• Home

  • Software

  • Case Study: Utilizing OpenIDM with an External AJAX Interface
13
Human Information Identity Management Identity Solution Architects Case Study: Utilizing OpenIDM with an External AJAX Interface 6/4/2014

Case Study: Utilizing OpenIDM with an External AJAX Interface

Tags:

Embed Size (px)

DESCRIPTION

Breakout Session presented by Rob Jackson, Identity Solutions Architect at Nulli at the 2014 IRM Summit in Phoenix, Arizona

Citation preview

Page 1: Case Study: Utilizing OpenIDM with an External AJAX Interface

Human Information

Identity Management

Identity Solution Architects

Case Study: Utilizing OpenIDM with an External AJAX Interface

6/4/2014

Page 2: Case Study: Utilizing OpenIDM with an External AJAX Interface

Introduction

NullioForgeRock Strategic PartneroOpenSource Contributorso IAM Specialists since 1997oHQ in Calgary, AB, Canada

Servicing North America

Page 3: Case Study: Utilizing OpenIDM with an External AJAX Interface

Whitepaper

Consumer facing trendAvailable for download nulli.com blogAuthored by Hadi Ahmadi / Sandeep ChaturvediBased on current Customero Requirements

IDP for public sector applications Registration/verification Self-service user functions

o Detailed design was already completeo Interested in lightweight AJAX UI with REST

API (Internet-facing)

Page 4: Case Study: Utilizing OpenIDM with an External AJAX Interface

CREST (Commons REST)

Common REST API between products:oOpenIdMoOpenDJoOpenAM

Page 5: Case Study: Utilizing OpenIDM with an External AJAX Interface

Implementing CREST

Which API?oOverlap of functionalityoStrong pointsSecurity?o Internet-facing?Middle Tier?oRequired?Gotchas

Page 6: Case Study: Utilizing OpenIDM with an External AJAX Interface

Which API?

Overlap ExampleCreate User•OpenAM»../json/users/?_action=register

•OpenIdM»../managed/user/

•OpenDJ»../users/newuser

Page 7: Case Study: Utilizing OpenIDM with an External AJAX Interface

Which API?

CREST API

Registration

Provision LDAP

Provision (Multiple stores)

Password

Password Reset

OTP

Auth’n & Auth’z

Customizable

Workflow

Policy/Validation

Configuration

Self Service

Data Replication

Federation

OpenAM X X X X X X X X X

OpenIdM X X X X X X X X X X X

OpenDJ X X X X

Page 8: Case Study: Utilizing OpenIDM with an External AJAX Interface

Which API? - Summary

OpenIdMoWorkflowoMultiple Data StoresoMost FlexibleOpenAMoAuthentication/AuthorizationOpenDJoMore System->System

Page 9: Case Study: Utilizing OpenIDM with an External AJAX Interface

Security?

Reverse Proxy/Secure GatewayoReduce ‘Attack’ SurfaceoControl generalized API patterns

POST ../?action=somethingAPI Policies (OpenIdM)Authenticated vs AnonymousoToken/UID+PWDoOpenIdM protected by OpenAMXSS/CORSJSON Sanitization (embedded scripts, etc)

Page 10: Case Study: Utilizing OpenIDM with an External AJAX Interface

Middle Tier?

Business LogicoMultiple calls behindToken authenticationDMZ presenceAnonymous links from emailsHost non-identity contentsoCountry/city lists, etcoLanding pages/UI hostCAPTCHA

Page 11: Case Study: Utilizing OpenIDM with an External AJAX Interface

Gotchas

OpenIdM (Jetty) Protected by OpenAMoCan’t use OOTB Anonymous userReturning detailed user status from OpenAM Authentication REST API (Active/Inactive)oMultiple callsoAuthentication plugin?Functionality in OpenAM not as flexibleoOpenIdM custom end points

Page 12: Case Study: Utilizing OpenIDM with an External AJAX Interface

Architecture

Page 13: Case Study: Utilizing OpenIDM with an External AJAX Interface

P

C

Robert Jackson

Identity Architect

[email protected]

(403) 869-3313

(403) 648-0909

Questions?


