SlideShare a Scribd company logo

Web access management using o auth2 and saml – wam 2.0

Download as PPTX, PDF
G
Gluu

The document discusses a concept for centralized web access management using open source SAML and OAuth2 software. It involves using a UMA Authorization Server where a user authenticates via SAML single sign-on to an identity provider. The UMA Authorization Server then authorizes access tokens for a given scope to consolidated UMA Resource and Relying Party servers. However, it is noted that in some cases the Relying Party should not act as the Resource Server, such as when a mobile app is the client rather than the resource server itself.

1 of 2
Download to read offline
1
2
Web Access Management (“WAM”) using open source SAML and OAuth2 software Day by day it is getting more difficult to manage inbound SAML authenticated people while maintaining SSO and central entitlements management for internal websites, SaaS platforms and mobile applications. The diagram above illustrates a concept to centralize Web access management using an UMA Authorization Server “AS“, where the person uses an IDP SAML to authenticate. In this case, the UMA Resource Server “RS” and the UMA Relying Party “RP” are consolidated. The RP sends the user claims, obtained via SAML, with the UMA request to the AS to authorize the token (in this case, the RPT token…) for a given scope. In this case, the combined RS-RP is similar to a CA Site minder agent. The only reason this works is because the domain controls both the IDP (in this case the Asimba proxy) and the RPs.
Note, in many cases, you may not want the RS to act as the RP. For example, if the Apache2 server is an API hub, and the client is a mobile app, you want the RP to be the mobile app which has a connection to the person. There was some discussion on this if you are the type of person who likes to read sequence diagrams. Article resource:-http://gluu.webs.com/apps/blog/show/42374398-web-access- management-using-oauth2-and-saml-wam-2-0

More Related Content

PDF
Cloud identity management meetup 150108
Morteza Ansari
 
PDF
OpenID Overview - Seoul July 2007
David Recordon
 
PPT
Web Access Management
Molly Knapp
 
PPT
Introduction to Research Methods
Molly Knapp
 
KEY
OpenID vs OAuth - Identity on the Web
Richard Metzler
 
PDF
Access Management for Cloud and Mobile
ForgeRock
 
PDF
CIS14: PingAccess 101
CloudIDSummit
 
PDF
OpenID Bootcamp Tutorial
David Recordon
 
Cloud identity management meetup 150108
Morteza Ansari
 
OpenID Overview - Seoul July 2007
David Recordon
 
Web Access Management
Molly Knapp
 
Introduction to Research Methods
Molly Knapp
 
OpenID vs OAuth - Identity on the Web
Richard Metzler
 
Access Management for Cloud and Mobile
ForgeRock
 
CIS14: PingAccess 101
CloudIDSummit
 
OpenID Bootcamp Tutorial
David Recordon
 

Similar to Web access management using o auth2 and saml – wam 2.0 (20)

PPTX
2018 Oct IIW User Managed Access (UMA)
George Fletcher
 
PDF
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
Mike Schwartz
 
PDF
Uma webinar 2014 03-20
kantarainitiative
 
PDF
[WSO2Con USA 2018] Identity APIs is the New Black
WSO2
 
PDF
UMA for ACE
Hannes Tschofenig
 
PPTX
Microservice with OAuth2
◄ vaquar khan ► ★✔
 
PDF
Extending the Power of Consent with User-Managed Access & OpenUMA
kantarainitiative
 
PPTX
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
ForgeRock
 
PDF
Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...
Univention GmbH
 
PPTX
IAM Overview Identiverse 2018
Brian Campbell
 
PDF
CIS14: User-Managed Access
CloudIDSummit
 
PPTX
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
gemziebeth
 
PDF
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
PDF
[WSO2Con EU 2018] Identity APIs is the New Black
WSO2
 
PDF
CIS 2015 User Managed Access - George Fletcher
CloudIDSummit
 
PPTX
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Saloni Shah
 
PPTX
Extended Security with WSO2 API Management Platform
WSO2
 
PPTX
The New Venn of Access Control in the API-Mobile-IOT Era
ForgeRock
 
PDF
Consumerizing Industrial Access Control: Using UMA to Add Privacy and Usabili...
ForgeRock
 
PDF
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Eve Maler
 
2018 Oct IIW User Managed Access (UMA)
George Fletcher
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
Mike Schwartz
 
Uma webinar 2014 03-20
kantarainitiative
 
[WSO2Con USA 2018] Identity APIs is the New Black
WSO2
 
UMA for ACE
Hannes Tschofenig
 
Microservice with OAuth2
◄ vaquar khan ► ★✔
 
Extending the Power of Consent with User-Managed Access & OpenUMA
kantarainitiative
 
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
ForgeRock
 
Technical Deep Dive - OpenID-Connect and OAuth 2.0 in UCS IAM - Florian Best ...
Univention GmbH
 
IAM Overview Identiverse 2018
Brian Campbell
 
CIS14: User-Managed Access
CloudIDSummit
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
gemziebeth
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
[WSO2Con EU 2018] Identity APIs is the New Black
WSO2
 
CIS 2015 User Managed Access - George Fletcher
CloudIDSummit
 
Help! I Have An Identity Crisis: A look at various mechanisms of Single Sign On
Saloni Shah
 
Extended Security with WSO2 API Management Platform
WSO2
 
The New Venn of Access Control in the API-Mobile-IOT Era
ForgeRock
 
Consumerizing Industrial Access Control: Using UMA to Add Privacy and Usabili...
ForgeRock
 
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Eve Maler
 
Ad

More from Gluu (20)

PPSX
Gluu server for educational institutions
Gluu
 
PPTX
Pr from our recent nstic pilot award
Gluu
 
PPTX
The currency of identifiers
Gluu
 
PPTX
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...
Gluu
 
PPTX
Gluu sxsw 2015 interactive picks
Gluu
 
PPTX
17 recommended requirements for an identity and access management poc
Gluu
 
PPTX
Top 10 applications for multi factor authentication in higher education
Gluu
 
PPTX
First o auth 2.0 and saml identity federation platform to be shown by gluu
Gluu
 
PPTX
How & why gluu’s open source authorization and authentication platform was ch...
Gluu
 
PPTX
East hackathon api’s for art
Gluu
 
PPTX
Gluu’s vision
Gluu
 
PPTX
Gluu and canonical to demonstrate instant application security using ubuntu j...
Gluu
 
PPTX
Currency of identifiers ii
Gluu
 
PPTX
Shibboleth identity provider (idp) what it is, and why you should consider a ...
Gluu
 
PPTX
Federated identity and open id connect why higher ed needs ox
Gluu
 
PPTX
Packt publishing book proposal api and mobile access management
Gluu
 
PPTX
Gluu oscon submission
Gluu
 
PPTX
Go west young federation
Gluu
 
PPTX
 Use case for asimba as saml proxy
Gluu
 
PPTX
Postcard from identity next 2013
Gluu
 
Gluu server for educational institutions
Gluu
 
Pr from our recent nstic pilot award
Gluu
 
The currency of identifiers
Gluu
 
Gluu founder and ceo, mike schwartz, to host open id connect 1.0 session at r...
Gluu
 
Gluu sxsw 2015 interactive picks
Gluu
 
17 recommended requirements for an identity and access management poc
Gluu
 
Top 10 applications for multi factor authentication in higher education
Gluu
 
First o auth 2.0 and saml identity federation platform to be shown by gluu
Gluu
 
How & why gluu’s open source authorization and authentication platform was ch...
Gluu
 
East hackathon api’s for art
Gluu
 
Gluu’s vision
Gluu
 
Gluu and canonical to demonstrate instant application security using ubuntu j...
Gluu
 
Currency of identifiers ii
Gluu
 
Shibboleth identity provider (idp) what it is, and why you should consider a ...
Gluu
 
Federated identity and open id connect why higher ed needs ox
Gluu
 
Packt publishing book proposal api and mobile access management
Gluu
 
Gluu oscon submission
Gluu
 
Go west young federation
Gluu
 
 Use case for asimba as saml proxy
Gluu
 
Postcard from identity next 2013
Gluu
 
Ad

Web access management using o auth2 and saml – wam 2.0

  • 1. Web Access Management (“WAM”) using open source SAML and OAuth2 software Day by day it is getting more difficult to manage inbound SAML authenticated people while maintaining SSO and central entitlements management for internal websites, SaaS platforms and mobile applications. The diagram above illustrates a concept to centralize Web access management using an UMA Authorization Server “AS“, where the person uses an IDP SAML to authenticate. In this case, the UMA Resource Server “RS” and the UMA Relying Party “RP” are consolidated. The RP sends the user claims, obtained via SAML, with the UMA request to the AS to authorize the token (in this case, the RPT token…) for a given scope. In this case, the combined RS-RP is similar to a CA Site minder agent. The only reason this works is because the domain controls both the IDP (in this case the Asimba proxy) and the RPs.
  • 2. Note, in many cases, you may not want the RS to act as the RP. For example, if the Apache2 server is an API hub, and the client is a mobile app, you want the RP to be the mobile app which has a connection to the person. There was some discussion on this if you are the type of person who likes to read sequence diagrams. Article resource:-http://gluu.webs.com/apps/blog/show/42374398-web-access- management-using-oauth2-and-saml-wam-2-0