THE NEW DIGITAL EXPERIENCE

Similar documents
THE NEW DIGITAL EXPERIENCE

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Administering Jive Mobile Apps

Customize Mobile Apps with MicroStrategy SDK: Custom Security, Plugins, and Extensions

Secure the Web: OpenSSO

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Egnyte Single Sign-On (SSO) Installation for OneLogin

A Standards-based Mobile Application IdM Architecture

G Cloud 6 CDG Service Definition for Forgerock Software Services

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Building Secure Applications. James Tedrick

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

nexus Hybrid Access Gateway

An Oracle White Paper Dec Oracle Access Management Security Token Service

Mobile Security. Policies, Standards, Frameworks, Guidelines

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

SAML-Based SSO Solution

Flexible Identity Federation

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

Access Management Analysis of some available solutions

Onegini Token server / Web API Platform

Crawl Proxy Installation and Configuration Guide

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation

Workday Mobile Security FAQ

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

How Oracle MAF & Oracle Mobile Cloud can Accelerate Mobile App Development

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u

Novell Access Manager

MOBILIZING ORACLE APPLICATIONS ERP. An Approach for Building Scalable Mobility Solutions. A RapidValue Solutions Whitepaper

Oracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

HOL9449 Access Management: Secure web, mobile and cloud access

Getting Started with AD/LDAP SSO

Setup Guide Access Manager 3.2 SP3

Oracle Access Manager. An Oracle White Paper

CA SOA Security Manager

Extending Oracle Applications on Mobile Using Oracle MAF and Oracle Mobile Security

An Oracle White Paper December Access Manager for Oracle Access Management 11gR2 PS2

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.

Integrating WebPCM Applications into Single Sign On (SSO) Tom Schaefer Better Software Solutions, Inc. UN 4023 V

Agenda. How to configure

A detailed walk through a CAS authentication

OAuth 2.0 Developers Guide. Ping Identity, Inc th Street, Suite 100, Denver, CO

Interwise Connect. Working with Reverse Proxy Version 7.x

OpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

How To Use Salesforce Identity Features

Take Your Rocket U2 Apps Mobile with Rocket LegaSuite. Greg Mummah, Product Manager Rocket Software

Centrify Mobile Authentication Services

Identity Implementation Guide

SAML 2.0 SSO Deployment with Okta

JVA-122. Secure Java Web Development

Using SAML for Single Sign-On in the SOA Software Platform

Multi Factor Authentication API

Gateway Apps - Security Summary SECURITY SUMMARY

Configuring Single Sign-on for WebVPN

APIs The Next Hacker Target Or a Business and Security Opportunity?

TrustedX - PKI Authentication. Whitepaper

Building Cross Platform Mobile Apps Dev Tools, MBaaS, Architecture, APIs

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo

Kerberos and Single Sign On with HTTP

Taylor & Francis Online Mobile FAQs

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

API-Security Gateway Dirk Krafzig

PingFederate. IWA Integration Kit. User Guide. Version 3.0

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

The increasing popularity of mobile devices is rapidly changing how and where we

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Integration Overview. Web Services and Single Sign On

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

From centralized to single sign on

Oracle Access Management 11gR2 ( x) Frequently Asked Questions (FAQ)

An Overview of Samsung KNOX Active Directory and Group Policy Features

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Business mail 1 MS OUTLOOK CONFIGURATION... 2

Single Sign On. SSO & ID Management for Web and Mobile Applications

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

Single Sign-on (SSO) technologies for the Domino Web Server

Web Applications Access Control Single Sign On

Kony Mobile Application Management (MAM)

Configuration Guide. BES12 Cloud

How To Use Saml 2.0 Single Sign On With Qualysguard

Single Sign On In A CORBA-Based

From the Intranet to Mobile. By Divya Mehra and Stian Thorgersen

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

tibbr Now, the Information Finds You.

The Role of Federation in Identity Management

Introduction to SAML

esoc SSA DC-I Part 1 - Single Sign-On and Access Management ICD

Providing Single Signon (SSO) with Enterprise Identity Services and Directory Integration

Oracle White Paper December Mobility for Oracle Applications using Fusion Middleware

Administering Jive for Outlook

Transcription:

steffo.weber@oracle.com SECURING THE NEW DIGITAL EXPERIENCE Dr Steffo Weber, Oracle BridgFilling the UX gap for mobile enterprise applications. May,-2014 Latest Entries Protecting IDPs from malformed SAML requests Read more Write secure code, don t write security code. Read more Fine-grained authorization and XACML. Read more Tuning the industry s most trusted directory server. Read more Hands-On SOA and Web Security. Read more Harnessing Sun s OpenSSO Authentication and Authorization. Read more

Overview Motivation Foundation Experience What for? UI vs UX vs Security Channels WebSSO limits OAuth XCode How long? How complicated? Alternatives

M Motivation Importance of mobile access management

The UX gap varies depending on your objectives UX Success Factors courtesy of Jar Creative (http://www.slideshare.net/ jarcreative/jar-ux-10elements)

Motivation Evolution of UX Pro Prosumer Consumer Information & Data Design Graphical UI User Experienced Design

Motivation Why UX is not UI Touchscreen with GUI Application (MVC) Background Services (REST)

Motivation Some findings (hypothesis first) 13.6 million tablets shipped to enterprises (2011) 96.3 million tablets shipped to enterprises (2016) Mobile Apps. What Consumers really want (Compuware) http://www.mobilestatistics.com/mobile-news/the-rise-of-the-enterprise-tablet.aspx

Motivation Some findings (hypothesis first) 85% prefer mobile apps over mobile websites 79% will not retry an app if the failed once or twice 48% will delete an app if it is too slow Mobile Apps. What Consumers really want (Compuware) http://www.mobilestatistics.com/mobile-news/the-rise-of-the-enterprise-tablet.aspx

Consumer Don't make me think.

