This Blog Is Not Updated Any More.

Check out my new blog on Medium: http://facilelogin.com

Topics: Identity and Access Management, Blockchain, Ethereum, Bitcoin, Security, PSD2, GDPR



Tuesday, March 29, 2016

Identity Patterns with the WSO2 Identity Server
Access a microservice from a web app protected with SAML 2.0 or OIDC

Problem:
  • The business users need to access multiple service providers, supporting SAML 2.0 and OIDC-based authentication. 
  • Once the user logs into the web app, it needs to access a microservice on behalf of the logged in user.
Solution:
  • Deploy WSO2 Identity Server as the Identity Provider and register all the service providers with OIDC or SAML 2.0 as the inbound authenticator. 
  • Enable JWT-based access token generator in the WSO2 Identity Server. 
  • Develop and deploy all the microservices with WSO2 MSF4J. 
  • If the service provider supports SAML 2.0 based authentication, once the user logs into the web app, exchange the SAML token to an OAuth access token by talking to the /token endpoint of the WSO2 Identity Server, following the SAML 2.0 grant type for OAuth 2.0 profile. This access token itself is a self-contained JWT. 
  • If the service provider supports OIDC based authentication, once the user logs into the web app, exchange the ID token to an OAuth access token by talking to the /token endpoint of the WSO2 Identity Server, following the JWT grant type for OAuth 2.0 profile. This access token itself is a self-contained JWT. 
  • To access the microservice, the pass the JWT (or the access token) in the HTTP Authorization Bearer header over TLS. 
  • MSF4J will validate access token (or the JWT) and the token will be passed across all the downstream microservices. 
  • More about microservices security: https://medium.com/@prabath/securing-microservices-with-oauth-2-0-jwt-and-xacml-d03770a9a838 
  • Products: WSO2 Identity Server 5.1.0+, WSO2 MSF4J 

0 comments: