security as a service leveraged by apache projects
play

Security As A Service Leveraged by Apache Projects Oliver Wulff, - PowerPoint PPT Presentation

Mar 30, 2024 •223 likes •515 views

Security As A Service Leveraged by Apache Projects Oliver Wulff, Talend Application Security Landscape 11/19/14 2 Solution Building blocks Apache CXF Fediz Apache CXF Fediz Single Sign On (WS-Federation) Attribute Based Access

  1. Security As A Service Leveraged by Apache Projects Oliver Wulff, Talend

  2. Application Security Landscape 11/19/14 2

  3. Solution Building blocks ● Apache CXF Fediz Apache CXF Fediz ● Single Sign On (WS-Federation) ● Attribute Based Access Control (SAML AttributeStatement) ● Identity Provider and Application Server Plugin ● Apache Syncope Apache Syncope ● IAM (User management, Attribute Management, Provisioning) ● Connector LDAP ● Apache DS Apache DS ● LDAP Server ● PostgreSQL PostgreSQL ● Database for Syncope and Fediz IDP 11/19/14 3

  4. Solution Building blocks Demo Federation/SSO with Apache Tomcat Application 11/19/14 4

  5. Solution Building blocks Apache CXF Fediz 11/19/14 5

  6. Apache CXF Fediz ● Sub-project of Apache CXF project ● Work started mid of 2011 ● Community growing ● First release in June 2012 ● Current release 1.1.2 ● Finishing work for 1.2 11/19/14 6

  7. OASIS WS-Federation 1.2 ● OASIS Standard 2009 ● Security Token agnostic (SAML 1.1/2.0, …) ● Extends OASIS WS-Trust ● Browser and Web Services SSO ● PRP adapts Browsers to WS-Trust ● No connectivity between Application and IDP required (Cloud) ● Claims/Attribute Based Access Control ● Supports several Authentication domains 11/19/14 7

  8. WS-Federation Identity Provider (IDP) Security Token Service (STS) WS-Federation Fediz IDP Authentication Security Tokens Token WS-Trust issued by STS Fediz STS  User Machine Browser Relying Party (RP) A c c e s  s W R e Web Application e b d A i r e p c p t l i c t o a I t i D o P n Fediz Plugin HTTPS Servlet Container 11/19/14 8

  9. Fediz Plugin ● WS-Federation 1.0/1.1/1.2 ● SAML 1.1 / 2.0 Tokens ● SAML-P support ● IDP trust types Chain Trust, Direct Trust ● Core Logic Container independent ● Supports Tomcat, Jetty, Karaf, Websphere and Spring Security ● WS-Federation Metadata ● Claims provided in FederationPrincipal 11/19/14 9

  10. Fediz IDP/STS ● Authentication: Username/password, Kerberos, X509 ● Spring Security (REST, Login) ● Spring Web Flow ● User Store: ● File store (Mock testing) ● LDAPLoginModule ● Custom JAAS Login Module or custom WSS4J Validator ● Claims/Role store: ● LdapClaimsHandler ● FileClaimsHandler (Mock testing) ● SAML Token creation customizable 11/19/14 10

  11. New Features in Fediz 1.1 ● Fediz IDP refactored and leverages Spring Webflow ● WS-Federation support for RP-IDP ● HomeRealm Discovery ● Kerberos support ● Support encrypted SAML tokens ● SAML Holder-Of-Key ● New Containers supported: Karaf, Jetty, Spring Security and IBM Websphere ● Claim Mapping support with Apache Commons JEXL 11/19/14 11

  12. Fediz IDP Relying Party Home Realm Discovery Browser Relying Party IDP adatam.com IDP RPIDP Redirect: wtrealm='MyApplication' wtrealm='MyApplication', optional whr HomeRealm Redirect: wtrealm='RPIDP' Discovery wtrealm='RPIDP' Username/Password Challenge SignInResponse, 'RP-IDP Token' SignInResponse Claim Mapping SignInResponse, 'MyApplication Token' SignInResponse 11/19/14 12

  13. Fediz Roadmap ● Security Protocol pluggable in IDP (1.2) WS-Federation, SAML-P, Oauth2, ... ● IDP REST Interface (1.2) ● Configure Claims, IDPs, Applications, Trusted IDPs ● Fine grained security control ● SAML-P support in Fediz plugin (1.2) ● Fediz CXF Plugin (Security Protocols supported for JAX-RS) ● OAuth 2 ● Launch Fediz IDP from Maven build (1.2) ● Single Logout (1.2) 11/19/14 13

