Orange Authentication API Using Liberty s SAML Simple Sign Binding

Similar documents
This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

How to create a SP and a IDP which are visible across tenant space via Config files in IS

Getting Started with AD/LDAP SSO

IBM WebSphere Application Server

SAM Context-Based Authentication Using Juniper SA Integration Guide

TIB 2.0 Administration Functions Overview

SAML SSO Configuration

Flexible Identity Federation

Identity Management and Operator Perspectives

Alfresco Share SAML. 2. Assert user is an IDP user (solution for the Security concern mentioned in v1.0)

T his feature is add-on service available to Enterprise accounts.

SAML Single-Sign-On (SSO)

Authentication Integration

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

SAML Authentication Quick Start Guide

Agenda. How to configure

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Disclaimer. SAP 2008 / SAP TechEd 08 / SIM202 / Page 2

Web Based Single Sign-On and Access Control

Egnyte Single Sign-On (SSO) Installation for OneLogin

Enhancing Web Application Security

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

OpenLogin: PTA, SAML, and OAuth/OpenID

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo

This way, Bluewin will be able to offer single sign-on for service providers within the circle.

Single Sign-On Implementation Guide

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

SAML Security Option White Paper

Using SAML for Single Sign-On in the SOA Software Platform

Okta Identity Management for Portals Built on Salesforce.com. An Architecture Review. Okta Inc. 301 Brannan Street San Francisco, CA 94107

DocuSign Information Guide. Single Sign On Functionality. Overview. Table of Contents

SAP Cloud Identity Service Document Version: SAP Cloud Identity Service

ACTIVID APPLIANCE AND MICROSOFT AD FS

Deltek Touch Time & Expense for GovCon. User Guide for Triumph

Leveraging SAML for Federated Single Sign-on:

The Role of Identity Enabled Web Services in Cloud Computing

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

SAML Authentication with BlackShield Cloud

PassKey Manager. Schoolwires Centricity

Siebel CRM On Demand Single Sign-On. An Oracle White Paper December 2006

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

Federated Identity Management Solutions

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

OpenID Deutsche telekom. Dr. Torsten Lodderstedt, Deutsche Telekom AG

Identity Implementation Guide

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

Integration Guide. SafeNet Authentication Service. Using SAS with Web Application Proxy. Technical Manual Template

SAML and OAUTH comparison

How To Get A Better Price For Your Phone In Orange (European)

CREDENTIAL MANAGER IN WINDOWS 7

Information Technology User Guide Office 365 ProPlus

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Lecture Notes for Advanced Web Security 2015

Single Sign On for ShareFile with NetScaler. Deployment Guide

Single Sign On for ZenDesk with NetScaler. Deployment Guide

Microsoft Office 365 Using SAML Integration Guide

Egnyte Single Sign-On (SSO) Installation for Okta

Google Apps Deployment Guide

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

SAML single sign-on configuration overview

Single Sign-On Implementation Guide

Single Sign On for Google Apps with NetScaler. Deployment Guide

OIOSAML 2.0 Toolkits Test results May 2009

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

Single Sign-On Implementation Guide

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

SAML-Based SSO Solution

Web Access Management and Single Sign-On

Trend of Federated Identity Management for Web Services

HP Software as a Service. Federated SSO Guide

A Standards-based Mobile Application IdM Architecture

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

OIO Web SSO Profile V2.0.5

SAML Security Analysis. Huang Zheng Xiong Jiaxi Ren Sijun

Single Sign-On Implementation Guide

Configuring SAML2 for Single Sign On to Smartsheet (Enterprise Only)

How To Use Salesforce Identity Features

McAfee Cloud Identity Manager

IAM Application Integration Guide

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

How To Use Saml 2.0 Single Sign On With Qualysguard

IGI Portal architecture and interaction with a CA- online

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

DEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity

RCS Liferay Google Analytics Portlet Installation Guide

Shibboleth User Verification Customer Implementation Guide Version 3.5

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

Single Log-Out. Andreas Åkre Solberg Malaga, June 2009

SAP HANA Cloud Portal Overview and Scenarios

Transcription:

Orange Authentication API Using Liberty s SAML Simple Sign Binding ID-CONF MUNICH, Liberty Alliance workshop, April 2008 Philippe Clément Head of Identity Enabler, Group Strategic Marketing philippe.clement@orange-ftgroup.com

