open standard based identity provisioning for cloud
DESCRIPTION
Open standard based Identity Provisioning for Cloud. Prabath Siriwardena. About Me. Director of Security Architecture at WSO2 Leads WSO2 Identity Server – an open source identity and entitlement management product. Apache Axis2/Rampart committer / PMC - PowerPoint PPT PresentationTRANSCRIPT
Open standard based Identity Provisioning for Cloud
Prabath Siriwardena
About Me• Director of Security Architecture at WSO2• Leads WSO2 Identity Server – an open source identity and
entitlement management product.• Apache Axis2/Rampart committer / PMC• A member of OASIS Identity Metasystem Interoperability (IMI)
TC, OASIS eXtensible Access Control Markup Language (XACML) TC and OASIS Security Services (SAML) TC.
• Twitter : @prabath• Email : [email protected]• Blog : http://blog.facilelogin.com• LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
Plug-Map
Open standard (and also open source)
based Identity Provisioning for Cloud
Synchronization
Synchronization
Sharing
Single Sign-On
Provisioning
Standard-based Provisioning
Standard-based ProvisioningSPML 1.0 Request / Response
Standard-based ProvisioningSPML 1.0 Request / Response
Standard-based ProvisioningSPML 2.0 Request / Response [DSML]
Standard-based ProvisioningSPML 2.0 Request / Response [XDS]
Standard-based Provisioning
System for Cross-domain Identity Management
System for Cross-domain Identity Management
{"schemas":[], "name": {"familyName":"siriwardena", "givenName":"prabath"}, "userName":"prabath", "password":"prabath123", "externalId":"prabathext", "emails":[ {"primary":true, "value":"[email protected]", "type":"home"}, {"value":"[email protected]", "type":"work"}]}
curl -k --user admin:admin -d @add-user.json --header "Content-Type:application/json" https://localhost:9445/wso2/scim/Users
System for Cross-domain Identity Management
{"schemas":["urn:scim:schemas:core:1.0"], "displayName" : "OSDC", "externalId" : "OSDC", "members": [ { "value": "f64e6507-756d-4a14-ac43-c9d02167f411", "display": "prabath" } ]}
curl -k --user admin:admin -d @add-group.json --header "Content-Type:application/json" https://localhost:9445/wso2/scim/Groups
System for Cross-domain Identity Management
Authenticating SCIM Requests
• HTTP Basic Authentication• OAuth 2.0
Authenticating SCIM Requests
Authenticating SCIM Requests
curl -v -X POST --basic -u XQi6DUDPnMW_FH_VK3f1gBetNAsa:VfKb7MHzH7Q0U6YdNV6ehhetCpka -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "grant_type=password&username=admin&password=admin" https://localhost:9445/oauth2/token
curl -k -H "Authorization: Bearer ea7f76f134eb9bbb12d4b06b93e1d0a3" -d @add-user.json --header "Content-Type:application/json” https://localhost:9445/wso2/scim/Users
Get the Access Token from the OAuth Authorization Server
Add a user with via SCIM
Authenticating SCIM Requests
Authorizing SCIM Requests
Authorizing SCIM Requests
Authorizing SCIM Requests
Federated Provisioning Patterns
Federated Provisioning Patterns
Federated Provisioning Patterns
Federated Provisioning Patterns
Federated Provisioning Patterns
Federated Provisioning Patterns
lean . enterprise . middleware