Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Single Sign On with TYPO3 Flow

hlubek
April 19, 2013

Single Sign On with TYPO3 Flow

Slides for my talk at the Inspiring Flow 2013 conference about a Single Sign On solution for TYPO3 Flow.

hlubek

April 19, 2013
Tweet

More Decks by hlubek

Other Decks in Technology

Transcript

  1. = +

  2. „Can we store all accounts centrally and login once and

    forever?“ [enter customer name here] quote
  3. Server Instance 1 access secured resource 2 redirect to server

    authenticate 3 5 redeem token 4 redirect back 6 redirect to secured res.
  4. Server Server key pair Service base URI > server identifier

    Client 1 Public key Service base Client 2 Public key Service base Stored
  5. Server Instance 4 redirect back Encrypted access token for server-side

    data transfer /sso/authentication/callback?originalUri=...&accessToken=...&signature=...
  6. Server Instance 5 redeem token Server-side signed request Validates token

    Get account data from server POST /sso/token/jNkmyO6oC1gm4xozKt1FR579/redeem
  7. Feature: Instance Login with Single Sign-On In order to access

    a secured resource on an instance (some web application) As a user of the instance I need to be able to log in using my central user account on the SSO server Background: Given I am not authenticated on the server or the instance Scenario: Protected resource on instance redirects to server login Given I am on the instance homepage When I click on the link "Go to secure action" Then I should be redirected to the server And I should see a login form Scenario: Login on server with correct credentials redirects to original URI Given I am on the instance homepage And I click on the link "Go to secure action" When I fill in "Username" with "admin" And I fill in "Password" with "password" And I press "Login" Then I should be redirected to the instance And the URI should not contain SSO parameters Scenario: Login forwards account information to instance Given I am on the instance homepage