Liferay and eHerkenning with SAML
•Transferir como PPTX, PDF•
0 gostou•751 visualizações
How to connect a Liferay portal to the Dutch authentication provider eHerkenning
Recomendados
Mais conteúdo relacionado
Semelhante a Liferay and eHerkenning with SAML
Semelhante a Liferay and eHerkenning with SAML (20)
Último
Último (20)
Liferay and eHerkenning with SAML
- 1. Veilige toegang tot zakelijke diensten Liferay & eHerkenning Willem Vermeer Freelance java/liferay engineer Insert User Group Logo Here
- 3. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY The business case Insert User Group Logo (please resize) http://www.rijksoverheid.nl/documenten-en-publicatie
- 4. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY The business case at Immigratie en Naturalisatie Dienst (IND) Insert User Group Logo (please resize) Uit jaarverslag 2014:
- 5. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Security … hoe zat het ook alweer Insert User Group Logo (please resize) • userid/password • LDAP • OpenID • Facebook.. • roles • groups • permissions
- 6. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Service provider vs Identity provider Insert User Group Logo (please resize)
- 7. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Security - Identity Providers in Nederland Insert User Group Logo (please resize) particulier zakelijk
- 8. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY eHerkenning Insert User Group Logo (please resize) een gestandaardiseerd inlogsysteem, waarmee ondernemers met één sleutel kunnen inloggen bij diverse overheden, instellingen of andere organisaties. ontwikkeld door het bedrijfsleven in samenwerking met de overheid
- 9. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY eHerkenning makelaars Insert User Group Logo (please resize)
- 10. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY 4 Betrouwbaarheidsniveaus Insert User Group Logo (please resize)
- 11. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Aansluiten Insert User Group Logo (please resize)
- 12. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY SAML Insert User Group Logo (please resize) • OASIS Standard since 2005 • XML Based • Assertion about identity (BSN, KvK) • Open SAML java implementation
- 13. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY SAML Assertion Example Insert User Group Logo (please resize) 1. 2. 3. 4. 5.
- 14. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Inlog proces - HTTP POST Insert User Group Logo (please resize)
- 15. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Inlog proces - HTTP Artifact Binding Insert User Group Logo (please resize)
- 16. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Liferay en SAML Insert User Group Logo (please resize) is gebaseerd op bevat ‘glue-code’ om login proces bij SAML IdP vanuit Liferay te starten en in http session te verwerken
- 17. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Insert User Group Logo (please resize)
- 18. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Insert User Group Logo (please resize)
- 19. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Liferay en SAML Insert User Group Logo (please resize) # keystore type saml.keystore.type=jks # location of the keystore saml.keystore.path=/export/www/portal/data/keystore.jks # pwd for accessing the keystore saml.keystore.password=bigsecret # pwd for accessing the certificate of the entity in the keystore saml.keystore.credential.password[urn:nl:eherkenning:DV:00000003507204570000:en # Service Provider SAML entity id saml.sp.default.idp.entity.id=urn:nl:eherkenning:HM:00000003273226310000:entities:30 portal-ext.properties
- 20. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Insert User Group Logo (please resize)
- 21. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Liferay SAML Plugin Customization Insert User Group Logo (please resize)
- 22. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Liferay SAML Plugin Customization Insert User Group Logo (please resize) • customize authentication request • customize post-login action
- 23. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY After login - then what? Insert User Group Logo (please resize) • end result of authentication: information about identity of user • proceed with authorization (roles, groups, organisation) • important: we need a persistent Liferay User object
- 24. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Limitations of Liferay SAML Plugin Insert User Group Logo (please resize) • poor customisation possibilities • no support for multiple IdPs => cannot connect both Digid and eHerkenning • no support for Artifact binding
- 25. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Our status Insert User Group Logo (please resize) • still in testing phase • need to address plugin limitations - cooperation with Liferay • more complicated scenarios such as ‘machtigingen’? • what will happen when live?
- 26. WWW.LIFERAY.COM WWW.FACEBOOK.COOM/LIFERAY @LIFERAY Questions? Insert User Group Logo (please resize)