  14. REST Interface (1/3) Resources ● Idp ● /idps ● Claim ● /claims ● Ma ny-to-many (requestedClaims, offeredClaims) ● Attribute on Relation ● Application ● /applications ● many-to-many ● TrustedIdp ● /trustedIdps ● many-to-many 11/19/14 14

  15. REST Interface (2/3) ● Many-To-May Relationship /applications POST|GET /applications/{realm} GET|PUT|DELETE /applications/{realm}/claims POST /applications/{realm}/claims/{claimType} DELETE ● HTTP Error Codes (besides 200) ● NoContent (204) ● Error (500) ● Created (201) ● NotFound (404) ● Content Type ● XML ● JSON 11/19/14 15

  16. REST Interface (3/3) ● HTTP Headers ● Location (newly created resources) ● X-Application-Error-Code, X-Application-Error-Info ● Query parameters (start, size, expand) ● Hypermedia support? (href Attribute, link Element) ● Security ● Roles ● Entitlements (CLAIM_LIST, CLAIM_CREATE, …, ROLE_CREATE, ...) 11/19/14 16

  17. Solution Building blocks Demo Configure application using Fediz Configure application in Fediz IDP (REST) Federation/SSO with Apache Tomcat Application 11/19/14 17

  18. Solution Building blocks Apache Syncope 11/19/14 18

  19. Identity Access Management ● Who has/had access to What, When, How, and Why? 11/19/14 19

  20. Identity & Access Management ● IAM is concerned with managing user data on systems and applications during the entire life cycle ● Involves user attributes, roles, resources, entitlements, etc. ● Provisioning / Reconciliation ● Synchronize user (account) data across identity stores and a broad range of data sources, formats, meanings and purposes ● Read user data from source systems ● Write user data to target systems ● Reporting / Auditing ● Policy Enforcement (Segregation of Duty) 11/19/14 20

  21. IAM Product Architecture 11/19/14 21

  22. Apache Syncope Architecture (1/2) 11/19/14 22

  23. Apache Syncope Architecture (2/2) ● Different Connector support (ConnId project) ● Workflow customizable (based on Activiti) ● User Schema definition ● Propagation/Synchronization ● Business Intelligence (Audit, Report) ● REST API 11/19/14 23

  24. Apache Syncope - Schemas ● Apply for User and Roles ● Normal Attributes ● Stored in Syncope DB FirstName = John LastName = Black ● Propagaded and synchronized when selected ● Derived Attributes ● Combination of Attributes FullName = FirstName + LastName FullName = John Black ● JEXL Expression Language ● Virtual Attributes ● Not stored in Syncope DB ● Lookup from remote resource ● 11/19/14 24

  25. Apache Syncope – Attribute Mapping 11/19/14 25

  26. Apache Syncope - Workflow 11/19/14 26

  27. Solution Building blocks Demo IAM Syncope Federation/SSO with Apache Tomcat Application 11/19/14 27

  28. More information ● Talend 4 www.talend.com ● Apache Projects ● Fediz 4 http://cxf.apache.org/fediz.html ● Syncope 4 http://syncope.apache.org/ ● Blogs ● http://coheigea.blogspot.com ● http://www.dankulp.com/blog/ ● http://sberyozkin.blogspot.com ● http://owulff.blogspot.com 11/19/14 28

  29. Thank You

Recommend

If you have the Content, then Apache has the Technology! A whistle-stop tour of the Apache

If you have the Content, then Apache has the Technology! A whistle-stop tour of the Apache

If you have the Content, then Apache has the Technology! A whistle-stop tour of the Apache content related projects Nick Burch CTO Quanticate Apache Projects 154 Top Level Projects 33 Incubating Projects 46 Content

548 views • 52 slides
Security best practices for Security best practices for Apache web services Apache web services

Security best practices for Security best practices for Apache web services Apache web services

Security best practices for Security best practices for Apache web services Apache web services Agenda Security Advisories @ Apache Issues associated with the advisory process Apache CXF advisories + lessons learned

394 views • 28 slides
Digital signing Digital signing an upcomming service for all apache projects Target of project:

Digital signing Digital signing an upcomming service for all apache projects Target of project:

Digital signing Digital signing an upcomming service for all apache projects Target of project: Use symantec as provider Infra-root as Enterprise Service Provider PMC as Software Publishers Provide signing for microsoft jani

359 views • 8 slides
The other Apache Technologies your Big Data solution needs! Nick Burch The Apache Software

The other Apache Technologies your Big Data solution needs! Nick Burch The Apache Software

The other Apache Technologies your Big Data solution needs! Nick Burch The Apache Software Foundation Apache T echnologies as in the ASF 91 T op Level Projects 59 Incubating Projects (74 past ones) Y is the only letter we lack

