt SSO Specification Behavior Changes End user visible changes The password delegation checkbox at user portal login is now a profile setting. Sysadmin visible changes Apache negotiation URL change
More informationIssued March FLY for Dropbox Installation and Configuration Guide
FLY for Dropbox Installation and Configuration Guide Issued March 2018 FLY for Dropbox Installation and Configuration Guide 1 Table of Contents About This Guide... 3 Uninstalling FLY for Dropbox... 4 Installing
More informationIntro to the Identity Experience Engine. Kim Cameron, Microsoft Architect of Identity ISSE Paris November 2016
Intro to the Identity Experience Engine Kim Cameron, Microsoft Architect of Identity ISSE Paris November 2016 Intro to the Identity Experience Engine (IEE) Withering away of the enterprise domain boundary
More informationCloud Storage Pluggable Access Control David Slik NetApp, Inc.
Cloud Storage Pluggable Access Control David Slik NetApp, Inc. 2018 Storage Developer Conference. NetApp, Inc. All Rights Reserved. 1 Agenda Access Control The classic models: DAC, MAC & RBAC Emerging
More informationIdentity and Data Access: OpenID & OAuth
Feedback: http://goo.gl/dpubh #io2011 #TechTalk Identity and Data Access: OpenID & OAuth Ryan Boyd @ryguyrg https://profiles.google.com/ryanboyd May 11th 2011 Agenda Feedback: http://goo.gl/dpubh #io2011
More informationMicrosoft Cloud Workshop
Microsoft Cloud Workshop Hands-on lab step-by-step January 2018 Information in this document, including URL and other Internet Website references, is subject to change without notice. Unless otherwise
More informationClearPass. Onboard and Cloud Identity Providers. Configuration Guide. Onboard and Cloud Identity Providers. Configuration Guide
Configuration Guide Onboard and Cloud Identity Providers Configuration Guide Onboard and Cloud Identity Providers ClearPass Onboard and Cloud Identity Providers - Configuration Guide 1 Onboard and Cloud
More informationIntegration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate
SafeNet Authentication Manager Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationExtranets in SharePoint and Office 365 May 17, 2017
Extranets in SharePoint and Office 365 May 17, 2017 Peter Carson President, Envision IT SharePoint MVP Partner Seller, Microsoft Canada peter.carson@extranetusermanager.com http://blog.petercarson.ca www.envisionit.com
More information