I) Add support for OAuth in CAS server
|
|
- Stuart Hoover
- 8 years ago
- Views:
Transcription
1 Table of contents I)Add support for OAuth in CAS server...2 II)How to add OAuth client support in CAS server?...3 A)Add dependency...3 B)Add the identity providers needed...3 C)Add the OAuth action in webflow...4 D)Add the principal resolver and the handler for OAuth authentication...5 E)Add links on the login page to authenticate on identity providers...5 III)Technical presentation of the OAuth client mode...6 A)Dependencies...6 1)Scribe )Jettison B)Classes & interfaces...6 1)OAuthAuthenticationHandler (org.jasig.cas.support.oauth.authentication.handler.support)...6 2)OAuthCredentials (org.jasig.cas.support.oauth.authentication.principal)...6 3)OAuthCredentialsToPrincipalResolver (org.jasig.cas.support.oauth.authentication.principal)...6 4)OAuthProvider (org.jasig.cas.support.oauth.provider)...7 5)BaseOAuthProvider (org.jasig.cas.support.oauth.provider)...7 6)BaseOAuth10Provider (org.jasig.cas.support.oauth.provider)...7 7)BaseOAuth20Provider (org.jasig.cas.support.oauth.provider)...7 8)CasWrapperProvider20 (org.jasig.cas.support.oauth.provider.impl)...7 9)FacebookProvider (org.jasig.cas.support.oauth.provider.impl) )GitHubProvider (org.jasig.cas.support.oauth.provider.impl) )GoogleProvider (org.jasig.cas.support.oauth.provider.impl) )LinkedInProvider (org.jasig.cas.support.oauth.provider.impl) )TwitterProvider (org.jasig.cas.support.oauth.provider.impl) )YahooProvider (org.jasig.cas.support.oauth.provider.impl) )OAuthAction (org.jasig.cas.support.oauth.web.flow) )CasWrapperApi20 (org.scribe.builder.api) )GitHubApi (org.scribe.builder.api)...8 IV)How to add OAuth server support in CAS server?...9 A)Add dependency...9 B)Add the OAuth20WrapperController...9 C)Add the needed CAS services...9 V)Technical presentation of the OAuth server mode...10 A)General...10 B)Classes & interfaces )OAuthConstants (org.jasig.cas.support.oauth) )OAuthUtils (org.jasig.cas.support.oauth) )BaseOAuthWrapperController (org.jasig.cas.support.oauth.web) )OAuth20WrapperController (org.jasig.cas.support.oauth.web) )OAuth20AuthorizeController (org.jasig.cas.support.oauth.web) )OAuth20CallbackAuthorizeController (org.jasig.cas.support.oauth.web) )OAuth20AccessTokenController (org.jasig.cas.support.oauth.web) )OAuth20ProfileController (org.jasig.cas.support.oauth.web)...12
2 I) Add support for OAuth in CAS server The cas-server-support-oauth module is made to add support for OAuth in CAS server. It allows two modes : CAS server can support OAuth protocol as an OAuth client : in this case, CAS authentication can be delegated to an identity provider like Facebook, GitHub, Google, LinkedIn, Twitter, Yahoo or even an another CAS server using OAuth wrapper CAS server can support OAuth protocol as an OAuth server : in this case, CAS uses the OAuth wrapper and acts as an OAuth server, communicating through OAuth protocol version 2.0 with OAuth clients.
3 II) How to add OAuth client support in CAS server? A) Add dependency First step is to add the dependency to the OAuth cas support module in the CAS server webapp pom.xml : <dependency> <groupid>org.jasig.cas</groupid> <artifactid>cas-server-support-oauth</artifactid> <version>${project.version}</version> </dependency> B) Add the identity providers needed An identity provider is an OAuth server which can authenticate user (like Google, Yahoo...) instead of CAS server. If you want to delegate the CAS authentication to Twitter for example, you have to add an identy provider for Twitter. All the identity providers must be declared in applicationcontext.xml : <bean id="facebook1" class="org.jasig.cas.support.oauth.provider.impl.facebookprovider"> <property name="name" value="facebook1" /> <property name="key" value="the_key_for_facebook1" /> <property name="secret" value="the_secret_for_facebook1" /> <bean id="twitter1" class="org.jasig.cas.support.oauth.provider.impl.twitterprovider"> <property name="name" value="twitter1" /> <property name="key" value="the_key_for_twitter1" /> <property name="secret" value="the_secret_for_twitter1" /> <bean id="google1" class="org.jasig.cas.support.oauth.provider.impl.googleprovider"> <property name="name" value="google1" /> <property name="key" value="anonymous" /> <property name="secret" value="anonymous" /> <bean id="yahoo1" class="org.jasig.cas.support.oauth.provider.impl.yahooprovider"> <property name="name" value="yahoo1" /> <property name="key" value="the_key_for_yahoo1" /> <property name="secret" value="the_secret_for_yahoo1" /> <bean id="linkedin1" class="org.jasig.cas.support.oauth.provider.impl.linkedinprovider">
4 <property name="name" value="linkedin1" /> <property name="key" value="the_key_for_linkedin1" /> <property name="secret" value="the_secret_for_linkedin1" /> <bean id="github1" class="org.jasig.cas.support.oauth.provider.impl.githubprovider"> <property name="name" value="github1" /> <property name="key" value="the_key_for_github1" /> <property name="secret" value="the_secret_for_github1" /> <bean id="caswrapper1" class="org.jasig.cas.support.oauth.provider.impl.caswrapperprovider20"> <property name="name" value="caswrapper1" /> <property name="key" value="the_key_for_caswrapper1" /> <property name="secret" value="the_secret_for_caswrapper1" /> <property name="serverurl" value=" /> For each identity provider, the CAS server is considered an OAuth client and therefore should be declared to the identity provider. After declaration, a key and a secret is given by the identity provider which has to be defined in the beans (the_key_for_xxx and the_secret_for_xxx values for key and secret properties). The loginurl property must be set to the login url of the CAS server. For the CAS OAuth wrapping, the serverurl property must be set to the OAuth wrapping url of the