1.03k views • 65 slides
FAMP FreeBSD/Apache/MySQL/PHP zswu Computer Center, CS, NCTU Introduction Web service

FAMP FreeBSD/Apache/MySQL/PHP zswu Computer Center, CS, NCTU Introduction Web service

FAMP FreeBSD/Apache/MySQL/PHP zswu Computer Center, CS, NCTU Introduction Web service Apache GWS, Nginx, IIS SQL service MySQL, MariaDB MS SQL, Oracle DB, PostgreSQL NoSQL service MongoDB Web backend language

1.53k views • 57 slides
Apache Shiro - Executive Summary Apache Shiro is a powerful, easy-to-use Java Security

Apache Shiro - Executive Summary Apache Shiro is a powerful, easy-to-use Java Security

Christopher Lynch - CSCI 5448 Graduate Presentation Apache Shiro - Executive Summary Apache Shiro is a powerful, easy-to-use Java Security Framework with a goal to be more powerful and easier to use than the standard Java APIs. If you

348 views • 34 slides
Web Service development Talk Outline w ith Apache Axis2 and ODE Apache Axis2 Overview and

Web Service development Talk Outline w ith Apache Axis2 and ODE Apache Axis2 Overview and

Web Service development Talk Outline w ith Apache Axis2 and ODE Apache Axis2 Overview and Introduction Overview and Introduction Tutorial Installation & Administration Bottom up Web Service development and deployment B

361 views • 6 slides
InnerSource 101 and The Apache Way Jim Jagielski About Me Apache Software Foundation

InnerSource 101 and The Apache Way Jim Jagielski About Me Apache Software Foundation

InnerSource 101 and The Apache Way Jim Jagielski About Me Apache Software Foundation Co-founder, Director, Member and Developer Director Outercurve, MARSEC-XL, OSSI, OSI (ex) Developer Mega FOSS projects OReilly

574 views • 24 slides
Apache Security Secrets: Revealed! (Again!) for ApacheCon 2003, Las Vegas Mark J Cox revision 3

Apache Security Secrets: Revealed! (Again!) for ApacheCon 2003, Las Vegas Mark J Cox revision 3

Apache Security Secrets: Revealed! (Again!) for ApacheCon 2003, Las Vegas Mark J Cox revision 3 www.awe.com/mark/apcon2003 Apache Apache web server Powers over half of the Internet web server infrastructure Mature project, over 7

890 views • 53 slides
CSN09101 Networked Services Week 10: Using Apache Week 10: Using Apache Module Leader: Dr

CSN09101 Networked Services Week 10: Using Apache Week 10: Using Apache Module Leader: Dr

CSN09101 Networked Services Week 10: Using Apache Week 10: Using Apache Module Leader: Dr Gordon Russell Lecturers: G. Russell This lecture Apache Basic Authentication Log Analysis Security Issues Discussions

803 views • 51 slides
Apache Security Secrets: Revealed for ApacheCon 2002, Las Vegas Mark J Cox revision 1

Apache Security Secrets: Revealed for ApacheCon 2002, Las Vegas Mark J Cox revision 1

Apache Security Secrets: Revealed for ApacheCon 2002, Las Vegas Mark J Cox revision 1 www.awe.com/mark/apcon2002 Quick Introduction Who am I? Why do you care? What is Security Response Why do we need it? Red Hat, Apache,

551 views • 51 slides
Web Sever Security APACHE; MYSQL; NIKTO B Y : Y : M E G E G A N C U N C U T L E R E R A N

Web Sever Security APACHE; MYSQL; NIKTO B Y : Y : M E G E G A N C U N C U T L E R E R A N

Web Sever Security APACHE; MYSQL; NIKTO B Y : Y : M E G E G A N C U N C U T L E R E R A N A N D R I T I T I K A M A M O O R J A N A N I Introduction Topics Covered Security Checking using Nikto Dangers of Default

262 views • 22 slides
Apache Security - I m proving the security of your w eb server by breaking into it Sebastian

Apache Security - I m proving the security of your w eb server by breaking into it Sebastian

Risk Advisory Services Apache Security - I m proving the security of your w eb server by breaking into it Sebastian Wolfgarten, 21C3, December 2004 sebastian.wolfgarten@de.ey.com 1 Berlin, Germany - 29.12.2004 Agenda Preface

697 views • 41 slides
Apache Wicket Trifork Projects Copenhagen A/S Niels Sthen Hansen, nsh@trifork.com Claus

Apache Wicket Trifork Projects Copenhagen A/S Niels Sthen Hansen, nsh@trifork.com Claus

Apache Wicket Trifork Projects Copenhagen A/S Niels Sthen Hansen, nsh@trifork.com Claus Myglegaard Vagner, cmv@trifork.com Apache Wicket The Wicket approach Brief tour of key Wicket concepts Lots of code examples! Hello World'ish

