SlideShare uma empresa Scribd logo

Adding Identity Management and Access Control to your Application - Exersices

Transferir como PPTX, PDF
Álvaro Alonso González
Álvaro Alonso González

Security exercises

Educação
1 de 15
Adding Identity Management and Access Control to your Application - Exercises Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso
Exercises index (I) • Sec-1. Creating a FIWARE account • Sec-2. Managing organizations • Sec-3. Authorize a friend in your Cloud Org • Sec-4. Registering an application • Sec-5. Adding OAuth2 to your application (based on our Node.js template)
Exercises index (I) • Sec-6. Adding OAuth2 to your application (using an OAuth2 library) • Sec-7. Adding OAuth2 to your application (Resource Owner Password Credentials Grant) • Sec-8. Securing your backend Authentication • Sec-9. Securing your backend Basic Authorization • Sec-10. Securing your backend Advanced Authorization
Sec-1. Creating a FIWARE account • Prerequisite – To have an Internet connection  • Steps – Go to https://account.lab.fiware.org – Click in “Sign Up” – Fill your data – Confirm your account from the email confirmation • Hints – If you don’t receive the email confirmation… check your spam Easy
Sec-2. Managing organizations • Prerequisite – To have a FIWARE account • Steps – Go to https://account.lab.fiware.org – Sign In – Create an Organization – Add members to it • Hints – To manage an organization you have to switch to it using the dropdown in the upper right corner. Easy
Sec-3. Authorize a friend in your Cloud Org • Prerequisite – To have a FIWARE account (Trial or Community) • Steps – Go to https://account.lab.fiware.org – Sign In – Follow the instructions explained in the workshop • Hints – To manage an organization you have to switch to it using the dropdown in the upper right corner. Easy
Sec-4. Registering an application • Prerequisite – To have a FIWARE account • Steps – Go to https://account.lab.fiware.org – Sign In – Register an application • Hints – You have to set: • URL: the url where your app will run • Callback URL: the url where Account Portal will redirect your users once authenticated Easy
Sec-5 (1). Adding OAuth2 to your application (based on our Node.js template) • Prerequisites – To have an application registered in the Account Portal – To learn how OAuth2 works • Steps – Clone our demo example: • https://github.com/ging/oauth2-example-client – Follow the instructions in the README • You will find client_secret and client_id in the application detail: Easy
Sec-5 (2). Adding OAuth2 to your application (based on our Node.js template) • Hints – Learn about OAuth2: • http://oauth.net/2/ – FIWARE Account flows: • http://es.slideshare.net/alvaroalonsogonzalez/id-m-andac – FIWARE Account OAuth2 docs • https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance – Advanced courses: • http://edu.fi-ware.org/course/view.php?id=79 • http://edu.fi-ware.org/course/view.php?id=63 Easy
Sec-6. Adding OAuth2 to your application (using an OAuth2 library) • Prerequisite – To have an application registered in the Account Portal – To have your own application • Steps – Include an OAuth2 library in your app – Configure it using the OAuth credentials generated in the Account Portal – Follow the library instructions to use it • Hints – OAuth2 libraries • http://oauth.net/2/ Medium
Sec-7. Adding OAuth2 to your application (Resource Owner Password Credentials Grant) • Prerequisite – To have an application registered in the Account Portal • Steps – Include an OAuth2 library in your app – Configure it using the OAuth credentials generated in the Account Portal – Follow the library instructions to use it with this grant type • Hints – OAuth2 libraries • http://oauth.net/2/ – FIWARE Account OAuth2 docs • https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance Medium
Sec-8. Securing your backend Authentication • Prerequisite – To have a frontend app using OAuth and FIWARE Account – To have a REST-based backend service • Steps – Clone our PEP-Proxy Wilma • https://github.com/ging/fi-ware-pep-proxy – Configure it following the README • app_host and app_port are the coordinates of your backend REST API – Now your requests to your backend • Has to be sent to the proxy • Has to include “X-Auth-Token” header with the OAuth2 access token • Hints – Wilma docs • http://catalogue.fiware.org/enablers/pep-proxy-wilma Medium
Sec-9. Securing your backend Basic Authorization • Prerequisite – To have a Wilma deployed on top of your backend • Steps – Enable the “check_permissions” option in Wilma’s config – Edit your application in Account Portal • Create a new role • Create a new permission with – HTTP action – GET, POST, PUT, DELETE – REST resource – the url of your resource • Assign the role to a user • Check the request in your App • Hints – AuthZForce docs • http://catalogue.fiware.org/enablers/authorization-pdp-authzforce Hard
Sec-10. Securing your backend Advanced Authorization • Prerequisite – To have a Wilma deployed on top of your backend • Steps – Modify Wilma in order to manage XACML Requests • You can check request params such as body, headers… – Edit your application in Account Portal • Create a new role • Create a new permission with an advanced rule (XACML) • Assign the role to a user • Check the request in your App • Hints – AuthZForce docs • http://catalogue.fiware.org/enablers/authorization-pdp-authzforce – XACML • https://www.oasis-open.org/committees/xacml/ Hard
Adding Identity Management and Access Control to your Application - Exercises Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso

Recomendados

Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationÁlvaro Alonso González
 
FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity ManagerJoaquín Salvachúa
 
FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesJoaquín Salvachúa
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREÁlvaro Alonso González
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
APIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementAPIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementIsabelle Mauny
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-ditJoaquín Salvachúa
 

Recomendados

Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationÁlvaro Alonso González
 
FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity ManagerJoaquín Salvachúa
 
FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesJoaquín Salvachúa
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREÁlvaro Alonso González
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
APIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementAPIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementIsabelle Mauny
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-ditJoaquín Salvachúa
 
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
 
Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Fernando Lopez Aguilar
 
CyberArk Impact 2017 - REST for the Rest of Us
CyberArk Impact 2017 - REST for the Rest of UsCyberArk Impact 2017 - REST for the Rest of Us
CyberArk Impact 2017 - REST for the Rest of UsJoe Garcia
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.xZeeshan Khan
 
Securing Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud SecuritySecuring Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud SecurityWill Tran
 
Abusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-onsAbusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-onsAjin Abraham
 
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & InterfacesFI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfacescdanger
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-OnRavi Yasas
 
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperHacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperAjin Abraham
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
Api security
Api security Api security
Api security teodorcotruta
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...DevOps.com
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
Oauth 2.0 Security Considerations for Client Applications
Oauth 2.0 Security Considerations for Client ApplicationsOauth 2.0 Security Considerations for Client Applications
Oauth 2.0 Security Considerations for Client ApplicationsKasun Dharmadasa
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2axykim00
 
CloudStack Identity and Access Management (IAM)
CloudStack Identity and Access Management (IAM)CloudStack Identity and Access Management (IAM)
CloudStack Identity and Access Management (IAM)Min Chen
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Anil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil Saldanha
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 

Mais conteúdo relacionado

Mais procurados

Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
 
Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Fernando Lopez Aguilar
 
CyberArk Impact 2017 - REST for the Rest of Us
CyberArk Impact 2017 - REST for the Rest of UsCyberArk Impact 2017 - REST for the Rest of Us
CyberArk Impact 2017 - REST for the Rest of UsJoe Garcia
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.xZeeshan Khan
 
Securing Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud SecuritySecuring Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud SecurityWill Tran
 
Abusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-onsAbusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-onsAjin Abraham
 
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & InterfacesFI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfacescdanger
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-OnRavi Yasas
 
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperHacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperAjin Abraham
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...DevOps.com
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
Oauth 2.0 Security Considerations for Client Applications
Oauth 2.0 Security Considerations for Client ApplicationsOauth 2.0 Security Considerations for Client Applications
Oauth 2.0 Security Considerations for Client ApplicationsKasun Dharmadasa
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2axykim00
 
CloudStack Identity and Access Management (IAM)
CloudStack Identity and Access Management (IAM)CloudStack Identity and Access Management (IAM)
CloudStack Identity and Access Management (IAM)Min Chen
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Anil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil Saldanha
 

Mais procurados (20)

Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusion
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
 
Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...
 