other CAS server which is using OAuth wrapping. C) Add the OAuth action in webflow In the login-webflow.xml file, the OAuthAction must be added at the beginning of the webflow. Its role is to intercept callback calls from identity providers (like Facebook, Twitter...) after OAuth authentication : <action-state id="oauthaction"> <evaluate expression="oauthaction" /> <transition on="success" to="sendticketgrantingticket" /> <transition on="error" to="ticketgrantingticketexistscheck" /> </action-state> This OAuthAction has to be defined in cas-servlet.xml with all the identity providers needed : <bean id="oauthaction" class="org.jasig.cas.support.oauth.web.flow.oauthaction"> <property name="centralauthenticationservice" ref="centralauthenticationservice" /> <property name="providers"> <list> <ref bean="facebook1" /> <ref bean="twitter1" /> <ref bean="google1" /> <ref bean="yahoo1" /> <ref bean="linkedin1" /> <ref bean="github1" /> <ref bean="caswrapper1" /> </list>
5 </property> This OAuthAction uses the centralauthenticationservice bean to play the CAS authentication and references all the identity providers. D) Add the principal resolver and the handler for OAuth authentication To be able to authenticate user in CAS server after OAuth authentication by the identity provider, you have to add an OAuthAuthenticationHandler in the list of authenticationhandlers in deployerconfigcontext.xml : <property name="authenticationhandlers"> <list> <bean class="org.jasig.cas.support.oauth.authentication.handler.support.oauthauthenti cationhandler"> <property name="providers"> <list> <ref bean="facebook1" /> <ref bean="twitter1" /> <ref bean="google1" /> <ref bean="yahoo1" /> <ref bean="linkedin1" /> <ref bean="github1" /> <ref bean="caswrapper1" /> </list> </property> </list> </property> And also add an OAuthCredentialsToPrincipalResolver in the list of credentialstoprincipalresolvers in the deployerconfigcontext.xml : <property name="credentialstoprincipalresolvers"> <list> <bean class="org.jasig.cas.support.oauth.authentication.principal.oauthcredentialstop rincipalresolver" /> </list> </property> E) Add links on the login page to authenticate on identity providers To start authentication on identity providers, links must be added on the login page casloginview.jsp (providername_authorizationurl are automatically created by the OAuthAction) : <a href="${facebook1_authorizationurl}">authenticate with Facebook</a> <br /> <br /> <a href="${twitter1_authorizationurl}">authenticate with Twitter</a><br /> <br /> <a href="${google1_authorizationurl}">authenticate with Google</a><br /> <br /> <a href="${yahoo1_authorizationurl}">authenticate with Yahoo</a><br /> <br /> <a href="${linkedin1_authorizationurl}">authenticate with LinkedIn</a><br />
6 <br /> <a href="${github1_authorizationurl}">authenticate with GitHub</a><br /> <br /> <a href="${caswrapper1_authorizationurl}">authenticate with another CAS server using OAuth v2.0 protocol wrapper</a><br /> <br /> III) Technical presentation of the OAuth client mode A) Dependencies 1) Scribe The Scribe library is used to communicate in OAuth protocol with identity providers (like Facebook...) 2) Jettison 1.3 The jettison library can parse JSON messages : it is used in some identity providers to read JSON profile and extract the identity of the user. B) Classes & interfaces 1) OAuthAuthenticationHandler (org.jasig.cas.support.oauth.authentication.handler.support) The OAuthAuthenticationHandler is in charge of authenticating a user based on OAuthCredentials credentials. The token and verifier from the credentials are used to get an access token in the OAuth protocol way and then the user identifier is retrieved with this access token. 2) OAuthCredentials (org.jasig.cas.support.oauth.authentication.principal) The OAuthCredentials stores the OAuth token, the OAuth verifier, the provider type, the provider name and the user identifier (after authentication). 3) OAuthCredentialsToPrincipalResolver (org.jasig.cas.support.oauth.authentication.principal) The OAuthCredentialsToPrincipalResolver creates a CAS identity for the OAuthCredentials which
7 is «the type of the provider # the user identifier». 4) OAuthProvider (org.jasig.cas.support.oauth.provider) The OAuthProvider interface defines the common contract, identity provider using OAuth protocol have to follow : get the name, get the authorization url, get the access token and get the user identifier. It's more or less the OAuth contract (provided by the Scribe library) and the an additionnal method to retrieve the user identifier (from a profile given by the identity provider). 5) BaseOAuthProvider (org.jasig.cas.support.oauth.provider) The BaseOAuthProvider is the base implementation for an identity provider using OAuth protocol. 6) BaseOAuth10Provider (org.jasig.cas.support.oauth.provider) The BaseOAuth10Provider is the common implementation for identity provider using OAuth protocol version ) BaseOAuth20Provider (org.jasig.cas.support.oauth.provider) The BaseOAuth20Provider is the common implementation for identity provider using OAuth protocol version ) CasWrapperProvider20 (org.jasig.cas.support.oauth.provider.impl) The CasWrapperProvider20 is the implementation for authenticating in a CAS server using the OAuth wrapper (extends BaseOAuth20Provider). 9) FacebookProvider (org.jasig.cas.support.oauth.provider.impl) The FacebookProvider is the implementation for authenticating with Facebook (extends BaseOAuth20Provider). 10)GitHubProvider (org.jasig.cas.support.oauth.provider.impl) The GitHubProvider is the implementation for authenticating with GitHub (extends BaseOAuth20Provider). 11)GoogleProvider (org.jasig.cas.support.oauth.provider.impl) The GoogleProvider is the implementation for authenticating with Google (extends BaseOAuth10Provider).
