To view recording of this webinar please use below URL:
http://wso2.com/library/webinars/2015/06/securing-the-unsecured-using-sso-and-xacml-to-protect-your-web-apps/
WSO2 App Manager provides a simple app management solution for both application developers and application users. This webinar will focus on how you can
Secure web applications and implement SSO between web applications
Use XACML policies for fine-grained security in web application resources
How to Troubleshoot Apps for the Modern Connected Worker
Securing the Unsecured: Using SSO and XACML to Protect Your Web Apps
1. Securing the Unsecured Using SSO
and XACML to Protect Web Apps
App Manager 1.0 .0
Dinusha Senanayaka
WSO2 App Manager Team
2. Why App Manager ?
2
100% Open Source,
under Apache 2
License
Policy-based
Authorization
Insights into App
Subscriptions &
Behaviors
Single-Sign-On (SSO)
across Web AppsUnified App Store
Central App
Management
(web & mobile)
Access Control based
on Organizational
User Roles
Leverages on proven components of WSO2:
- Analytics Platform - App Usage Statistics
- Security offering - Authentication, Authorization,
Federated Identity and SSO
- Enterprise Store - App Provisioning & Management
4. Single Sign-On between Web Apps
Pros for End User
◉ Do not have to memorize long list of passwords to access multiple applications
Pros for Application developers
◉ Do not have to worry about implementing security for Web Apps
◉ Can focus only developing Application business logic
Pros for Administrators
◉ Do not have to manage multiple user accounts for different applications
4
8. Two Type of Web Apps
◉ Non-secured web apps
◉ Already secured web apps
How to manage with App Manager ?
8
9. Secure Non-secured Web Apps Using
App Manager
◉ Just publish the web app in App Manager
9
10. Already secured Web Apps through
App Manager
◉ Need some modifications to be done on web App
◉ Could use JWT token or SAML response to identify the user
inside web app
10
11. JWT and SAML Token Headers
◉ Ways of sending authenticated user details to the backend
◉ Web app could either process JWT (Json) header or SAML Response (XML) header
to get user details
11
21. Summary
◉ How App Manager provides security (SSO) for Web Apps
◉ Non secured web apps
◉ Already secured web apps
◉ Federated Authentication for web apps using App Manager
◉ Fine grained authorization to web app resources using XACML
21