Embed Size (px)
Citation preview
SSOwith
Window Identity Foundation
What is SSO ?
- SSO : Single Sign-On
- Log in once and access to all systems without to log in
again at each of them
Benefits
- Reducing password fatigue from different user
name and password combinations
- Reducing time spent re-entering passwords for
the same identity
- Reducing IT costs due to lower number of IT
help desk calls about passwords
- the negative impact in case the credentials are
available to other persons and misused ("keys
to the castle")
Criticisms
Principle & vocabulary
- Security Token
- Claims & Claims-based applications
- STS : Security Token Service
- RP : Relying Party
- IdP : Identity Provider
* alcohol can damage your health
Standards
- OpenID
- Facebook, Microsoft, Google, PayPal, Ping
Identity, Symantec, and Yahoo
- SAML & WS-Federation
- Microsoft - ADFS V2
- Azure AppFabric Access Control
- Windows Identity Foundation- Oauth
- Liberty Alliance
- Windows CardSpace (U-Prove)
- MicroID
- Windows CardSpace
- Higgins
OpenID SAML
Dates from 2005 2001
Current version OpenID 2.0 SAML 2.0
Main purpose Single sign-on for consumers Single sign-on for enterprise users
Protocols used XRDS, HTTP SAML, XML, HTTP, SOAP
.Net libraries DotNetOpenAuth
System.IdentityModel
Windows Identity Foundation
OpenID vs SAML
SAML
OpenID
Windows Identity Foundation
- WSFederationAuthenticationModule
- Handle redirection to STS
- Process the sign-in response
- Create the ClaimsPrincipal
- SessionAuthenticationModule
- Manage the authenticated session
- Write cookies
Windows Identity Foundation
https://betclicstage.com/r1/back/st1/back/Common/home.aspx
Betclic ADFS
Test localy with Thinktecture.IdentityModel.EmbeddedSts
- Use WS-Federation STS for ASP.NET with minimal configuration (replace
deprecated "Identity and Access Control" Visual Studio extension)
http://www.nuget.org/packages/Thinktecture.IdentityModel.EmbeddedSts/
Create a claims-based application on Visual Studio 2013
https://adfs-bead.betclicstage.net/federationmetadata/2007-06/federationmetadata.xml
Identity Developer Training Kithttp://www.microsoft.com/en-us/download/confirmation.aspx?id=14347
Passive Authentication for ASP.NET with WIFhttps://msdn.microsoft.com/en-us/magazine/ff872350.aspx
Federated Identities: OpenID vs SAML vs OAuthhttp://www.softwaresecured.com/2013/07/16/federated-identities-openid-vs-saml-vs-oauth/
About Us• Betclic Everest Group, one of the world leaders in online
gaming, has a unique portfolio comprising variouscomplementary international brands: Betclic, EverestPoker/Casino, Bet-at-home, Expekt, Imperial Casino, Monte-Carlo Casino…
• Through our brands, Betclic Everest Group places expertise,technological know-how and security at the heart of ourstrategy to deliver an on-line gaming offer attuned to thepassion of our players. We want our brands to be easy to usefor every gamer around the world. We’re building ourcompany to make that happen.
• Active in 100 countries with more than 12 million customersworldwide, the Group is committed to promoting secure andresponsible gaming and is a member of several internationalprofessional associations including the EGBA (EuropeanGaming and Betting Association) and the ESSA (EuropeanSports Security Association).
We want our Sports betting, Poker, Horse racing andCasino & Games brands to be easy to use for everygamer around the world. Code with us to make thathappen.
Look at all the challenges we offer HERE
Check our Employer Page
Follow us on LinkedIn
WE’RE HIRING !