8 12)LinkedInProvider (org.jasig.cas.support.oauth.provider.impl) The LinkedInProvider is the implementation for authenticating with LinkedIn (extends BaseOAuth10Provider). 13)TwitterProvider (org.jasig.cas.support.oauth.provider.impl) The TwitterProvider is the implementation for authenticating with Twitter (extends BaseOAuth10Provider). 14)YahooProvider (org.jasig.cas.support.oauth.provider.impl) The YahooProvider is the implementation for authenticating with Yahoo (extends BaseOAuth10Provider). 15)OAuthAction (org.jasig.cas.support.oauth.web.flow) The OAuthAction is an action to add into the webflow, it's the first action to be declared. The webflow url (/login) is also the callback url after authentication in the identity provider. The OAuthAction plays two roles : if the login url is not callbacked by an identity provider, the action creates the authorization urls for the different providers and adds them to the request (to be used on the login page) if the login url is callbacked by an identity provider (meaning after authentication), the token and verifier are retrieved from request to create and OAuthCredentials and CAS authentication is done with this credentials. The CAS service is stored and retrieved from web session. 16)CasWrapperApi20 (org.scribe.builder.api) The CasWrapperApi20 is a Scribe implementation of an OAuth client using OAuth procotol v2.0 to authenticate in a CAS server using the OAuth wrapper. 17)GitHubApi (org.scribe.builder.api) The GitHubApi is a Scribe implementation of an OAuth client using OAuth procotol v2.0 to authenticate in GitHub. It should be integrated in a future release of Scribe.
9 IV)How to add OAuth server support in CAS server? A) Add dependency First step is to add the dependency to the OAuth cas support module in the CAS server webapp pom.xml : <dependency> <groupid>org.jasig.cas</groupid> <artifactid>cas-server-support-oauth</artifactid> <version>${project.version}</version> </dependency> B) Add the OAuth20WrapperController To add the OAuth20WrapperController, you need to add the mapping between the /oauth2.0/* url and the CAS servlet in the web.xml : <servlet-mapping> <servlet-name>cas</servlet-name> <url-pattern>/oauth2.0/*</url-pattern> </servlet-mapping> You have to create the controller itself in cas-servlet.xml : <bean id="oauth20wrappercontroller" class="org.jasig.cas.support.oauth.web.oauth20wrappercontroller" p:loginurl=" p:servicesmanager-ref="servicesmanager" p:ticketregistry-ref="ticketregistry" p:timeout="7200" /> The loginurl is the login url of the CAS server. The timeout is the lifetime of a CAS granting ticket (in seconds, not in millisecondes!) with its mapping in the handlermappingc bean (cas-servlet.xml) : <bean id="handlermappingc" class="org.springframework.web.servlet.handler.simpleurlhandlermapping"> <property name="mappings"> <props> <prop key="/logout">logoutcontroller</prop>... <prop key="/403.html">passthroughcontroller</prop> <prop key="/oauth2.0/*">oauth20wrappercontroller</prop> </props> </property> <property name="alwaysusefullpath" value="true" />
10 C) Add the needed CAS services One service is need to make the OAuth wrapper works in CAS. It defines the callback url after CAS authentication to return to the OAuth wrapper as a CAS service. A second service is necessary to register an OAuth client : the name and the description of the CAS service are the key and secret of the OAuth client. For each OAuth client, a CAS service needs to be added in configuration. For the in memory service registry, you add the two services in the deployerconfigcontext.xml : <bean id="serviceregistrydao" class="org.jasig.cas.services.inmemoryserviceregistrydaoimpl"> <property name="registeredservices"> <list> <bean class="org.jasig.cas.services.registeredserviceimpl"> <property name="id" value="0" /> <property name="name" value="http" /> <property name="description" value="oauth wrapper callback url" /> <property name="serviceid" value=" /> <bean class="org.jasig.cas.services.registeredserviceimpl"> <property name="id" value="1" /> <property name="name" value="the_key_for_caswrapper1" /> <property name="description" value="the_secret_for_caswrapper1" /> <property name="serviceid" value=" /> If you have one CAS server configured with the CasWrapperProvider20 (the client) to communicate with a CAS server wrapping OAuth 2.0 protocol (the server), you have the name and description of the service in CAS «server» matching the key and secret of the identity provider defined in the CAS «client» : <bean class="org.jasig.cas.services.registeredserviceimpl"> <property name="id" value="1" /> <property name="name" value="the_key_for_caswrapper1" /> <property name="description" value="the_secret_for_caswrapper1" /> <property name="serviceid" value=" /> <bean id="caswrapper1" class="org.jasig.cas.support.oauth.provider.impl.caswrapperprovider20"> <property name="name" value="caswrapper1" /> <property name="key" value="the_key_for_caswrapper1" /> <property name="secret" value="the_secret_for_caswrapper1" /> <property name="serverurl" value=" /> V) Technical presentation of the OAuth server mode A) General
11 To reply to OAuth calls, the CAS server has a specific controller (OAuth20WrapperController), listening on a specific url (for example : /oauth2.0/*). This wrapper delegates the authentication to the standard CAS authentication process (the callback is done by using a specific CAS service which is the callback url). It means that after being authenticated by the OAuth wrapped CAS server, the user is also authenticated in CAS. The OAuth codes generated on the «authorize» OAuth calls are in fact CAS service tickets and the OAuth access tokens generated on the «access token» OAuth calls are in fact granting tickets. OAuth client configurations are defined with CAS services : the key and secret of the OAuth clients have to be defined by the name and description of a CAS service to make OAuth client be «authorized» to use OAuth CAS server. B) Classes & interfaces 1) OAuthConstants (org.jasig.cas.support.oauth) The OAuthConstants interface defines all the constants needed by the OAuth protocol. 