SlideShare a Scribd company logo

JWT SSO Inbound Authenticator

Download as PPTX, PDF
M
MifrazMurthaja

The document introduces JWT SSO as an authentication protocol that utilizes JWT tokens for user authentication in single sign-on flows. It outlines the basic working mechanism, the necessary parameters for the application, and provides a configuration guide for enabling JWT SSO. The conclusion highlights security considerations for validating JWT tokens and the support from miniorange.

Software
1 of 19
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
JWT SSO Inbound Authenticator June 18, 2020
The JWT SSO - An Introduction
● JWT SSO is an authentication protocol used to authenticate the user based on the JWT token. ● The application relies on the JWT token and uses the JWT token as the source of authentication in the SSO flow. What is JWT SSO? 3
Simply because, simplicity! 1. Work with simple redirections 2. Easy to process from the application Once the application receives the JWT token, 1. Verify the JWT token. 2. Get the user claims. 3. Provision the user if the user does not exist. 4. Let the user sign in to the application. But why? 4
Where it is being used? 5
How it works?
1. The JWT Token - Mandatory The JWT token which includes the user claims signed with shared secret 1. Return to URL - Optional URL to redirect the user after the successful authentication. 1. Error URL - Optional URL to redirect the user in case of an error occurred in the application, when processing the authentication response received from the IDP. What the application expects? 7
The application require to send the values as URL query parameters. https://applicationdomain.com/jwt?jwt={payload} &return_to={return_to_url} &error_url={error_url} How it expects? 8
9 The flow
Configuration
1. Enable SSO to the application using JWT 2. Retrieve Site URL (SSO endpoint) ⦿ The URL to redirect the user with the JWT token after the successful authentication 3. Obtain the API Key (Shared secret) ⦿ The key to sign the JWT token 1. Enable JWT SSO on the application 11
2. Get the JWT SSO Connector 12 1. Get the connector from WSO2 IS Connector Store 2. Add it to dropins directory 3. Enable /identity endpoint ⦿ [[resource.access_control]] context="/identity(.*)" secure="false" http_method="GET"
3. Register the service provider 13
4. Configure the claims 14
1. SSO Request ⦿ https://localhost:9443/identity/jwtsso?jwtRP=lms-test-app 2. SLO Request ⦿ https://localhost:9443/identity/jwtsso/logout?jwtRP=lms-test-app 5. Testing the flow 15
Wrapping-up!
1. A simple way to implement SSO without proper specifications with some security concerns! ⦿ The application must validate the JWT token against the JWT signature ⦿ The token must be accepted by the application for authentication within the specified time period considering the exp claim. ⦿ The token must only be used once to authenticate the user by invalidating the token using the jti claim. 2. Work with simple redirections. 3. Supported by miniOrange. Conclusion 17
Question Time! 18
wso2.com Thanks!

More Related Content

PPTX
Secure your app with keycloak
Guy Marom
 
PPTX
Building secure applications with keycloak
Abhishek Koserwal
 
KEY
OpenID vs OAuth - Identity on the Web
Richard Metzler
 
PPTX
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
PPT
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
PDF
Single Sign On with OAuth and OpenID
Gasperi Jerome
 
PPT
OAuth2 Protocol with Grails Spring Security
NexThoughts Technologies
 
PDF
Spring security oauth2
axykim00
 
Secure your app with keycloak
Guy Marom
 
Building secure applications with keycloak
Abhishek Koserwal
 
OpenID vs OAuth - Identity on the Web
Richard Metzler
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
Single Sign On with OAuth and OpenID
Gasperi Jerome
 
OAuth2 Protocol with Grails Spring Security
NexThoughts Technologies
 
Spring security oauth2
axykim00
 

What's hot (20)

PPTX
Identity management and single sign on - how much flexibility
Ryan Dawson
 
PDF
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
PPTX
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
PDF
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Hermann Burgmeier
 
PDF
Stateless Auth using OAuth2 & JWT
Gaurav Roy
 
PPTX
Draft: building secure applications with keycloak (oidc/jwt)
Abhishek Koserwal
 
PPTX
Securing your APIs with OAuth, OpenID, and OpenID Connect
Manish Pandit
 
PPT
Web 20 Security - Vordel
guest2a1135
 
PDF
ConFoo 2015 - Securing RESTful resources with OAuth2
Rodrigo Cândido da Silva
 
PPT
Openid & Oauth: An Introduction
Steve Ivy
 
PPTX
OAuth2 & OpenID Connect
Marcin Wolnik
 
PPTX
OpenID Connect 1.0 Explained
Eugene Siow
 
PDF
Json web token api authorization
Giulio De Donato
 
PDF
Foreman Single Sign-On Made Easy with Keycloak
Nikhil Kathole
 
PDF
JavaOne 2014 - Securing RESTful Resources with OAuth2
Rodrigo Cândido da Silva
 
PDF
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CloudIDSummit
 
PDF
Full stack security
DPC Consulting Ltd
 
PPTX
An Introduction to OAuth2
Aaron Parecki
 
PDF
OpenID Connect - An Emperor or Just New Cloths?
Oliver Pfaff
 
PDF
Protecting web APIs with OAuth 2.0
Vladimir Dzhuvinov
 
Identity management and single sign on - how much flexibility
Ryan Dawson
 
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Hermann Burgmeier
 
Stateless Auth using OAuth2 & JWT
Gaurav Roy
 
Draft: building secure applications with keycloak (oidc/jwt)
Abhishek Koserwal
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Manish Pandit
 
Web 20 Security - Vordel
guest2a1135
 
ConFoo 2015 - Securing RESTful resources with OAuth2
Rodrigo Cândido da Silva
 
Openid & Oauth: An Introduction
Steve Ivy
 
OAuth2 & OpenID Connect
Marcin Wolnik
 
OpenID Connect 1.0 Explained
Eugene Siow
 
Json web token api authorization
Giulio De Donato
 
Foreman Single Sign-On Made Easy with Keycloak
Nikhil Kathole
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
Rodrigo Cândido da Silva
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CloudIDSummit
 
Full stack security
DPC Consulting Ltd
 
An Introduction to OAuth2
Aaron Parecki
 
OpenID Connect - An Emperor or Just New Cloths?
Oliver Pfaff
 
Protecting web APIs with OAuth 2.0
Vladimir Dzhuvinov
 
Ad

Similar to JWT SSO Inbound Authenticator (20)

PPTX
Uniface Lectures Webinar - Application & Infrastructure Security - JSON Web T...
Uniface
 
PPTX
REST Service Authetication with TLS & JWTs
Jon Todd
 
PDF
Introduction to JWT and How to integrate with Spring Security
Bruno Henrique Rother
 
PDF
Securing Web Applications with Token Authentication
Stormpath
 
PDF
Landscape
Amit Gupta
 
PDF
Landscape
Amit Gupta
 
PPTX
DDD Melbourne 2019 : Modern Authentication 101
Dasith Wijesiriwardena
 
PDF
WTH is a JWT
Joel Lord
 
PDF
5 easy steps to understanding json web tokens (jwt)
Amit Gupta
 
PDF
What the Heck is OAuth and Open ID Connect? - UberConf 2017
Matt Raible
 
PDF
What the Heck is OAuth and OpenID Connect - RWX 2017
Matt Raible
 
PDF
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
WSO2
 
PDF
OAuth and OpenID Connect for Microservices
Twobo Technologies
 
PDF
JSON WEB TOKEN
Knoldus Inc.
 
PDF
Jwt
Frank Linehan
 
PPTX
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
SohailCreation
 
PPTX
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Jason Robert
 
PDF
What the Heck is OAuth and OpenID Connect - DOSUG 2018
Matt Raible
 
PPTX
Json Web Token - JWT
Prashant Walke
 
PDF
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
iMasters
 
Uniface Lectures Webinar - Application & Infrastructure Security - JSON Web T...
Uniface
 
REST Service Authetication with TLS & JWTs
Jon Todd
 
Introduction to JWT and How to integrate with Spring Security
Bruno Henrique Rother
 
Securing Web Applications with Token Authentication
Stormpath
 
Landscape
Amit Gupta
 
Landscape
Amit Gupta
 
DDD Melbourne 2019 : Modern Authentication 101
Dasith Wijesiriwardena
 
WTH is a JWT
Joel Lord
 
5 easy steps to understanding json web tokens (jwt)
Amit Gupta
 
What the Heck is OAuth and Open ID Connect? - UberConf 2017
Matt Raible
 
What the Heck is OAuth and OpenID Connect - RWX 2017
Matt Raible
 
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API Manager
WSO2
 
OAuth and OpenID Connect for Microservices
Twobo Technologies
 
JSON WEB TOKEN
Knoldus Inc.
 
Jwt
Frank Linehan
 
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
SohailCreation
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Jason Robert
 
What the Heck is OAuth and OpenID Connect - DOSUG 2018
Matt Raible
 
Json Web Token - JWT
Prashant Walke
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
iMasters
 
Ad

Recently uploaded (20)

PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
AI in Product Development-omnex systems
omnex systems
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Introduction to Artificial Intelligence
lohedi9363
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
System and Network Administraation Chapter 3
jaramharo
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 

JWT SSO Inbound Authenticator

  • 1. JWT SSO Inbound Authenticator June 18, 2020
  • 2. The JWT SSO - An Introduction
  • 3. ● JWT SSO is an authentication protocol used to authenticate the user based on the JWT token. ● The application relies on the JWT token and uses the JWT token as the source of authentication in the SSO flow. What is JWT SSO? 3
  • 4. Simply because, simplicity! 1. Work with simple redirections 2. Easy to process from the application Once the application receives the JWT token, 1. Verify the JWT token. 2. Get the user claims. 3. Provision the user if the user does not exist. 4. Let the user sign in to the application. But why? 4
  • 5. Where it is being used? 5
  • 7. 1. The JWT Token - Mandatory The JWT token which includes the user claims signed with shared secret 1. Return to URL - Optional URL to redirect the user after the successful authentication. 1. Error URL - Optional URL to redirect the user in case of an error occurred in the application, when processing the authentication response received from the IDP. What the application expects? 7
  • 8. The application require to send the values as URL query parameters. https://applicationdomain.com/jwt?jwt={payload} &return_to={return_to_url} &error_url={error_url} How it expects? 8
  • 11. 1. Enable SSO to the application using JWT 2. Retrieve Site URL (SSO endpoint) ⦿ The URL to redirect the user with the JWT token after the successful authentication 3. Obtain the API Key (Shared secret) ⦿ The key to sign the JWT token 1. Enable JWT SSO on the application 11
  • 12. 2. Get the JWT SSO Connector 12 1. Get the connector from WSO2 IS Connector Store 2. Add it to dropins directory 3. Enable /identity endpoint ⦿ [[resource.access_control]] context="/identity(.*)" secure="false" http_method="GET"
  • 13. 3. Register the service provider 13
  • 14. 4. Configure the claims 14
  • 15. 1. SSO Request ⦿ https://localhost:9443/identity/jwtsso?jwtRP=lms-test-app 2. SLO Request ⦿ https://localhost:9443/identity/jwtsso/logout?jwtRP=lms-test-app 5. Testing the flow 15
  • 17. 1. A simple way to implement SSO without proper specifications with some security concerns! ⦿ The application must validate the JWT token against the JWT signature ⦿ The token must be accepted by the application for authentication within the specified time period considering the exp claim. ⦿ The token must only be used once to authenticate the user by invalidating the token using the jti claim. 2. Work with simple redirections. 3. Supported by miniOrange. Conclusion 17

Editor's Notes

  • #5: SSO with simple redirections
  • #6: Thinkific - LMS Zendesk - Customer support ticket system & sales CRM Sisense - BI & Analytics Platform Aha - Roadmap software