Single Sign On: open source protocols for securely authenticating into remote services

Dan Hammari (08.Jun.2018 at 14:00, 50 min)
Talk at OpenWest Conference 2018 (English - US)

Rating: 0 of 5

An overview of the protocols that allow a Service Provider (SP) to re-use the authentication services provided by a remote Identity Provider (IdP).

Will cover Security Assertion Markup Language (SAML), its nomenclature, and its handshake strategies for authenticating users across federated services. Will show examples of SAML using PHP libraries such as LightSAML for identity providers and OneLogin's php-saml for service providers. Will discuss XML documents used for metadata and x509 certificates used to authenticate transactions. Will show the steps for initiating a SAML authentication validation request, generating a validation assertion, and decoding a validation assertion.

Will cover OAuth 1.0 and real-life application using IMS Global's Learning Tools Interoperability (LTI) protocol. Will show examples in the PHP League's OAuth 1 client to accept inbound requests from Instructure's Canvas client. Will discuss shared client keys and shared client secrets used to generate OAuth 1.0 encryption values.

Will cover OAuth 2.0, its differences from OAuth 1.0, and real-life application with Facebook and Google. Will show how to register a web application with these identity providers, and how to initiate handshakes using various redirect strategies. Will discuss the difference between authentication and authorization. Will also review the additional layer of extending proxy authorization for tasks and how to use refresh tokens to gain access to authorized services. [73]

Who are you?

Claim talk

Talk claims have been moved to the new Joind.in site.

Please login to the new site to claim your talk

Want to comment on this talk? Log in or create a new account or comment anonymously

Write a comment

 
Please note: you are not logged in and will be posting anonymously!
= eight minus six
 
No comments yet.
© Joind.in 2018