2) OAuthUtils (org.jasig.cas.support.oauth) The OAuthUtils gathers some usefull methods to output data in plain text or XML, add parameter in url... 3) BaseOAuthWrapperController (org.jasig.cas.support.oauth.web) The BaseOAuthWrapperController is the base controller for wrapping OAuth protocol in CAS. It finds the «method» to call according to the url. 4) OAuth20WrapperController (org.jasig.cas.support.oauth.web) The OAuth20WrapperController extends the BaseOAuthWrapperController : according to the «method» called, the request is delegated to the right sub controller or an error is responded. It's the main component for the wrapping of the OAuth protocol in CAS server. 5) OAuth20AuthorizeController (org.jasig.cas.support.oauth.web) The OAuth20AuthorizeController handles the «authorize» call in the OAuth protocol. It checks that the OAuth client_id is the name of a certain CAS service. It also checks that the OAuth redirect_uri parameter starts with the serviceid defined for this CAS service. It stores the redirect_uri in session and redirects the user to the CAS login page (the service is the callback url).
12 6) OAuth20CallbackAuthorizeController (org.jasig.cas.support.oauth.web) The OAuth20CallbackAuthorizeController is called after CAS authentication : its redirects the user to the originally redirect_uri with a code which is the CAS service ticket. 7) OAuth20AccessTokenController (org.jasig.cas.support.oauth.web) The OAuth20AccessTokenController handles the «access token» call in the OAuth protocol. It checks that the OAuth client_id is the name of a certain CAS service. It also checks that the OAuth redirect_uri parameter starts with the serviceid defined for this CAS service. It retrieves the description of this CAS service to validate that it matches the OAuth secret given. With the OAuth code which is a service ticket, it retrieves the granting tiket and replies with the granting ticket identifier as an OAuth access token. 8) OAuth20ProfileController (org.jasig.cas.support.oauth.web) The OAuth20ProfileController retrieves the identity of the user according to the access_token given (which is a granting ticket).
Axway API Gateway. Version 7.4.1
O A U T H U S E R G U I D E Axway API Gateway Version 7.4.1 3 February 2016 Copyright 2016 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.4.1
More informationOracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.4.0)
Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.4.0) July 2015 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.4.0) Copyright 1999, 2015, Oracle and/or its
More informationOAuth 2.0 Developers Guide. Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900
OAuth 2.0 Developers Guide Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900 Table of Contents Contents TABLE OF CONTENTS... 2 ABOUT THIS DOCUMENT... 3 GETTING STARTED... 4
More informationSocial Application Guide
Social Application Guide Version 2.2.0 Mar 2015 This document is intent to use for our following Magento Extensions Or any other cases it might help. Copyright 2015 LitExtension.com. All Rights Reserved
More informationACR Connect Authentication Service Developers Guide
ACR Connect Authentication Service Developers Guide Revision History Date Revised by Version Description 29/01/2015 Sergei Rusinov 1.0 Authentication using NRDR account Background The document describes
More informationSecurity and ArcGIS Web Development. Heather Gonzago and Jeremy Bartley
Security and ArcGIS Web Development Heather Gonzago and Jeremy Bartley Agenda Types of apps Traditional token-based authentication OAuth2 authentication User login authentication Application authentication
More informationFairsail REST API: Guide for Developers
Fairsail REST API: Guide for Developers Version 1.02 FS-API-REST-PG-201509--R001.02 Fairsail 2015. All rights reserved. This document contains information proprietary to Fairsail and may not be reproduced,
More informationLogin with other services to ASP.NET websites with TMS Cloud Pack for.net
Login with other services to ASP.NET websites with TMS Cloud Pack for.net Introduction Allowing users to identify using a login of a known big online service brings the advantage for the user to not have
More informationAuthenticate and authorize API with Apigility. by Enrico Zimuel (@ezimuel) Software Engineer Apigility and ZF2 Team
Authenticate and authorize API with Apigility by Enrico Zimuel (@ezimuel) Software Engineer Apigility and ZF2 Team About me Enrico Zimuel (@ezimuel) Software Engineer since 1996 PHP Engineer at Zend Technologies
More informationDeveloping Applications with Salesforce Chatter
Developing Applications with Salesforce Chatter Rakesh Gupta Sagar Pareek Chapter No. 5 "Understanding Chatter REST API" In this package, you will find: A Biography of the authors of the book A preview
More informationSecuring RESTful Web Services Using Spring and OAuth 2.0
Securing RESTful Web Services Using Spring and OAuth 2.0 1.0 EXECUTIVE SUMMARY While the market is hugely 1 accepting REST based architectures due to their light weight nature, there is a strong need to
More informationA detailed walk through a CAS authentication
Welcome! First of all, what is CAS? Web single sign on Uses federated authentication, where all authentication is done by the CAS server, instead of individual application servers The implementation is
More informationOAuth 2.0. Weina Ma Weina.Ma@uoit.ca
OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth protocol workflow Server-side web application flow Client-side web application flow What s the problem As the web grows, more
More informationCloud Elements ecommerce Hub Provisioning Guide API Version 2.0 BETA
Cloud Elements ecommerce Hub Provisioning Guide API Version 2.0 BETA Page 1 Introduction The ecommerce Hub provides a uniform API to allow applications to use various endpoints such as Shopify. The following
More informationUsing ArcGIS with OAuth 2.0. Aaron Parecki @aaronpk CTO, Esri R&D Center Portland
Using ArcGIS with OAuth 2.0 Aaron Parecki @aaronpk CTO, Esri R&D Center Portland Before OAuth Apps stored the user s password Apps got complete access to a user s account Users couldn t revoke access to
More informationOAuth: Where are we going?
