SlideShare a Scribd company logo

High-level API for Single Sign On using SAML

Download as PPTX, PDF
T
Tony Ngan

Powerpoint slide in a talk organised by Open Innovation Lab @CUHK https://www.facebook.com/events/1637686463152269/

Software
1 of 31
High-level API for Single Sign On using SAML Tony Ngan
$ whoami Tony Ngan (tngan) Currently MSc(CompSc) student @HKU Graduated @CUHK IE Worked as software engineer for 2 years Embrace open source projects Love coding #NodeJS #ES6 #JavaScript #CSharp #ReactJS #Redux #Flux #MongoDB #SQL #SAML2 #HTML #Webpack #MVC #Gulp #JQuery #C #Rails #GraphQL #SSO #Git #SVN @Siaoyoukeng, Taipei 2015
Agenda A dummy guide to Single Sign On - Introduction - Implementation Overview of express-saml2 - Introduction - Short Demo (You guys always love it) - What is the next ? Mobile implementation using OAuth (Ronghai)
SSO, huh !? Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. (Wikipedia)
SSO, huh !? Let’s imagine … Difficult to manage their account/password
SSO, huh !? Using SSO … Only need to remember one set credential
Special Use Case Used to manage access control Only manager-level users can login to the internal systems, but we want to give limited privilege to some employees to use the internal systems, how can we do it ?
Special Use Case Used to manage access control An account is created in the Identity Provider for each employee. They can only login via SSO as a SSO user to get access right in the system.
How to implement ? SAML Based on XML assertion Adopted widely in Web based applications Open-ID Connect Based on OAuth token Applied in mobile applications
Behind SAML SSO Three parties we used to explain
Behind SAML SSO Users/Clients Take action to access the applications Memorize one set of credential
Behind SAML SSO Identity Provider An entity authenticates the users
Behind SAML SSO Service Provider An entity provides services/resources
Go through SAML SSO Example: Service Provider Initiated SSO Another: Identity Provider Initiated SSO
Step 1 User types the URL of the Service Provider for SSO
Step 2 Service Provider sends a SAML Request to Identity Provider to get User’s authenticity.
What is SAML Request ? Tells Identity Provider that ‘I want you to authenticate the user’
Step 3 User now logins to Identity Provider to authenticate himself
Step 4 Identity Provider sends back a SAML Response to Service Provider and confirm the user authenticity.
What is SAML Response?
Step 5 Finally Service Provider prepares a session for user and logged into the application
More security options - Signature is used in request and response to achieve non-repudiation - Set expired date in SAML response - Encryption of sensitive information in SAML response - Request is paired up with Response - HTTPS connection to provide transport layer encryption - Data integrity
express-saml2 This module provides high-level API for scalable Single Sign On (SSO) implementation. Developers can easily configure the Service Providers and Identity Providers by importing the corresponding metadata. SAML2.0 provides a standard guide but leaves a lot of options, so we provide a simple interface that's highly configurable.
metadata ? Metadata is a XML document which specifies entity preference. For example: - Endpoint of single sign on - Expect request/response with a signature - Support bindings of request/response (GET/POST) - X.509 Certificate used for signature and verification … etc
Why I build it ? - Takes me about 2-3 weeks to release the first version - Developers needs more and more concrete examples - Flatten the learning curve of SAML standard - Log the work I’ve done before - Build an enterprise-level module - Standardize the coding using same terminology - Code for FUN !
Abstractions and Design Abstracted Service Provider and Identity Provider - Common actions are described in Entity.js e.g. Parse/Export metadata, actions for logout Abstracted SP Metadata and IdP Metadata - Common methods are described in Metadata.js e.g. Get certificate, endpoint for login/logout
Abstractions and Design Other files: RedirectBinding.js :: Declare the functions using Redirect binding PostBinding.js :: Declare the functions using Post binding urn.js :: Includes all keywords needed SamlLib.js / Utility.js :: Library for some common functions
Why High-Level ? Less code and save time !
Quick demo
next( ); - More use cases and examples - More testing cases (mocha) - Support more signature algorithms - A new branch is created to write in ES6 syntax - Separate out the high-level XML attribute extractor - Continuous code refactoring - Reduce dependencies Feel free to fork and contribute !
Thank You ! This PowerPoint will be uploaded to slideshare later on Thanks Open Source #Atom #Roboto #icon8/flat-color-icons #express-saml2