Orange / FT Group Worldwide Worldwide: 220 countries, 170M customers 109M mobiles, 11.6M ADSL, 49M landlines subscribers Leading Telco on fixed/mobile convergence (multiple-play offers, Unik, Livebox) Europe: 78 million mobile subscribers (#3 in Europe) 47.5 million PSTN landlines (# 1 Europe) 11.6 million broadband ADSL lines (#1 Europe) 4.8 million VoIP lines (# 1 Europe) France: 40M active identities in France 185 services federated to Identity Platform covering: Web portal services, Widgets, desktop applications, VoIP, IPTV WAP and Mobile applications Other device-based applications around the Livebox home gateway SSO and APIs for internal use (based on Liberty Alliance principles) United Kingdom mobile: 15.4m internet: 2.02m Belgium mobile: 2.9m fixed:0.55m Poland mobile: 10.4m fixed:10.48m internet: 1.78m France mobile: 23.5m fixed: 33.7m internet: 6.2m Switzerland mobile: 1.3m Slovakia mobile: 2.6m Moldavia mobile: 0.8m Romania mobile: 7.49m Spain mobile: 10.9m fixed: 2.8m internet: 1.2m fixed internet mobile ID Conf April 2008 - page 2

The Orange Personal API Value Proposition Orange is a major provider of online identities In France, Orange manages 23 million mobile users and 15 million individuals with Internet access accounts. 7 out of 10 in France have an Orange Identity Because of network-based authentication mechanisms, Orange delivers enhanced user experiences On mobile: SIM cards fully transparent authentication On web: DSL-based implicit authentication + multi-level last known users management 90% of Orange users do not need to enter a user name/password to access their accounts because of these advanced identification mechanisms based on device recognition When introduced in France, this feature doubled service usage of the Orange communication services Orange is now opening authentication and authenticated APIs to partners Partners can provide services that are easier to access from Web and Mobile devices Partners can leverage Orange service features via APIs to enhance the customer promise and sales conversion rate for their services ID Conf April 2008 - page 3

Developer s journey APIs are available via our Partners' website (www.orangepartner.com) Partners register to use APIs, receive toolkits, code examples and guidelines Partners install Orange s sign-in functionality on their website Protocols supported: Open ID v1 (Sept 07) SAML Simple Sign Binding (Feb 08) Open ID v2 (2008) ID Conf April 2008 - page 4

End users' journey User Journey #1 : registering on Partner's site with Orange ID User is already authenticated by Orange (e.g. connects behind home DSL connection) User chooses to access partner's site with his Orange ID User is redirected to Orange IdP ; no sign-in page is displayed as there is an existing user session Orange prompts user for authorization before establishing federation and sharing attributes User is redirected to the partner's site, where he continues his journey (typically, 1st time access wizard) demo User Journey #2: authenticating on Partner's site with Orange ID The user may be connecting from anywhere User chooses to sign-in on partner's site with Orange ID Partner site "remembers" the previous Orange authentication and proposes immediately to sign-in with Orange (partner site behaviour) User is redirected to the Orange IdP which displays a sign-in page. Typically, user selects his account and types his password User is then redirected to the partner site demo ID Conf April 2008 - page 5

Orange Authentication API: SSO flow 1. The user accesses the site of the service provider. 2. The user clicks on the button "Sign in with an Orange user account" and is redirected to the Orange Authentication service (identity provider). 3. Orange authenticates the user (this stage is transparent for the user if a valid Orange authentication session already exists or if the user can be authenticated implicitly). 4. Orange Authentication service redirects the user to the service by providing an assertion of authentication (SAML Response). The service provider can therefore personalise a service on the basis of the user identifier provided by Orange Authentication service. Non Orange Service Orange Authentication Service ID Conf April 2008 - page 6

Orange Authentication API: SSO flow "orange.xx" DNS domain 3rd party website OrangeAuth Service id.orange.fr SSO request (SAMLRequest) Processing of the SAML "AuthnRequest" Enter credentials Session cookie Only happens if no active Orange session yet exists Service cookie for OrangeAuth (+ list of attributes requested by OrangeAuth) Retrieval of the previously generated federation alias. Generation of the SAMLResponse (no interaction for authorization required). Form POST SSO response (SAMLResponse, SigAlg, Signature) ID Conf April 2008 - page 7

Detail of SAML implementation Protocol details : SAMLRequest : <AuthnRequest xmlns="urn:oasis:names:tc:saml:2.0:protocol" ID="_b050e0f4c673ec2572fc65d95359afe6" Version="2.0" IssueInstant="2007-12-21T19:54:07Z" > <Issuer xmlns="urn:oasis:names:tc:saml:2.0:assertion">third-party service ID provided at registration</issuer> </AuthnRequest> SAMLResponse (XML content) : Status NameIdentifier (one-time federation alias) Authentication context class Identifier of the IDP Identifier of the SP Timestamps (for the validity of the response) Other core profile attributes "OrangeAPIToken" To be used for subsequent access to APIs (calendar, photos, contacts, messages etc. ) Simple Sign Binding Use of plain text signature instead of XML-Signature for easier integration at partner's site Integration into ipernity.com by non identity expert achieved in a few days! ID Conf April 2008 - page 8

thank you Please visit www.orangepartner.com for more details on Orange's authenticated APIs ID Conf April 2008 - page 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information