OAuth: Where are we going? What is OAuth? OAuth and CSRF Redirection Token Reuse OAuth Grant Types 1 OAuth v1 and v2 "OAuth 2.0 at the hand of a developer with deep understanding of web security will likely
More informationDell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps
Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps May 2015 This guide includes: What is OAuth v2.0? What is OpenID Connect? Example: Providing OpenID Connect SSO to a Salesforce.com
More informationFrom Delphi to the cloud
From Delphi to the cloud Introduction Increasingly data and services hosted in the cloud become accessible by authenticated REST APIs for client applications, be it web clients, mobile clients and thus
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationContents. 2 Alfresco API Version 1.0
The Alfresco API Contents The Alfresco API... 3 How does an application do work on behalf of a user?... 4 Registering your application... 4 Authorization... 4 Refreshing an access token...7 Alfresco CMIS
More informationSpring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious
Spring Security 3 Secure your web applications against malicious intruders with this easy to follow practical guide Peter Mularien rpafktl Pen source cfb II nv.iv I I community experience distilled
More informationIBM WebSphere Application Server
IBM WebSphere Application Server OAuth 2.0 service provider and TAI 2012 IBM Corporation This presentation describes support for OAuth 2.0 included in IBM WebSphere Application Server V7.0.0.25. WASV70025_OAuth20.ppt
More informationSynology SSO Server. Development Guide
Synology SSO Server Development Guide THIS DOCUMENT CONTAINS PROPRIETARY TECHNICAL INFORMATION WHICH IS THE PROPERTY OF SYNOLOGY INCORPORATED AND SHALL NOT BE REPRODUCED, COPIED, OR USED AS THE BASIS FOR
More informationTable of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3
Open-Xchange Authentication & Session Handling Table of Contents 1.Introduction...3 2.System overview/implementation...4 2.1.Overview... 4 2.1.1.Access to IMAP back end services...4 2.1.2.Basic Implementation
More informationWebNow Single Sign-On Solutions
WebNow Single Sign-On Solutions Technical Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2015 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact,
More informationTraitware Authentication Service Integration Document
Traitware Authentication Service Integration Document February 2015 V1.1 Secure and simplify your digital life. Integrating Traitware Authentication This document covers the steps to integrate Traitware
More informationWeb 2.0 Lecture 9: OAuth and OpenID
Web 2.0 Lecture 9: OAuth and OpenID doc. Ing. Tomáš Vitvar, Ph.D. tomas@vitvar.com @TomasVitvar http://www.vitvar.com Leopold-Franzens Universität Innsbruck and Czech Technical University in Prague Faculty
More informationPierce County IT Department GIS Division Xuejin Ruan Dan King
Pierce County IT Department GIS Division Xuejin Ruan Dan King Web Application Work Flow Main Topics Authentication Authorization Session Management * Concurrent Session Management * Session Timeout Single
More informationManual. Netumo NETUMO HELP MANUAL WWW.NETUMO.COM. Copyright Netumo 2014 All Rights Reserved
Manual Netumo NETUMO HELP MANUAL WWW.NETUMO.COM Copyright Netumo 2014 All Rights Reserved Table of Contents 1 Introduction... 0 2 Creating an Account... 0 2.1 Additional services Login... 1 3 Adding a
More informationLogin with Amazon. Developer Guide for Websites
Login with Amazon Developer Guide for Websites Copyright 2014 Amazon Services, LLC or its affiliates. All rights reserved. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.