AJAX JOGA FC - HomeTeamsONLINEmedia.hometeamsonline.com/photos/soccer/AJAXUTAHFC/AjaxJogaFeeWaive… · Ajax Joga FC AJAX JOGA FC Ajax Joga FC Ajax Joga FC Ajax Joga FC Ajax Joga

AJAX JOGA FC - HomeTeamsONLINEmedia.hometeamsonline.com/photos/soccer/AJAXUTAHFC/AjaxJogaFeeWaive… · Ajax Joga FC AJAX JOGA FC Ajax Joga FC Ajax Joga FC Ajax Joga FC Ajax Joga

Documents
Samples Guide - OpenIDM 5 - ForgeRock BackStage · Samples Guide /OpenIDM 5 Latest update: 5.0.1.1 Lana Frost Mike Jang ForgeRock AS 201 Mission St., Suite 2900 San Francisco, CA

Samples Guide - OpenIDM 5 - ForgeRock BackStage · Samples Guide /OpenIDM 5 Latest update: 5.0.1.1 Lana Frost Mike Jang ForgeRock AS 201 Mission St., Suite 2900 San Francisco, CA

Documents
Introduce What is ASP.NET AJAX Architecture of ASP.NET AJAX Goal of ASP.NET AJAX Scenarios ASP.NET AJAX Extensions Microsoft AJAX Library ASP.NET AJAX

Introduce What is ASP.NET AJAX Architecture of ASP.NET AJAX Goal of ASP.NET AJAX Scenarios ASP.NET AJAX Extensions Microsoft AJAX Library ASP.NET AJAX

Documents
Ajax World 08 Asp Net Ajax

Ajax World 08 Asp Net Ajax

Technology
Getting Started with OpenIDM

Getting Started with OpenIDM

Technology
OPENIDM: DID YOU JUST SAAS ME?

OPENIDM: DID YOU JUST SAAS ME?

Software
OpenIDM 2.1.0 Install Guide

OpenIDM 2.1.0 Install Guide

Documents
Installation Guide - OpenIDM 4 - ForgeRock BackStage · nevertheless get started with this guide, and then learn more as you go along. If you have a previous version of OpenIDM installed,

Installation Guide - OpenIDM 4 - ForgeRock BackStage · nevertheless get started with this guide, and then learn more as you go along. If you have a previous version of OpenIDM installed,

Documents
CComplete Ajax Tutorialomplete Ajax Tutorial

CComplete Ajax Tutorialomplete Ajax Tutorial

Documents
Ajax Basics The XMLHttpRequest Object. Ajax is…. Ajax is not…. Ajax is not a programming language. Ajax is not a programming language. Ajax is a methodology

Ajax Basics The XMLHttpRequest Object. Ajax is…. Ajax is not…. Ajax is not a programming language. Ajax is not a programming language. Ajax is a methodology

Documents
Introduction to Ajax Introduction to Ajax

Introduction to Ajax Introduction to Ajax

Documents
Webinar: OpenIDM 3.1

Webinar: OpenIDM 3.1

Technology
OpenIDM als „Datendrehscheibe“ – erste …...2014/09/16  · Manuel Haim - Hochschulrechenzentrum OpenIDM als „Datendrehscheibe“ – erste Erfahrungen und Konfiguration ZKI-Arbeitskreis

OpenIDM als „Datendrehscheibe“ – erste …...2014/09/16  · Manuel Haim - Hochschulrechenzentrum OpenIDM als „Datendrehscheibe“ – erste Erfahrungen und Konfiguration ZKI-Arbeitskreis

Documents
Ajax! Ajax Programming Ajax! Ajax Programming. Ajax! Ajax Programming Take a look at a typical desktop…

Ajax! Ajax Programming Ajax! Ajax Programming. Ajax! Ajax Programming Take a look at a typical desktop…

Documents
LinID Directory Manager - RMLL Directory Manager OpenIDM (ForgeRock)

LinID Directory Manager - RMLL Directory Manager OpenIDM (ForgeRock)

Documents
Integrator's Guide - OpenIDM 3...OpenIDM project offers flexible, open source services for automating management of the identity life cycle. This work is licensed under the Creative

Integrator's Guide - OpenIDM 3...OpenIDM project offers flexible, open source services for automating management of the identity life cycle. This work is licensed under the Creative