Recommended

Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol OverviewMike Schwartz
 
SAML Smackdown
SAML SmackdownSAML Smackdown
SAML SmackdownPat Patterson
 
Introduction to SAML
Introduction to SAMLIntroduction to SAML
Introduction to SAMLClément OUDOT
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuthDan Brinkmann
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML Programming Talents
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 

Recommended

Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol OverviewMike Schwartz
 
SAML Smackdown
SAML SmackdownSAML Smackdown
SAML SmackdownPat Patterson
 
Introduction to SAML
Introduction to SAMLIntroduction to SAML
Introduction to SAMLClément OUDOT
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuthDan Brinkmann
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML Programming Talents
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
SAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your EnterpriseSAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your EnterpriseDenis Gundarev
 
White Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementWhite Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementGigya
 
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014Nov Matake
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLAlfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLJ V
 
Single sign on
Single sign onSingle sign on
Single sign onRob Fitzgibbon
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
 
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)We4IT Group
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application SecuritySecureAuth
 
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...SecureAuth
 
Java performance
Java performanceJava performance
Java performanceSachin Shukla
 
Creating High Performance Big Data Applications with the Java Persistence API
Creating High Performance Big Data Applications with the Java Persistence APICreating High Performance Big Data Applications with the Java Persistence API
Creating High Performance Big Data Applications with the Java Persistence APIDATAVERSITY
 
High Performance With Java
High Performance With JavaHigh Performance With Java
High Performance With Javamalduarte
 
Optimizing Java Performance
Optimizing Java PerformanceOptimizing Java Performance
Optimizing Java PerformanceKonstantin Pavlov
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfWilly Marroquin (WillyDevNET)
 

More Related Content

Viewers also liked

Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
SAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your EnterpriseSAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your EnterpriseDenis Gundarev
 
White Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementWhite Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementGigya
 
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014Nov Matake
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLAlfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLJ V
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
 
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)We4IT Group
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application SecuritySecureAuth
 
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...SecureAuth
 
Creating High Performance Big Data Applications with the Java Persistence API
Creating High Performance Big Data Applications with the Java Persistence APICreating High Performance Big Data Applications with the Java Persistence API
Creating High Performance Big Data Applications with the Java Persistence APIDATAVERSITY
 
High Performance With Java
High Performance With JavaHigh Performance With Java
High Performance With Javamalduarte
 

Viewers also liked (17)

Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
 
SAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your EnterpriseSAML and Other Types of Federation for Your Enterprise
SAML and Other Types of Federation for Your Enterprise
 
White Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementWhite Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity Management
 
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLAlfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
 
Single sign on
Single sign onSingle sign on
Single sign on
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
 
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application Security
 
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
 
Java performance
Java performanceJava performance
Java performance
 
Creating High Performance Big Data Applications with the Java Persistence API
Creating High Performance Big Data Applications with the Java Persistence APICreating High Performance Big Data Applications with the Java Persistence API
Creating High Performance Big Data Applications with the Java Persistence API
 
High Performance With Java
High Performance With JavaHigh Performance With Java
High Performance With Java
 
Optimizing Java Performance
Optimizing Java PerformanceOptimizing Java Performance
Optimizing Java Performance
 

Recently uploaded

Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 

Recently uploaded (20)

Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 

High-level API for Single Sign On using SAML

  • 1. High-level API for Single Sign On using SAML Tony Ngan
  • 2. $ whoami Tony Ngan (tngan) Currently MSc(CompSc) student @HKU Graduated @CUHK IE Worked as software engineer for 2 years Embrace open source projects Love coding #NodeJS #ES6 #JavaScript #CSharp #ReactJS #Redux #Flux #MongoDB #SQL #SAML2 #HTML #Webpack #MVC #Gulp #JQuery #C #Rails #GraphQL #SSO #Git #SVN @Siaoyoukeng, Taipei 2015
  • 3. Agenda A dummy guide to Single Sign On - Introduction - Implementation Overview of express-saml2 - Introduction - Short Demo (You guys always love it) - What is the next ? Mobile implementation using OAuth (Ronghai)
  • 4. SSO, huh !? Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. (Wikipedia)
  • 5. SSO, huh !? Let’s imagine … Difficult to manage their account/password
  • 6. SSO, huh !? Using SSO … Only need to remember one set credential
  • 7. Special Use Case Used to manage access control Only manager-level users can login to the internal systems, but we want to give limited privilege to some employees to use the internal systems, how can we do it ?
  • 8. Special Use Case Used to manage access control An account is created in the Identity Provider for each employee. They can only login via SSO as a SSO user to get access right in the system.
  • 9. How to implement ? SAML Based on XML assertion Adopted widely in Web based applications Open-ID Connect Based on OAuth token Applied in mobile applications
  • 10. Behind SAML SSO Three parties we used to explain
  • 11. Behind SAML SSO Users/Clients Take action to access the applications Memorize one set of credential
  • 12. Behind SAML SSO Identity Provider An entity authenticates the users
  • 13. Behind SAML SSO Service Provider An entity provides services/resources
  • 14. Go through SAML SSO Example: Service Provider Initiated SSO Another: Identity Provider Initiated SSO
  • 15. Step 1 User types the URL of the Service Provider for SSO
  • 16. Step 2 Service Provider sends a SAML Request to Identity Provider to get User’s authenticity.
  • 17. What is SAML Request ? Tells Identity Provider that ‘I want you to authenticate the user’
  • 18. Step 3 User now logins to Identity Provider to authenticate himself
  • 19. Step 4 Identity Provider sends back a SAML Response to Service Provider and confirm the user authenticity.
  • 20. What is SAML Response?
  • 21. Step 5 Finally Service Provider prepares a session for user and logged into the application
  • 22. More security options - Signature is used in request and response to achieve non-repudiation - Set expired date in SAML response - Encryption of sensitive information in SAML response - Request is paired up with Response - HTTPS connection to provide transport layer encryption - Data integrity
  • 23. express-saml2 This module provides high-level API for scalable Single Sign On (SSO) implementation. Developers can easily configure the Service Providers and Identity Providers by importing the corresponding metadata. SAML2.0 provides a standard guide but leaves a lot of options, so we provide a simple interface that's highly configurable.
  • 24. metadata ? Metadata is a XML document which specifies entity preference. For example: - Endpoint of single sign on - Expect request/response with a signature - Support bindings of request/response (GET/POST) - X.509 Certificate used for signature and verification … etc
  • 25. Why I build it ? - Takes me about 2-3 weeks to release the first version - Developers needs more and more concrete examples - Flatten the learning curve of SAML standard - Log the work I’ve done before - Build an enterprise-level module - Standardize the coding using same terminology - Code for FUN !
  • 26. Abstractions and Design Abstracted Service Provider and Identity Provider - Common actions are described in Entity.js e.g. Parse/Export metadata, actions for logout Abstracted SP Metadata and IdP Metadata - Common methods are described in Metadata.js e.g. Get certificate, endpoint for login/logout
  • 27. Abstractions and Design Other files: RedirectBinding.js :: Declare the functions using Redirect binding PostBinding.js :: Declare the functions using Post binding urn.js :: Includes all keywords needed SamlLib.js / Utility.js :: Library for some common functions
  • 28. Why High-Level ? Less code and save time !
  • 30. next( ); - More use cases and examples - More testing cases (mocha) - Support more signature algorithms - A new branch is created to write in ES6 syntax - Separate out the high-level XML attribute extractor - Continuous code refactoring - Reduce dependencies Feel free to fork and contribute !
  • 31. Thank You ! This PowerPoint will be uploaded to slideshare later on Thanks Open Source #Atom #Roboto #icon8/flat-color-icons #express-saml2