More informationSalesforce Integration User Guide Version 1.1
1 Introduction Occasionally, a question or comment in customer community forum cannot be resolved right away by a community manager and must be escalated to another employee via a CRM system. Vanilla s
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationSalesforce Opportunities Portlet Documentation v2
Salesforce Opportunities Portlet Documentation v2 From ACA IT-Solutions Ilgatlaan 5C 3500 Hasselt liferay@aca-it.be Date 29.04.2014 This document will describe how the Salesforce Opportunities portlet
More informationModule - Facebook PS Connect
Module - Facebook PS Connect Operation Date : October 10 th, 2013 Business Tech Installation & Customization Service If you need assistance, we can provide you a full installation and customization service
More informationNetwork Security OAuth
Network Security OAuth Parma, May 28th, 2013 Online Services and Private Data The evolution of online services, such as social networks, has had a huge impact on the amount of data and personal information
More informationScritto da Administrator Lunedì 02 Gennaio 2012 09:27 - Ultimo aggiornamento Lunedì 02 Gennaio 2012 17:52
If you want a website that communicate directly with Twitter, sending an update status message on a Twitter account or retrieving all the information that you want from that account, you must use an authentication
More informationSETTING UP YOUR JAVA DEVELOPER ENVIRONMENT
SETTING UP YOUR JAVA DEVELOPER ENVIRONMENT Summary This tipsheet describes how to set up your local developer environment for integrating with Salesforce. This tipsheet describes how to set up your local
More informationForce.com REST API Developer's Guide
Force.com REST API Developer's Guide Version 35.0, Winter 16 @salesforcedocs Last updated: December 10, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark
More informationAdministering Jive Mobile Apps
Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Native Apps and Push Notifications...4 Custom App Wrapping for ios... 5 Native
More informationLogin with Amazon. Getting Started Guide for Websites. Version 1.0
Login with Amazon Getting Started Guide for Websites Version 1.0 Login with Amazon: Getting Started Guide for Websites Copyright 2016 Amazon Services, LLC or its affiliates. All rights reserved. Amazon
More informationUSING FEDERATED AUTHENTICATION WITH M-FILES
M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication
More informationHow To Use Kiteworks On A Microsoft Webmail Account On A Pc Or Macbook Or Ipad (For A Webmail Password) On A Webcomposer (For An Ipad) On An Ipa Or Ipa (For
GETTING STARTED WITH KITEWORKS DEVELOPER GUIDE Version 1.0 Version 1.0 Copyright 2014 Accellion, Inc. All rights reserved. These products, documents, and materials are protected by copyright law and distributed
More informationConfiguration Guide - OneDesk to SalesForce Connector
Configuration Guide - OneDesk to SalesForce Connector Introduction The OneDesk to SalesForce Connector allows users to capture customer feedback and issues in OneDesk without leaving their familiar SalesForce
More informationSAML and OAUTH comparison
SAML and OAUTH comparison DevConf 2014, Brno JBoss by Red Hat Peter Škopek, pskopek@redhat.com, twitter: @pskopek Feb 7, 2014 Abstract SAML and OAuth are one of the most used protocols/standards for single
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationOAuth. Network Security. Online Services and Private Data. A real-life example. Material and Credits. OAuth. OAuth
Network Security Dr. Ing. Simone Cirani Parma, May 28th, 2013 Online Services and Private Data The evolution of online services, such as social networks, has had a huge impact on the amount of data and
More informationOAuth 2.0: Theory and Practice. Daniel Correia Pedro Félix
OAuth 2.0: Theory and Practice Daniel Correia Pedro Félix 1 whoami Daniel Correia Fast learner Junior Software Engineer Passionate about everything Web-related Currently working with the SAPO SDB team
More informationTalend Component tgoogleanalyticsmanagement
Talend Component tgoogleanalyticsmanagement Purpose This component addresses the needs of gathering Google Analytics data for a large number of profiles and fine-grained detail data. To prepare the queries
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationOAuth2lib. http://tools.ietf.org/html/ietf-oauth-v2-10 implementation
OAuth2lib http://tools.ietf.org/html/ietf-oauth-v2-10 implementation 15 Julio 2010 OAuth2 - Assertion Profile Library! 3 Documentation! 4 OAuth2 Assertion Flow! 4 OAuth Client! 6 OAuth Client's Architecture:
More informationitds OAuth Integration Paterva itds OAuth Integration Building and re-using OAuth providers within Maltego 2014/09/22
Paterva itds OAuth Integration itds OAuth Integration Building and re-using OAuth providers within Maltego AM 2014/09/22 Contents Maltego OAuth Integration... 3 Introduction... 3 OAuth within the Maltego
More informationIdentity Management with Spring Security. Dave Syer, VMware, SpringOne 2011
Identity Management with Spring Security Dave Syer, VMware, SpringOne 2011 Overview What is Identity Management? Is it anything to do with Security? Some existing and emerging standards Relevant features
More informationJVA-122. Secure Java Web Development
JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard
More informationEHR OAuth 2.0 Security
Hospital Health Information System EU HIS Contract No. IPA/2012/283-805 EHR OAuth 2.0 Security Final version July 2015 Visibility: Restricted Target Audience: EHR System Architects EHR Developers EPR Systems
More informationDevice Token Protocol for Persistent Authentication Shared Across Applications
Device Token Protocol for Persistent Authentication Shared Across Applications John Trammel, Ümit Yalçınalp, Andrei Kalfas, James Boag, Dan Brotsky Adobe Systems Incorporated, 345 Park Avenue, San Jose,
More informationSpring Security SAML module
Spring Security SAML module Author: Vladimir Schäfer E-mail: vladimir.schafer@gmail.com Copyright 2009 The package contains the implementation of SAML v2.0 support for Spring Security framework. Following
More informationImplementing CAS. Adam Rybicki. 2010 Jasig Conference, San Diego, CA March 7, 2010
Implementing CAS Adam Rybicki 2010 Jasig Conference, San Diego, CA March 7, 2010 Copyright Unicon, Inc., 2009. This work is the intellectual property of Unicon, Inc. Permission is granted for this material
More informationGetting Started Guide for Developing tibbr Apps
Getting Started Guide for Developing tibbr Apps TABLE OF CONTENTS Understanding the tibbr Marketplace... 2 Integrating Apps With tibbr... 2 Developing Apps for tibbr... 2 First Steps... 3 Tutorial 1: Registering
More informationFacebook - Twitter - Google +1 all in one plugin for Joomla enable "Twitter button", "Google +1
Facebook - Twitter - Google +1 all in one plugin for Joomla enable "Twitter button", "Google +1 button ", Facebook " Like button ", the Facebook " Share This button ", the Facebook " Comment Box ", the
More informationForumbee Single Sign- On
Forumbee Single Sign- On What is Single Sign- On? In basic terms, Single Sign- On (SSO) allows users of your web site to log into your Forumbee community automatically, without needing to sign up and create
More informationSafewhere*Identify 3.4. Release Notes
Safewhere*Identify 3.4 Release Notes Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations.
More informationTable of contents. Jasig CAS support for the Spring Security plugin.
Table of contents Jasig CAS support for the Spring Security plugin. 1 Spring Security ACL Plugin - Reference Documentation Authors: Burt Beckwith Version: 1.0.4 Table of Contents 1 Introduction 1.1 History
More informationWildFly in Oracle okolje
WildFly in Oracle okolje Integracija aplikacij z obstoječo infrastrukturo Predavatelj: Urh Srečnik Software Architect @ Abakus Plus d.o.o. Abakus Plus d.o.o. Applications Special
More informationIntegrating Multi-Factor Authentication into Your Campus Identity Management System
Integrating Multi-Factor Authentication into Your Campus Identity Management System Mike Grady, Unicon David Walker, Internet2 (both associated with the Internet2 Scalable Privacy Project) Agenda Multi-Context
More informationCreating federated authorisation
Creating federated authorisation for a Django survey application Ed Crewe Background - the survey application Federated authorisation What do I mean by this? 1. Users login at a third party identity provider
More informationIntegration Overview. Web Services and Single Sign On
Integration Overview Web Services and Single Sign On Table of Contents Overview...3 Quick Start 1-2-3...4 Single Sign-On...6 Background... 6 Setup... 6 Programming SSO... 7 Web Services API...8 What is
More informationSecuring WebFOCUS A Primer. Bob Hoffman Information Builders
Securing WebFOCUS A Primer Bob Hoffman Information Builders 1 Agenda Gain an understanding of the WebFOCUS Architecture Where can security be implemented? Review the internal WebFOCUS repository and resource
More informationOpenID Single Sign On and OAuth Data Access for Google Apps. Ryan Boyd @ryguyrg Dave Primmer May 2010
OpenID Single Sign On and OAuth Data Access for Google Apps Ryan Boyd @ryguyrg Dave Primmer May 2010 Why? View live notes and questions about this session on Google Wave: http://bit.ly/magicwave Agenda
More informationMYOB EXO BUSINESS WHITE PAPER
MYOB EXO BUSINESS WHITE PAPER Social Media in MYOB EXO Business EXO BUSINESS MYOB ENTERPRISE SOLUTIONS Contents Introduction... 3 How Social Media Integration Works... 3 The Authentication Process... 3
More informationvcommander will use SSL and session-based authentication to secure REST web services.
vcommander REST API Draft Proposal v1.1 1. Client Authentication vcommander will use SSL and session-based authentication to secure REST web services. 1. All REST API calls must take place over HTTPS 2.
More informationSAP HANA Cloud Platform Security Tutorial Securing your Web API with OAuth 2.0
Securing your Web API with OAuth 2.0 TABLE OF CONTENTS INTRODUCTION TO OAUTH 2.0... 3 OAuth Protocol... 4 Delegated Authentication... 6 Why OAuth?... 7 BUSINESS SCENARIO... 7 Mobile use case... 8 Integration
More informationOffice365Mon Developer API
Office365Mon Developer API Office365Mon provides a set of services for retrieving report data, and soon for managing subscriptions. This document describes how you can create an application to programmatically
More informationQlik REST Connector Installation and User Guide
Qlik REST Connector Installation and User Guide Qlik REST Connector Version 1.0 Newton, Massachusetts, November 2015 Authored by QlikTech International AB Copyright QlikTech International AB 2015, All
More informationCloud to Cloud Integrations with Force.com. Sandeep Bhanot Developer Evangelist @cloudysan
Cloud to Cloud Integrations with Force.com Sandeep Bhanot Developer Evangelist @cloudysan Safe Harbor Salesforce.com Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This
More informationPrepared by Enea S.Teresa (Italy) Version 1.0 2006-October 24
Mersea Information System: an Authentication and Authorization System to access distributed oceanographic data. Prepared by Enea S.Teresa (Italy) Version 1.0 2006-October 24 Revision History Date Version
More informationAdministering Jive for Outlook
Administering Jive for Outlook TOC 2 Contents Administering Jive for Outlook...3 System Requirements...3 Installing the Plugin... 3 Installing the Plugin... 3 Client Installation... 4 Resetting the Binaries...4
More informationAdd Microsoft Azure as the Federated Authenticator in WSO2 Identity Server
Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server This blog will explain how to use Microsoft Azure as a Federated Authenticator for WSO2 Identity Server 5.0.0. In this example
More informationSpring Security CAS Plugin - Reference Documentation. Burt Beckwith. Version 3.0.0.M1
Spring Security CAS Plugin - Reference Documentation Burt Beckwith Version 3.0.0.M1 Table of Contents 1. Introduction to the Spring Security CAS Plugin.................................................
