Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
© 2016 ForgeRock. All rights reserved.
1er Décembre 2016
La Source @ Le Tank
22 bis rue des Taillandiers, Paris
© 2016 ForgeRock. All rights reserved.
COMMENT ÇA MARCHE:
OPENID CONNECT FOURNISSEUR
D’IDENTITÉ UNIVERSEL DE GOOGLE
À FRAN...
© 2016 ForgeRock. All rights reserved.
Fourniseurs d’identités utilisateur
© 2016 ForgeRock. All rights reserved.
What is the question?
I want users to get an easy access to my system,
however:
● I...
© 2016 ForgeRock. All rights reserved.
Why not SAML?
• SAML ( Security Assertion Markup Language ) is a standard which
ena...
© 2016 ForgeRock. All rights reserved.
Introducing OIDC
OpenID Connect ( OIDC ) is built on OAuth2 and adds authentication...
© 2016 ForgeRock. All rights reserved.
Why OIDC?
OIDC offers additional functionality over and above SAML:
● Dynamic regis...
© 2016 ForgeRock. All rights reserved.
OIDC Flows
There are three OIDC flows for authentication, these are a subset of
OAu...
© 2016 ForgeRock. All rights reserved.
OIDC Authorization Code Flow
Relying Party User
OpenID
Provider
Token
Endpoint
User...
© 2016 ForgeRock. All rights reserved.
Access Token, ID Token, UserInfo
© 2016 ForgeRock. All rights reserved.
Hub FranceConnect
© 2016 ForgeRock. All rights reserved.
FranceConnect Hub
Leo
© 2016 ForgeRock. All rights reserved.
© 2016 ForgeRock. All rights reserved.
What’s The Flowww?
• Browser-based Applications
• Implicit flow for JavaScript-base...
© 2016 ForgeRock. All rights reserved.
OIDC flow functionnal matrix
Próxima SlideShare
Cargando en…5
×

Comment ça marche: OpenID Connect fournisseur d’identité universel de Google à FranceConnect

Identity Tech Talk France #1
https://www.meetup.com/fr-FR/Identity-Tech-Talks-France/events/234441358/
Monthly meeting, come, listen, participate and share!

  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Comment ça marche: OpenID Connect fournisseur d’identité universel de Google à FranceConnect

  1. 1. © 2016 ForgeRock. All rights reserved. 1er Décembre 2016 La Source @ Le Tank 22 bis rue des Taillandiers, Paris
  2. 2. © 2016 ForgeRock. All rights reserved. COMMENT ÇA MARCHE: OPENID CONNECT FOURNISSEUR D’IDENTITÉ UNIVERSEL DE GOOGLE À FRANCECONNECT
  3. 3. © 2016 ForgeRock. All rights reserved. Fourniseurs d’identités utilisateur
  4. 4. © 2016 ForgeRock. All rights reserved. What is the question? I want users to get an easy access to my system, however: ● I want to retreive user information. ● I also do not want my users to have to remember and enter yet another set of credentials. We can achieve this using federation. SAML and OIDC are both types of federation ( though not the only types ). My Service
  5. 5. © 2016 ForgeRock. All rights reserved. Why not SAML? • SAML ( Security Assertion Markup Language ) is a standard which enables a user to authenticate once and access multiple web sites across different networks • XML and SOAP based • The SAML standard defines two different types of provider: • Identity Provider (IdP): Authenticates users and stores user credentials. • Service Provider (SP): Where authenticated users go to consume services. • A circle of trust is a set of IdPs and SPs that have been configured to trust SAML assertions generated by each other. Circle of Trust SP IdP SP SP SP
  6. 6. © 2016 ForgeRock. All rights reserved. Introducing OIDC OpenID Connect ( OIDC ) is built on OAuth2 and adds authentication functionality ( whereas OAuth2 is only for delegated access) Like SAML it solves the problem of accessing different sites without introducing yet another set of credentials. You may have seen one of these buttons, they use OIDC. Sites can be OpenID certified
  7. 7. © 2016 ForgeRock. All rights reserved. Why OIDC? OIDC offers additional functionality over and above SAML: ● Dynamic registration & discovery: Discovery enables client applications to automatically register themselves with the OIDC server. ● RESTful services: JSON based services that can be utilised by mobile apps and micro services ● Easy to consume tokens: OIDC utilises JWT’s ( JSON Web Tokens ) ● Endpoints: That can flexibly return claims about the end user ● Use of custom claims ● Enable Consent ● Enable Authorization ● Easy to configure
  8. 8. © 2016 ForgeRock. All rights reserved. OIDC Flows There are three OIDC flows for authentication, these are a subset of OAuth2 flows: ● Authorization Code Flow ● Implicit Flow ● Hybrid Flow We are going to look at the Authorization Code Flow
  9. 9. © 2016 ForgeRock. All rights reserved. OIDC Authorization Code Flow Relying Party User OpenID Provider Token Endpoint UserInfo Endpoint Authorization code request Authenticate end user User consent * Redirect with.... ...authorization code Exchange code for tokens Access Token & ID Token (Optional) Access token (Optional) Userinfo response Access protected resource * Unless already granted
  10. 10. © 2016 ForgeRock. All rights reserved. Access Token, ID Token, UserInfo
  11. 11. © 2016 ForgeRock. All rights reserved. Hub FranceConnect
  12. 12. © 2016 ForgeRock. All rights reserved. FranceConnect Hub Leo
  13. 13. © 2016 ForgeRock. All rights reserved.
  14. 14. © 2016 ForgeRock. All rights reserved. What’s The Flowww? • Browser-based Applications • Implicit flow for JavaScript-based application or a “traditional” server- rendered web application. • Increase security with the authorization code flow – or hybrid flow. • Mobile Native Applications • Authorization code flow with a direct connection to the token endpoint • Micro services • Authorization code flow
  15. 15. © 2016 ForgeRock. All rights reserved. OIDC flow functionnal matrix

×