567 views • 28 slides
Capstone Projects Capstone Projects A.K.A. Service Projects 1-888-SCOUTS-NOW | scouts.ca |

Capstone Projects Capstone Projects A.K.A. Service Projects 1-888-SCOUTS-NOW | scouts.ca |

Capstone Projects Capstone Projects A.K.A. Service Projects 1-888-SCOUTS-NOW | scouts.ca | 1-888-SCOUTS-OUI Objective Complete a challenging project that provides meaningful personal development for youth and makes a positive difference

676 views • 22 slides
Painless Applica,on Security Les Hazlewood Apache Shiro Project

Painless Applica,on Security Les Hazlewood Apache Shiro Project

Painless Applica,on Security Les Hazlewood Apache Shiro Project Chair CTO, Kataso5 Inc / CloudDirectory What is Apache Shiro? Applica>on security

628 views • 43 slides
The Cocoon Portal A portal solution and framework Carsten Ziegeler cziegeler@apache.org

The Cocoon Portal A portal solution and framework Carsten Ziegeler cziegeler@apache.org

The Cocoon Portal A portal solution and framework Carsten Ziegeler cziegeler@apache.org Competence Center Open Source S&N AG, Germany About Member of the Apache Software Foundation Committer in some Apache Projects Cocoon,

683 views • 49 slides
Secure Services with Apache CXF Andrei Shakirin, Talend ashakirin@talend.com

Secure Services with Apache CXF Andrei Shakirin, Talend ashakirin@talend.com

Karlsruher Entwicklertag 2014 Secure Services with Apache CXF Andrei Shakirin, Talend ashakirin@talend.com ashakirin.blogspot.com/ Agenda Introduction in Apache CXF Security Requirements Apply security features to CXF Services

930 views • 49 slides
Building High Performance Microservices with Apache Thrift Rethinking service APIs in a Cloud

Building High Performance Microservices with Apache Thrift Rethinking service APIs in a Cloud

Building High Performance Microservices with Apache Thrift Rethinking service APIs in a Cloud Native environment Presenters Randy Abernethy ra@apache.org, randy.abernethy@rx-m.com Apache Thrift PMC CNCF member RX-M Cloud

206 views • 16 slides
Security as an App and Security as a Service: New

Security as an App and Security as a Service: New

Security as an App and Security as a Service: New Killer Applica6ons for So9ware Defined Networking? Guofei Gu SUCCESS Lab, Texas A&M

447 views • 42 slides
What is CMP? Matchmaking service for mathematically oriented projects in other

What is CMP? Matchmaking service for mathematically oriented projects in other

What is CMP? Matchmaking service for mathematically oriented projects in other departments/industry. Hosts submit projects (but you can find your own). Projects listed on website in early January. Some bursary support for academic

234 views • 6 slides
Whats new in Cocoon? Carsten Ziegeler cziegeler@apache.org Competence Center Open Source

Whats new in Cocoon? Carsten Ziegeler cziegeler@apache.org Competence Center Open Source

Whats new in Cocoon? Carsten Ziegeler cziegeler@apache.org Competence Center Open Source S&N AG, Germany About Member of the Apache Software Foundation Committer in some Apache Projects Cocoon, Excalibur, Pluto, WSRP4J,

747 views • 46 slides
SERVICE ABOVE SELF SERVICE ABOVE SELF SERVICE ABOVE SELF SERVICE ABOVE SELF ROTARY DISTRICT

SERVICE ABOVE SELF SERVICE ABOVE SELF SERVICE ABOVE SELF SERVICE ABOVE SELF ROTARY DISTRICT

May 1, 2020 SERVICE ABOVE SELF SERVICE ABOVE SELF SERVICE ABOVE SELF SERVICE ABOVE SELF ROTARY DISTRICT 5870 CENTRAL TEXAS ZOOM SERIES #6 ACTION STEPS DAP Grants COVID-19 Response Submit final DAP REPORTS ASAP Options for CURRENT PROJECTS

482 views • 4 slides
2000 BOND Program Updates $110 M bond amount 82 COMPLETE Projects 3 ACTIVE Projects 10 M

2000 BOND Program Updates $110 M bond amount 82 COMPLETE Projects 3 ACTIVE Projects 10 M

2000 BOND Program Updates $110 M bond amount 82 COMPLETE Projects 3 ACTIVE Projects 10 M interest Civic Center Garage Elevator 155.5M other leveraged funds Randall Museum $275.5M Program - just 1.5% remains Fay House Stabilization San

300 views • 10 slides

More recommend