CyberArk Impact 2017 - REST for the Rest of Us
CyberArk Impact 2017 - REST for the Rest of UsCyberArk Impact 2017 - REST for the Rest of Us
CyberArk Impact 2017 - REST for the Rest of Us
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.x
 
Securing Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud SecuritySecuring Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud Security
 
Abusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-onsAbusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-ons
 
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & InterfacesFI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-On
 
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperHacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - Whitepaper
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
 
Api security
Api security Api security
Api security
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 
Oauth 2.0 Security Considerations for Client Applications
Oauth 2.0 Security Considerations for Client ApplicationsOauth 2.0 Security Considerations for Client Applications
Oauth 2.0 Security Considerations for Client Applications
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 
CloudStack Identity and Access Management (IAM)
CloudStack Identity and Access Management (IAM)CloudStack Identity and Access Management (IAM)
CloudStack Identity and Access Management (IAM)
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
 
Anil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpractices
 

Semelhante a Adding Identity Management and Access Control to your Application - Exersices

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
Social Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectSocial Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectJames Melville
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Álvaro Alonso González
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionJavier Cerviño
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET CoreNETUserGroupBern
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE
 
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsDevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsAmazon Web Services
 
Spring Social - Messaging Friends & Influencing People
Spring Social - Messaging Friends & Influencing PeopleSpring Social - Messaging Friends & Influencing People
Spring Social - Messaging Friends & Influencing PeopleGordon Dickens
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE
 
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Will Tran
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2Sang Shin
 

Semelhante a Adding Identity Management and Access Control to your Application - Exersices (20)

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Social Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectSocial Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID Connect
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - Introduction
 
OAuth
OAuthOAuth
OAuth
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuth
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
Cloud Portal - Lesson 1. Introduction
Cloud Portal - Lesson 1. IntroductionCloud Portal - Lesson 1. Introduction
Cloud Portal - Lesson 1. Introduction
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsDevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
 
Spring Social - Messaging Friends & Influencing People
Spring Social - Messaging Friends & Influencing PeopleSpring Social - Messaging Friends & Influencing People
Spring Social - Messaging Friends & Influencing People
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
 
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 

Mais de Álvaro Alonso González

Curso AngularJS - 3. módulos y controladores
Curso AngularJS - 3. módulos y controladoresCurso AngularJS - 3. módulos y controladores
Curso AngularJS - 3. módulos y controladoresÁlvaro Alonso González
 
Lesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portalLesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portalÁlvaro Alonso González
 
Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Álvaro Alonso González
 
Cloud Portal - Lesson 2. Cloud Portal Overview
Cloud Portal - Lesson 2. Cloud Portal OverviewCloud Portal - Lesson 2. Cloud Portal Overview
Cloud Portal - Lesson 2. Cloud Portal OverviewÁlvaro Alonso González
 
Cloud Portal - Lesson 3. Launching an Instance
Cloud Portal - Lesson 3. Launching an InstanceCloud Portal - Lesson 3. Launching an Instance
Cloud Portal - Lesson 3. Launching an InstanceÁlvaro Alonso González
 
Setting Up your Cloud Environment using the FIWARE Lab Cloud Portal
Setting Up your Cloud Environment using the FIWARE Lab Cloud PortalSetting Up your Cloud Environment using the FIWARE Lab Cloud Portal
Setting Up your Cloud Environment using the FIWARE Lab Cloud PortalÁlvaro Alonso González
 

Mais de Álvaro Alonso González (17)

Curso AngularJS - 7. temas avanzados
Curso AngularJS - 7. temas avanzadosCurso AngularJS - 7. temas avanzados
Curso AngularJS - 7. temas avanzados
 
Curso AngularJS - 6. formularios
Curso AngularJS - 6. formulariosCurso AngularJS - 6. formularios
Curso AngularJS - 6. formularios
 
