Mobile Connect is an initiative by GSM Association (GSMA). GSMA represents the interests of mobile operators worldwide, uniting nearly 800 operators with more than 250 companies in the broader mobile ecosystem. The Mobile Connect initiative focuses on building a standard for user authentication and identity services between mobile network operators and service providers.
SAML, OpenID Connect and WS-Federation have become the most popular ways of implementing identity federation and single sign-on (SSO) for many service providers. This webinar will explore an approach to help service providers migrate from their existing protocols to Mobile Connect in a zero-code-change approach, with the WSO2 Identity Server. It will also discuss how to secure access to your most precious SaaS applications with Mobile Connect.
Introduction to Mobile Connect
Introduction to WSO2 Telco and the WSO2 Identity Server
How to migrate from OpenID Connect or SAML to Mobile Connect
How to login to Salesforce/Google Apps via Mobile Connect
The webinar was presented by Prabath Siriwardena, Director Security Architecture at WSO2 and Venura Mendis, CTO at WSO2.Telco.
Driving Behavioral Change for Information Management through Data-Driven Gree...
Securing Access to SAAS Apps with GSMA Mobile Connect
1. Securing Access to SAAS Apps with
GSMA Mobile Connect
Prabath Siriwardena, WSO2
prabath@wso2.com
Venura Mendis, WSO2.Telco
venura@wso2telco.com
Keet Sugathadasa, WSO2
keet@wso2.com
2. Agenda
● Introducing WSO2.Telco
● GSMA Mobile Connect Technical Overview
● Mobile Connect vs. OpenID Connect
● WSO2 Identity Server
● Mobile Connect support in WSO2 Identity Server
● Securing Access to Salesforce with GSMA Mobile Connect
3. WSO2.Telco the perfect hybrid
Digital Enablement
Powered by APIs for Telcos
Telco
Innovation
Visionary
Platform
Community
engagement
5. Introduction - Mobile Connect
WSO2.Telco powers 40% of the 2.5Bn Enabled Mobile Connect users
6. LOA2: Registered User Login / On-Net
Authentication
Confidential 6
User clicks to login
via mobile connect
Operator Authenticates
the End User in the
background using
Header enrichment
1.3 Registered User – Authentication via HE
Welcome to
wow.lk
Jonathan!
User is logged in to
the site
1
2
7. LOA2: Registered User Login / Off-Net
Authentication
1.4 Authentication via HE Fallback to USSD – LoA2 : Registered user
7
User clicks
to login via
mobile
connect
1 User prompted in
browser to enter
mobile number
2
USSD prompt confirmed by user
3 4
Welcome to
wow.lk
Jonathan!
User is logged
to the site
5
8. WSO2.Telco Mobile Identity Gateway
• GSMA Certified MCX Vendor
• Standalone solution delivering full Mobile
Connect functionality
➢ Authentication
➢ Authorization
➢ Attribute sharing
• Extendable Authenticator Framework
➢ SMS, USSD, HE , SIM, Smartphone
(LoA2)
➢ USSD, HE , SIM, Smartphone (LoA3)
• WSO2 Integration platform for custom
integrations
➢ SMPP
➢ Webservices
➢ ETSI 102.204 for standard compliant
MSSP
Mobile Identity
Gateway
9. How MCX works
9
CUSTOMER LOGIN
Desktop/mobile service access request Operator discovery
Authentication
SERVICE PROVIDER
4
WSO2.Telco MCX solution
1 2
3
Secure, convenient &
I don’t need to
remember multiple
usernames and
passwords!
GSMA API
exchange
10. Mobile Connect India Case Study – Six MNOs,
one MCX Hub
PLATFORM IN INDIA
Service
Providers
Digital Business enabler
Platform live for
12 months
Six MNOs
integrated
in 6months
LOA2 and 3 with
three
authenticators
Central
Business
Operations
Hub operated as a platform as a service hosted in India
• Only operational MCX Hub globally
• Central very agile MCX product evolution
• Fully operational Telco API Hub
• MNO on-premise option with no re-engineering
SMS USSD HE MCX
DoB CRM LBS Wallet
11. Mobile Connect vs. OIDC
● Mobile Connect uses OpenID Connect to talk to the MNO (Identity
Provider).
● https://medium.facilelogin.com/gsma-mobile-connect-vs-openid-
connect-eb3935a99b89#.mlpkqab1d
12. WSO2 Identity Server
● 5th Generation Product
● Current version 5.2.0 (Sept 2016)
● Based on WSO2 Carbon platform, which provides support for
multi-tenancy, logging, clustering, and other common services
25. Documentation and References
● What is Mobile Connect
http://keetmalin.wixsite.com/keetmalin/single-post/2016/09/30/What-
is-Mobile-Connect
● Mobile Connect for WSO2 Identity Server
http://keetmalin.wixsite.com/keetmalin/single-post/2016/10/03/Mobile-
Connect-Federated-Authenticator-for-WSO2-Identity-Server