More informationA Standards-based Mobile Application IdM Architecture
A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted
More informationCloud Help for Community Managers...3. About Jive Anywhere...4. Jive Anywhere System Requirements...5. Managing Jive Anywhere...6
Anywhere Contents 2 Contents Cloud Help for Community Managers...3 About Jive Anywhere...4 Jive Anywhere System Requirements...5 Managing Jive Anywhere...6 Installing the Extended API JAR File...6 Post-Installation
More informationLecture Notes for Advanced Web Security 2015
Lecture Notes for Advanced Web Security 2015 Part 6 Web Based Single Sign-On and Access Control Martin Hell 1 Introduction Letting users use information from one website on another website can in many
More informationMcAfee One Time Password
McAfee One Time Password Integration Module Outlook Web App 2010 Module version: 1.3.1 Document revision: 1.3.1 Date: Feb 12, 2014 Table of Contents Integration Module Overview... 3 Prerequisites and System
More informationios Cloud Development FOR Neal Goldstein WILEY John Wiley & Sons, Inc.
ios Cloud Development FOR by Neal Goldstein WILEY John Wiley & Sons, Inc. Table of Contents Introduction 1 About This Book 3 Conventions Used in This Book 3 Foolish Assumptions 4 How This Book Is Organized
More informationSingle Sign-On Research and Expansion Based On CAS
Send Orders for Reprints to reprints@benthamscience.ae 200 The Open Cybernetics & Systemics Journal, 2014, 8, 200-207 Single Sign-On Research and Expansion Based On CAS Open Access Fang Yinglan *, Jin
More informationCA Nimsoft Service Desk
CA Nimsoft Service Desk Configure Outbound Web Services 7.13.7 Legal Notices Copyright 2013, CA. All rights reserved. Warranty The material contained in this document is provided "as is," and is subject
More informationMid-Project Report August 14 th, 2012. Nils Dussart 0961540
Mid-Project Report August 14 th, 2012 Nils Dussart 0961540 CONTENTS Project Proposal... 3 Project title... 3 Faculty Advisor... 3 Project Scope and Individual Student Learning Goals... 3 Proposed Product
More informationAfter many years we are happy to create a new social plugin with a great potential.
After many years we are happy to create a new social plugin with a great potential. The Compago Social Share is created for Joomla 3.1 and it will let you share your contents on the most used social network:
More informationExam Name: Test284,IBM WbS.DataPower SOA
Exam Code: 000-284 Exam Name: Test284,IBM WbS.DataPower SOA Appliances, Firmware V3.6.0 Vendor: IBM Version: DEMO Part: A 1: A company requires the transformation of a CSV (comma-separated values) file
More informationINTEGRATION GUIDE. DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationUnlocking the Secrets of Alfresco Authentication. Mehdi BELMEKKI,! Consultancy Team! Alfresco!
Unlocking the Secrets of Alfresco Authentication Mehdi BELMEKKI,! Consultancy Team! Alfresco! Agenda Introduction! Talk objectives! Repository Authentication! Share Authentication! External Authentication!
More informationEnterprise Access Control Patterns For REST and Web APIs
Enterprise Access Control Patterns For REST and Web APIs Francois Lascelles Layer 7 Technologies Session ID: STAR-402 Session Classification: intermediate Today s enterprise API drivers IAAS/PAAS distributed
More informationWelcome to Spring Forward 2006. www.springforward2006.com September 26, 2006 Penn State Great Valley
Welcome to Spring Forward 2006 Securing Your Applications with CAS and Acegi Dmitriy Kopylenko Application Developer Architecture & Framework Rutgers University Scott Battaglia Application Developer Enterprise
More informationDocument Digital Signature
Supplier handbook Software Configuration for Digital Signature and Timestamp to certificate-based signature Document objectives and structure The document aims to support suppliers during the following
More informationEPB Managed Wi-Fi Creating Social Media Apps with AirTight Guest Manager
EPB Managed Wi-Fi Creating Social Media Apps with AirTight Guest Manager EPB s Managed Wi-Fi solution allows you to create social media integration with your new guest manager. This functionality allows
More informationOwner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG How to use SQL Server 2008 Express Reporting Services Abstract In this
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is
More informationAnalysis and Implementation of a SSO Solution for Several Web Portal
Aalto University Bachelor s Thesis Analysis and Implementation of a SSO Solution for Several Web Portal Author: Xavi Magrinyà Supervisor: Professor Petri Vuorimaa A Thesis submitted in fulfilment of the
More informationWhite Paper March 1, 2005. Integrating AR System with Single Sign-On (SSO) authentication systems
White Paper March 1, 2005 Integrating AR System with Single Sign-On (SSO) authentication systems Copyright 2005 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service
More informationOAuth Use Cases. George Fletcher, Torsten Lodderstedt, Zachary Zeltsan. November 2011
OAuth Use Cases George Fletcher, Torsten Lodderstedt, Zachary Zeltsan November 2011 Outline Why use cases? Present set in the draft draft-zeltsan-oauth-use-cases-02 by George Fletcher (gffletch@aol.com),
More information