Curso AngularJS - 5. rutas
Curso AngularJS - 5. rutasCurso AngularJS - 5. rutas
Curso AngularJS - 5. rutas
 
Curso AngularJS - 4. filtros y servicios
Curso AngularJS - 4. filtros y serviciosCurso AngularJS - 4. filtros y servicios
Curso AngularJS - 4. filtros y servicios
 
Curso AngularJS - 3. módulos y controladores
Curso AngularJS - 3. módulos y controladoresCurso AngularJS - 3. módulos y controladores
Curso AngularJS - 3. módulos y controladores
 
Curso AngularJS - 1. introducción
Curso AngularJS - 1. introducciónCurso AngularJS - 1. introducción
Curso AngularJS - 1. introducción
 
Curso AngularJS - 2. conceptos básicos
Curso AngularJS - 2. conceptos básicosCurso AngularJS - 2. conceptos básicos
Curso AngularJS - 2. conceptos básicos
 
Lesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portalLesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portal
 
Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure
 
Keyrock - Lesson 1. Introduction
Keyrock - Lesson 1. IntroductionKeyrock - Lesson 1. Introduction
Keyrock - Lesson 1. Introduction
 
Cloud Portal - Lesson 5. Advanced tasks
Cloud Portal - Lesson 5. Advanced tasksCloud Portal - Lesson 5. Advanced tasks
Cloud Portal - Lesson 5. Advanced tasks
 
Cloud Portal - Lesson 4. Managing Storage
Cloud Portal - Lesson 4. Managing StorageCloud Portal - Lesson 4. Managing Storage
Cloud Portal - Lesson 4. Managing Storage
 
Cloud Portal - Lesson 2. Cloud Portal Overview
Cloud Portal - Lesson 2. Cloud Portal OverviewCloud Portal - Lesson 2. Cloud Portal Overview
Cloud Portal - Lesson 2. Cloud Portal Overview
 
Cloud Portal - Lesson 3. Launching an Instance
Cloud Portal - Lesson 3. Launching an InstanceCloud Portal - Lesson 3. Launching an Instance
Cloud Portal - Lesson 3. Launching an Instance
 
Primeros pasos con Docker
Primeros pasos con DockerPrimeros pasos con Docker
Primeros pasos con Docker
 
Introducción al Protocolo OAuth 2.0
Introducción al Protocolo OAuth 2.0Introducción al Protocolo OAuth 2.0
Introducción al Protocolo OAuth 2.0
 
Setting Up your Cloud Environment using the FIWARE Lab Cloud Portal
Setting Up your Cloud Environment using the FIWARE Lab Cloud PortalSetting Up your Cloud Environment using the FIWARE Lab Cloud Portal
Setting Up your Cloud Environment using the FIWARE Lab Cloud Portal
 

Último

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 

Último (20)

