OpenID Connect: The new standard for connecting to your Customers, Partners, Apps, and Devices...

Post on 26-Jan-2015

111 views 6 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

With the proliferation of cloud applications, mobile devices, and the need to connect to external users, IT organizations are increasingly challenged with how to manage and gain transparency into user access to systems and applications. As your organization looks to deploy Identity in the cloud, it’s critical that this is backed by open-standards. In this webinar, Chuck Mortimore, Pat Patterson, and Ian Glazer will give you a broad overview of how OpenID Connect can help better connect you with your customers, partners, apps, and devices Key Takeaways Get introduced to OpenID Connect, learn how it builds on top of OAuth, and discover why it’s an important new standard for your organization Consume OpenID Connect from popular Identity providers with Social Sign-On Provide a single, branded Identity to your own users and applications using OpenID Connect Use OpenID Connect to easily build Identity-enabled mobile applications Plan for the next generation of connected devices Intended Audience This webinar is aimed at a technical audience of administrators, developers, architects and business analysts who are wishing to learn more about Identity and Standards

Transcript of OpenID Connect: The new standard for connecting to your Customers, Partners, Apps, and Devices...

OpenID Connect The new standard for connecting to your Customers, Partners, Apps, and Devices

April 9, 2014

#forcewebinar

Safe Harbor

Safe harbor statement under the Private Securities Litigation Reform Act of 1995:

This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.

The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of intellectual property and other litigation, risks associated with possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-Q for the most recent fiscal quarter ended July 31, 2012. This documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site.

Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.

#forcewebinar

Speakers

Pat Patterson Developer Evangelist Architect @metadaddy

Chuck Mortimore Vice President, Identity @cmort

Ian Glazer Senior Director, Identity @iglazer

#forcewebinar

Follow Developer Force for the Latest News

@forcedotcom / #forcewebinar

Developer Force – Force.com Community

+Developer Force – Force.com Community

Developer Force

Developer Force Group

#forcewebinar

Agenda

§  Introduction

§  Overview

§  Demo

§  Protocol

§  Roadmap

#forcewebinar

Have Questions?

§  We have an expert support team at the ready to answer your questions during the webinar.

§  Ask your questions via the GoToWebinar Questions Pane.

§  The speaker(s) will chose top questions to answer live at the end of the webinar.

§  Please post your questions as we go along!

§  Only post your question once; we’ll get to it as we go down the list.

Introduction: Ian Glazer

OpenID Connect: What is it?

#forcewebinar

Chapter 1:

OpenID Connect

§  Authenticate users without having to get your hands dirty with passwords

§  Learn about the person using your service using modern identity tools

§  Informed by a long history of identity standards

§  Based on OAuth2

#forcewebinar

Why should I care about OpenID Connect?

Identity Professionals Developers Business

§ Focus on business enablement

§ OIDC is SAML for our RESTful web-oriented architecture world

§ Support use cases the business cares about including mobile and social

§ Focus on the awesome – the user journey

§ Don’t have to deal with username, passwords, PKI, and LDAP

§ Strong credentials without all the mess

§ Engage with internal and external customers

§ Make it easier for customers to interact with you

§ Avoids having to issue your customers yet another set of credentials

#forcewebinar

Where identity and access management got started

Identity

#forcewebinar

Identity

And then cloud and mobile happened

#forcewebinar

Identity

Customers

Partners

Products

Where we must go

#forcewebinar

Use-Cases

Mobile Apps & Connected Products Social Sign-On

OpenID Connect Stack

OpenID Connect Stack

Too much? Start with the Basic Client

Just read this: http://openid.net/specs/openid-connect-basic-1_0.html

Or better yet… just use the Salesforce1 platform

OpenID Connect Relying Party Authentication Provider

(the Client Side)

OpenID Connect Provider Connected Apps

(the Server Side)

OpenID Connect: How Does it Work?

#forcewebinar

OpenID Connect – Basic Client Profile

End-User Client Auth Server

Authorization Request

https://login.salesforce.com/services/oauth2/authorize?!response_type=code&!client_id=3MVG9lKcPoNINVBLWJnB_Y...Lsn&!redirect_uri=https%3A%2F%2Fwww.example.com%2Foauth%2Fcallback&!state=BLAH_BLAH_BLAH!

Redirect with Authz Request

#forcewebinar

OpenID Connect – Basic Client Profile

End-User Client Auth Server

Authenticate End-User

Credentials/Constent

Redirect to Client

Authorization Response

Redirect with Authz Request Authorization Request

https://www.example.com/oauth/callback/?!state=BLAH_BLAH_BLAH&!code=aPrxsmIEeqM9PiSOCErbySxQvb...5sdWyjE.DG_TNeow==!

#forcewebinar

OpenID Connect – Basic Client Profile

End-User Client Auth Server

Authenticate End-User

Credentials/Constent

Redirect to Client

Authorization Response

Token Request

Redirect with Authz Request

Authorization Request

POST /services/oauth2/token HTTP/1.1!Host: login.salesforce.com!Content-Type: application/x-www-form-urlencoded!!grant_type=authorization_code&!code=aPrxsmIEeqM9PiSOCErbySxQvb...5sdWyjE.DG_TNeow==&!client_id=3MVG9lKcPoNINVBLWJnB_Y...Lsn&!client_secret={client_secret}&!redirect_uri=https%3A%2F%2Fwww.example.com%2Foauth%2Fcallback!

#forcewebinar

OpenID Connect – Basic Client Profile

End-User Client Auth Server

Authenticate End-User

Credentials/Constent

Redirect to Client

Authorization Response

Token Request

Token Response

Redirect with Authz Request Authorization Request

{! "id": "https://login.salesforce.com/id/00Dx0000000A9y0EAC/005x0000000UnYmAAK",! "issued_at": "1396919485288",! "scope": "id full api openid refresh_token chatter_api",! "instance_url": "https://na1.salesforce.com",! "token_type": "Bearer",! "access_token": "00D...u7Bpj72Q.SVBtEBjMK9kLPJWQibME_5M”, ! "refresh_token": "5Aep8614iLM.D...1UAD1OoIkStoE7T",! "id_token": "eyJ...fDXFOfHr0h02sn32pkyN6UPkQr.n_3YkyGEar GSlP5ptcTaroqMxZJvodKc1Y693SJPL2u...CeS8x.1F_zeFx8cEA6HEK",! "signature": "z9F5OBkazrIOy/i7mQ7kZwBkEVHBxjb8+5XPvnlk=",!}!

#forcewebinar

OpenID Connect – Basic Client Profile

End-User Client Auth Server

Authenticate End-User

Credentials/Constent

Redirect to Client

Authorization Response

Token Request

Token Response

Redirect with Authz Request Authorization Request

{! "exp": 1396919605,! "sub": "https://login.salesforce.com/id/00Dx0000000A9y0EAC/005x0000000UnYmAAK",! "aud": "3MVG9lKcPoNINVBLWJnB_Y...Lsn",! "iss": "https://login. salesforce.com",! "iat": 1396919485!}!

#forcewebinar

OpenID Connect – Basic Client Profile

End-User Client Auth Server

Authenticate End-User

Credentials/Constent

Redirect to Client

Authorization Response

Token Request

Token Response

UserInfo Request

Redirect with Authz Request Authorization Request

GET /services/oauth2/userinfo HTTP/1.1!Host: login.salesforce.com!Authorization: Bearer 00D...u7Bpj72Q.SBtEBjMK9kLPJWQibME_5M!

#forcewebinar

OpenID Connect – Basic Client Profile

End-User Client Auth Server

Authenticate End-User

Credentials/Constent

Redirect to Client

Authorization Response

Token Request

Token Response

UserInfo Request

UserInfo Response

Redirect with Authz Request Authorization Request

{! "sub": "https://login.salesforce.com/id/00Dx0000000A9y0EAC/005x0000000UnYmAAK",! "user_id": "005x0000000UnYmAAK",! "organization_id": "00Dx0000000A9y0EAC",! "preferred_username": ”user@example.com",! "nickname": ”user",! "name": "Pat Patterson",! "email": "user@example.com",! "email_verified": true,! "given_name": "Pat",! "family_name": "Patterson",! ...!}!

OpenID Connect: How do I get started?

#forcewebinar

OpenID Connect Stack within Salesforce

Auth. Providers Connected Apps

§ Client side implementation –  Oauth & OpenID Connect

§ Configure our client, to become your app, with any provider

§ Fine-grained control over –  just-in-time provisioning

–  account linking

§ Server Side Implementation §  Oauth & OpenID Connect (and SAML and Canvas)

§ Configure your client, to talk to our services, using your brand or ours

§ Fine-grained control over –  Authorization

–  Authentication Levels –  Refresh Token Decay

–  Application Policy –  Attributes

OpenID Connect: What can I build?

Acquire Customers With Social Sign-On

Run your own Social Sign-On

Rapidly Build & Deploy Mobile Apps

OpenID Connect: What’s New?

#forcewebinar

What’s New?

§  OpenID Connect Services –  Standard schema via User Profile service

–  Signature based client authentication

–  Custom Attributes

§  ID Tokens –  Signed JWT

–  Key Endpoint

OpenID Connect: What’s Next?

#forcewebinar

What’s Next?

§  Custom Permissions –  Define your own Permissions

–  Manage your Authorization Model using Profile and Permission Sets

§  Customizable ID Tokens –  Identity for the Internet of Things

–  Combine Device Identity with Customer Identity

–  Design Center •  Scalable

•  Offline

•  Spectrum of Authentication

•  Fine Scoping and Delegation

OpenID Connect: How do I learn more?

#forcewebinar

Resources

§  Digging Deeper into Oauth 2.0 on Force.com –  http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com

§  Inside OpenID Connect –  http://wiki.developerforce.com/page/Inside_OpenID_Connect_on_Force.com

§  OpenID Connect Playground –  https://openidconnect.herokuapp.com

§  Videos: –  Social Sign-On: http://www.youtube.com/watch?v=D0YUTb-w1Yc

–  Mobile Access Management: http://www.youtube.com/watch?v=UYDdmWhiwYw

Survey

Your feedback is crucial to the success of our webinar programs. Thank you!

http://bit.ly/openidsurvey

#forcewebinar

Q & A

#forcewebinar

Pat Patterson Developer Evangelist Architect @metadaddy

Chuck Mortimore Vice President, Identity @cmort

Ian Glazer Senior Director, Identity @iglazer

Top related

CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jain
 Technology
OpenID - Реферат
 Documents
Presentation OpenID
 Technology
OpenID Contexts
 Technology
Securing your APIs with OAuth, OpenID, and OpenID Connect
 Technology
Introduction to OpenID Foundation...May 21, 2020  · Introduction to OpenID Foundation 2020-05-21 OpenID Foundation Virutal Workshop. OpenID Foundation A Non-profit International
 Documents
Connecting Apps, Devices and Services
 Technology
Connecting your apps to the cloud: Mobile CMS
 Technology
OpenID Authentication
 Technology
Oracle Banking APIs OpenID Guide Banking API… · OPENID 5 OpenID Guide 5 2. OPENID OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients
 Documents
Connecting Xamarin Apps with IBM Worklight in Bluemix
 Technology
Connecting your Apps with Docker and NGINX
 Software
OpenID 101
 Technology
I/O Preso: OpenID and OAuth for Google Apps - Chrome Browser
 Documents
Connecting to Salesforce Data in your ASP.NET Apps
 Technology
OpenID Presentation
 Business
OpenID Connect - Nat Sakimura at OpenID TechNight #7
 Technology
OpenID Security
 Technology
Openid Fossconf
 Technology
Implementing OpenID
 Technology

Copyright © 2022 FDOCUMENTS