Tuesday, March 29, 2016

Identity Patterns with the WSO2 Identity Server
Access a microservice from a web app protected with SAML 2.0 or OIDC

Problem:
  • The business users need to access multiple service providers, supporting SAML 2.0 and OIDC-based authentication. 
  • Once the user logs into the web app, it needs to access a microservice on behalf of the logged in user.
Solution:
  • Deploy WSO2 Identity Server as the Identity Provider and register all the service providers with OIDC or SAML 2.0 as the inbound authenticator. 
  • Enable JWT-based access token generator in the WSO2 Identity Server. 
  • Develop and deploy all the microservices with WSO2 MSF4J. 
  • If the service provider supports SAML 2.0 based authentication, once the user logs into the web app, exchange the SAML token to an OAuth access token by talking to the /token endpoint of the WSO2 Identity Server, following the SAML 2.0 grant type for OAuth 2.0 profile. This access token itself is a self-contained JWT. 
  • If the service provider supports OIDC based authentication, once the user logs into the web app, exchange the ID token to an OAuth access token by talking to the /token endpoint of the WSO2 Identity Server, following the JWT grant type for OAuth 2.0 profile. This access token itself is a self-contained JWT. 
  • To access the microservice, the pass the JWT (or the access token) in the HTTP Authorization Bearer header over TLS. 
  • MSF4J will validate access token (or the JWT) and the token will be passed across all the downstream microservices. 
  • More about microservices security: https://medium.com/@prabath/securing-microservices-with-oauth-2-0-jwt-and-xacml-d03770a9a838 
  • Products: WSO2 Identity Server 5.1.0+, WSO2 MSF4J 

3 comments:

Benny said...

This method begins having a laser beam in a replica rolex sale to turn more than 5 axes, that guarantees accuracy reducing from the situation to produce cavities for that Liquidmetal. replica watches runs on the completely distinctive metal associated with 850 platinum eagle for that Liquidmetal metal. The actual expensive tag heuer replica tend to be after that funnel arranged to the situation utilizing conventional fake rolex sale methods. The actual expensive diamonds utilized in case are trapezoidal baguettes that provide this particular rolex replica sale a good iced-out appear. For the watch aficionado looking to give a genuinely classic watch in order to rolex replica sale selection, there's absolutely no much better spot to store compared to a good public sale from tag heuer replica sale. This particular renowned public sale home offers offered forty two wrist watches with regard to costs associated with more than $1 zillion every as well as racked upward complete view product sales associated with $800 zillion in only the final 8 many years. An additional public sale home mentioned with regard to promoting uncommon luxurious replica watches sale is actually Sotheby's, in whose globally overseer associated with product sales marketing communications Matthew Weigman offered the touch why a few items tend to be therefore sought after as well as provide this kind of higher costs.

阿童木 said...

The Cartier watch is advised to swiss replica watches action added than just a watch. Breeding and composure are absolutely replica watches uk requirements of these around-the-clock architecture standards. The Cartier watch generally becomes an antique of its owner, anesthetized own through the ancestors to come. You can acquisition rolex replica your Cartier Watch in modern, classic, and awakening styles.

chenmeinv0 said...

ralph lauren polo
ray ban clubmaster
montblanc pen
north face outlet
mac cosmetics makeup
adidas outlet
ray ban wayfarer
pony sneakers
ray ban sunglasses
ecco shoes outlet
hzx20170302