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 

Adding Identity Management and Access Control to your Application - Exersices

  • 1. Adding Identity Management and Access Control to your Application - Exercises Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso
  • 2. Exercises index (I) • Sec-1. Creating a FIWARE account • Sec-2. Managing organizations • Sec-3. Authorize a friend in your Cloud Org • Sec-4. Registering an application • Sec-5. Adding OAuth2 to your application (based on our Node.js template)
  • 3. Exercises index (I) • Sec-6. Adding OAuth2 to your application (using an OAuth2 library) • Sec-7. Adding OAuth2 to your application (Resource Owner Password Credentials Grant) • Sec-8. Securing your backend Authentication • Sec-9. Securing your backend Basic Authorization • Sec-10. Securing your backend Advanced Authorization
  • 4. Sec-1. Creating a FIWARE account • Prerequisite – To have an Internet connection  • Steps – Go to https://account.lab.fiware.org – Click in “Sign Up” – Fill your data – Confirm your account from the email confirmation • Hints – If you don’t receive the email confirmation… check your spam Easy
  • 5. Sec-2. Managing organizations • Prerequisite – To have a FIWARE account • Steps – Go to https://account.lab.fiware.org – Sign In – Create an Organization – Add members to it • Hints – To manage an organization you have to switch to it using the dropdown in the upper right corner. Easy
  • 6. Sec-3. Authorize a friend in your Cloud Org • Prerequisite – To have a FIWARE account (Trial or Community) • Steps – Go to https://account.lab.fiware.org – Sign In – Follow the instructions explained in the workshop • Hints – To manage an organization you have to switch to it using the dropdown in the upper right corner. Easy
  • 7. Sec-4. Registering an application • Prerequisite – To have a FIWARE account • Steps – Go to https://account.lab.fiware.org – Sign In – Register an application • Hints – You have to set: • URL: the url where your app will run • Callback URL: the url where Account Portal will redirect your users once authenticated Easy
  • 8. Sec-5 (1). Adding OAuth2 to your application (based on our Node.js template) • Prerequisites – To have an application registered in the Account Portal – To learn how OAuth2 works • Steps – Clone our demo example: • https://github.com/ging/oauth2-example-client – Follow the instructions in the README • You will find client_secret and client_id in the application detail: Easy
  • 9. Sec-5 (2). Adding OAuth2 to your application (based on our Node.js template) • Hints – Learn about OAuth2: • http://oauth.net/2/ – FIWARE Account flows: • http://es.slideshare.net/alvaroalonsogonzalez/id-m-andac – FIWARE Account OAuth2 docs • https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance – Advanced courses: • http://edu.fi-ware.org/course/view.php?id=79 • http://edu.fi-ware.org/course/view.php?id=63 Easy
  • 10. Sec-6. Adding OAuth2 to your application (using an OAuth2 library) • Prerequisite – To have an application registered in the Account Portal – To have your own application • Steps – Include an OAuth2 library in your app – Configure it using the OAuth credentials generated in the Account Portal – Follow the library instructions to use it • Hints – OAuth2 libraries • http://oauth.net/2/ Medium
  • 11. Sec-7. Adding OAuth2 to your application (Resource Owner Password Credentials Grant) • Prerequisite – To have an application registered in the Account Portal • Steps – Include an OAuth2 library in your app – Configure it using the OAuth credentials generated in the Account Portal – Follow the library instructions to use it with this grant type • Hints – OAuth2 libraries • http://oauth.net/2/ – FIWARE Account OAuth2 docs • https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance Medium
  • 12. Sec-8. Securing your backend Authentication • Prerequisite – To have a frontend app using OAuth and FIWARE Account – To have a REST-based backend service • Steps – Clone our PEP-Proxy Wilma • https://github.com/ging/fi-ware-pep-proxy – Configure it following the README • app_host and app_port are the coordinates of your backend REST API – Now your requests to your backend • Has to be sent to the proxy • Has to include “X-Auth-Token” header with the OAuth2 access token • Hints – Wilma docs • http://catalogue.fiware.org/enablers/pep-proxy-wilma Medium
  • 13. Sec-9. Securing your backend Basic Authorization • Prerequisite – To have a Wilma deployed on top of your backend • Steps – Enable the “check_permissions” option in Wilma’s config – Edit your application in Account Portal • Create a new role • Create a new permission with – HTTP action – GET, POST, PUT, DELETE – REST resource – the url of your resource • Assign the role to a user • Check the request in your App • Hints – AuthZForce docs • http://catalogue.fiware.org/enablers/authorization-pdp-authzforce Hard
  • 14. Sec-10. Securing your backend Advanced Authorization • Prerequisite – To have a Wilma deployed on top of your backend • Steps – Modify Wilma in order to manage XACML Requests • You can check request params such as body, headers… – Edit your application in Account Portal • Create a new role • Create a new permission with an advanced rule (XACML) • Assign the role to a user • Check the request in your App • Hints – AuthZForce docs • http://catalogue.fiware.org/enablers/authorization-pdp-authzforce – XACML • https://www.oasis-open.org/committees/xacml/ Hard
  • 15. Adding Identity Management and Access Control to your Application - Exercises Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso