Single Sign On with OAuth and OpenID

Slide 1

Slide 1 text

Jérôme Gasperi Single Sign On with OAuth and OpenID WGISS-36 ESA/ESRIN - Frascati, Italy - September 19th, 2013

Slide 2

Slide 2 text

OpenID is an open standard for authentication. Model is based on conﬁdence links between Service Providers and Authentication Providers (i.e. OpenID providers) to achieve Single Sign On authentication

Slide 3

Slide 3 text

OAuth is an open standard for authorization. It provides a method for clients to access server resources on behalf of a resource owner

Slide 4

Slide 4 text

OAuth is an open standard for authorization. It provides a method for clients to access server resources on behalf of a resource owner etc...

Slide 5

Slide 5 text

Experiment Filter access to Kalideos (i.e. SPOT) data through a secured WMS server using OpenID Connect (i.e. OpenID over OAuth)

Slide 6

Slide 6 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 3. Authentication with OAuth (OpenID Connect) 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session

Slide 7

Slide 7 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 8

Slide 8 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 9

Slide 9 text

Slide 10

Slide 10 text

Slide 11

Slide 11 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 12

Slide 12 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 13

Slide 13 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 14

Slide 14 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 15

Slide 15 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 16

Slide 16 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 17

Slide 17 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 18

Slide 18 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 19

Slide 19 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 20

Slide 20 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 21

Slide 21 text

Kalideos Server Identity Server LDAP WMS Server 1. Ask for authentication 2. Redirect to Identity Server 5. Send OAuth token 6. Get user information using OAuth token 10. Return user information 9. Send OAuth token for validation and get user information 7. Return user information 4. Return OAuth token 8. Send OAuth token 14. Ask for WMS feed 15. Return WMS feed 11. Ask for user rights 12. Get user rights 13. Create user session 3. Authentication with OAuth (OpenID Connect)

Slide 22

Slide 22 text

OpenID Connect planned to be used in Theia (i.e. French Land Surface Thematic Center)

Slide 23

Slide 23 text

No content