Documents
Ajax Toolkit Framework Ajax World 2

Ajax Toolkit Framework Ajax World 2

Documents
Managing OpenAFS users with OpenIDM

Managing OpenAFS users with OpenIDM

Technology
Building rich web applications with ASP.NET AJAX · Microsoft AJAX Library ASP.NET 2.0 AJAX Extensions ASP.NET AJAX Control Toolkit Current Version ASP.NET AJAX 1.0 Beta 2 Roadmap

Building rich web applications with ASP.NET AJAX · Microsoft AJAX Library ASP.NET 2.0 AJAX Extensions ASP.NET AJAX Control Toolkit Current Version ASP.NET AJAX 1.0 Beta 2 Roadmap

Documents
OpenIDM Architecture - nLight - Perun Server · nLight takes significant part in OpenIDM architecture and development OpenIDM is a strategic product for nLight. OpenIDM Features

OpenIDM Architecture - nLight - Perun Server · nLight takes significant part in OpenIDM architecture and development OpenIDM is a strategic product for nLight. OpenIDM Features

Documents
New Contents · 2015. 9. 11. · RadComboBox for ASP.NET AJAX is built entirely on top of ASP.NET AJAX, utilizing its common client‐side framework and programming model. MS DropDownList

New Contents · 2015. 9. 11. · RadComboBox for ASP.NET AJAX is built entirely on top of ASP.NET AJAX, utilizing its common client‐side framework and programming model. MS DropDownList

Documents
OpenIDM 3.0 - What's New

OpenIDM 3.0 - What's New

Software
Programmation Ajax/web2.0 - Formation AJAX/web2 1

Programmation Ajax/web2.0 - Formation AJAX/web2 1

Documents
Disk Station DS209+ - Synology Inc....and responsive user interfaces. Utilizing the AJAX technology, sophisticated designs of Synology DS209+, such as fast searching, file sharing,

Disk Station DS209+ - Synology Inc....and responsive user interfaces. Utilizing the AJAX technology, sophisticated designs of Synology DS209+, such as fast searching, file sharing,

Documents
AJAX in ASP.NET MVC AJAX, Partial Page Rendering, jQuery AJAX, MVC AJAX Helpers SoftUni Team Technical Trainers Software University

AJAX in ASP.NET MVC AJAX, Partial Page Rendering, jQuery AJAX, MVC AJAX Helpers SoftUni Team Technical Trainers Software University

Documents
Getting Started - OpenIDM 4 - backstage.forgerock.com · Getting Started OpenIDM 4 Mike Jang ForgeRock AS 201 Mission St., Suite 2900 San Francisco, CA 94105, USA +1 415-599-1100

Getting Started - OpenIDM 4 - backstage.forgerock.com · Getting Started OpenIDM 4 Mike Jang ForgeRock AS 201 Mission St., Suite 2900 San Francisco, CA 94105, USA +1 415-599-1100

Documents
Installation Guide - OpenIDM 4 - ForgeRock BackStage · Installation Guide OpenIDM 4 Mark Craig Lana Frost Paul Bryan Andi Egloff Laszlo Hordos Matthias Tristl Mike Jang ForgeRock

Installation Guide - OpenIDM 4 - ForgeRock BackStage · Installation Guide OpenIDM 4 Mark Craig Lana Frost Paul Bryan Andi Egloff Laszlo Hordos Matthias Tristl Mike Jang ForgeRock

Documents
Microsoft AJAX Library. ASP.NET 2.0 AJAX Extensions

Microsoft AJAX Library. ASP.NET 2.0 AJAX Extensions

Documents
Contentsd31ghwrlt97cgl.cloudfront.net/ComparisonSheets/controls.pdfAjax Support RadComboBox for ASP.NET AJAX is built entirely on top of ASP.NET AJAX, utilizing its common client‐side

Contentsd31ghwrlt97cgl.cloudfront.net/ComparisonSheets/controls.pdfAjax Support RadComboBox for ASP.NET AJAX is built entirely on top of ASP.NET AJAX, utilizing its common client‐side

Documents
Release Notes - OpenIDM 5 - ForgeRock BackStage...New Authentication Modules OpenIDM 5 includes support for OpenID Connect and OAuth 2.0 authentication. For more information, see "Supported

Release Notes - OpenIDM 5 - ForgeRock BackStage...New Authentication Modules OpenIDM 5 includes support for OpenID Connect and OAuth 2.0 authentication. For more information, see "Supported

Documents