Consumer Now what the relationship to identity? Why can't I use Facebook/Twitter login?

Buying process and corresponding identity. Recognition 1.Problem/Need 2.Information Search of Alternatives 3.Evaluation 4.Purchase Decision 5.Post-purchase Behaviour? Social ID Social ID Web Trail Social ID Web Trail Address Billing Rel Social ID Web Trail Address Billing Rel Customer ID This is where real identity comes into play.

Customer Loyalty UX Security CRM

Customer Loyalty Advice: all channels are equal. mobile sites, mobile apps, Cookies, web SSO Multiple apps traditional channels. Cookies, web SSO

Customer Loyalty Advice: all channels are equal. WebSSO Access Management (WAM) Mobile Access Management ios built-in Kerberos/mobile VPN

Customer Loyalty Advice: all channels are equal. Unified Access Management

Φ Foundation How to achieve SSO for multiple apps?

WebSSO (recap) If you want to download oracle download

WebSSO (recap) you have to log on; sign-in first

WebSSO (recap) and you re logged on site-wide. support

SSO for mobile apps A challenge.

Options What you _can_ do. Store credentials Use ios builtin Kerberos Embedded browser (HTML-5 apps) Adopt real SSO protocols (OAuth, Open ID Connect, SAML ) Inject security services into unsigned apps (mobile app management)

Analysis New security situation. In a browser world, we don t access services layers directly. Presentation Layer Business/ Services Layer Data Layer Accessing the services layer from untrusted devices exposes new risks. iphone is the new presention layer No trust between ext DMZ and service zone.

Mobile SSO Three issues to solve. Token store we have to simulate a cookie cache ideally part of mobile OS but isn t Account for different services different tokens for different services Inter-process communication Adopting OAuth buying tickets for different concerts with the same credit card Token insertion mechanism magically sending a token with a REST request Providing REST libraries

Foundation OAuth concepts one user token vs. multiple access tokens

Foundation Ok, here comes OAuth ios/andoid App SSO Agent Mobile & Social REST WebService User starts App A Who is the SSO Agent on this iphone? You can reach it via URL scheme agent:// B C agent://<get access token> If user has not been authn, present login dialog and request user token. D1 If user token is present, get access token for app/service. D2 F Issue access token Forward access token E2 Make REST call using libidmmobilesdk. Access token is inserted automatically by SDK E1

Foundation All channels are equal. Service REST, SOAP, etc Oracle Access Manager Mobile & Social HTTP Call (intercepted) check for cookies check for JWT GET http://oracle:7777/hello/steffo User-Agent:OIC-Authentication Authorization: OAM-Auth rcfpxhcf1eywcq

Foundation Access management architecture. Objective C Java RESTful Identity Services (CRUD, AuthN/Z, Token Services) Oracle Access Management Services libmobile Classical WebSSO REST/JSON/JWT/OAuth WebGate API Gateway w Mobile & Social Access Manager Adaptive Access Manager Entitlements Server (OpenAZ, XACML) Directory Services (LDAP) XACML/OpenAZ Oracle Service Bus OWSM (WS-Sec) Legacy Services SOAP-WS

Foundation Import libidmmobilesdk.a

Foundation Register a URL scheme

Foundation SSO relevant code in ios app #import "IDMMobileSDK.h" /* we have @property (nonatomic,retain) OMMobileSecurityService *mobileservices; from header */! - (void)connecttooicserverandsetup { OMMobileSecurityService *mss = [[OMMobileSecurityService alloc] initwithurl:self.oicurl // e.g. http://token.net:14100/ appname:self.applicationname // e.g. SampleApp or Art domain:self.oicservicedomainname // e.g. MagServiceDomain delegate:self]; self.mobileservices = mss; UIBarButtonItem *rightbutton = [[UIBarButtonItem alloc] initwithtitle:@"login" style:uibarbuttonitemstylebordered target:self action:@selector(dologin:)]; }! - (IBAction)doLogin:(id)object {.. NSError *error = nil; error = [self.mobileservices startauthenticationprocess:nil presenterviewcontroller:self];}! - (void)didfinishauthentication:(omauthenticationcontext *)context error:(nserror *)error {... username = context.username; } Initialize app & load profile from central server Login button & event config Event handler

E Experience How long? How complex?

Experience How long did it take? Good Easy ios integration (SSO is transparent to the developer) Complete service protection No hazzle with Apple app store Suggested enhancements Currently uses old app delegate pattern

Experience How long did it take? 2 4 daysoracle Access Manager Mobile & Social 0.5-1 day 0.5-1 day 1 day

Σ Mobile SSO increases usability and customer loyalty OAuth eco-system can transform WebSSO into mobile SSO Don t think channel and avoid silos.

Identity Culture http://flip.it/caxra!! Will IoT be the new mobile?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information