Post on 14-Dec-2015
transcript
Authentication in the cloud:Step by StepFelix JorkowskiSenior Developer, Planet Software
AZR317
Agenda
Components Of Authentication
Breaking Implicit TrustOAuth / Open ID
Federated AuthenticationWS-Federation / WS-Trust
Components of Authentication
Tokens
“A thing serving as a visible or tangible representation of something abstract”
User
Time
Cookie
Query
JSON
SOAP
Components of Authentication
Trust
Encryption
Explicit or Implicit
Extending trust using tokens
Trust
Breaking Implicit Trust
Identity Provider (IdP)
The User Store
Relying Party (RP)
Service for those Users
Breaking Implicit Trust
OAuth (2)
OpenID
Example: OAuth/OpenID
Client User Source (IdP)
Services
Server (RP)
Example: OAuth/OpenID
Client
Server (RP)
User Source (IdP)
Services
Example: OAuth/OpenID
Client
Server (RP)
User Source (IdP)
Services
Example: OAuth/OpenID
Client
Server (RP)
User Source (IdP)
Services
Example: OAuth/OpenID
OAuth Only!
Client
Server (RP)
User Source (IdP)
Services
Example: OAuth/OpenID
Client
Server (RP)
User Source (IdP)
Services
Example: OAuth/OpenID
OAuth Only!
Client
Server (RP)
User Source (IdP)
Services
Example: OAuth/OpenID
Client
Server (RP)
User Source (IdP)
Services
Example: OAuth/OpenID
Client
Server (RP)
User Source (IdP)
Services
demo
Forms -> OAuth/OpenID
Federated Authentication
Federated Authentication
Passive (WS-Federation)
Active (WS-Trust)
Federated Authentication
Claims
Passed in your tokens
Holds user’s name, email…
Endpoints
Only for WS-Trust
Lots of configurations!
Federated Authentication
Example: WS-Federation
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Example: WS-Federation
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
Example: WS-Federation
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
demo
Forms -> WS-Federation
net.tcp -> WS-Trust
Thank you!
Projects available at: https://github.com/ajorkowski/techeddemos
Questions? Meet and Greet - Thursday 11-11:30 Speaker Lounge
Twitter: @felixinmelb
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.