extending a legacy platform providing a
play

Extending a Legacy Platform Providing a Minimalistic, Secure - PowerPoint PPT Presentation

Nov 04, 2023 •284 likes •488 views

Extending a Legacy Platform Providing a Minimalistic, Secure Single-Sign-On-Library 20/11/2015 Gschlberger/Gttfert 1 Introduction Research Studios Austria FG MicroLearning and Information Environments Bernhard Gschlberger

  1. Extending a Legacy Platform Providing a Minimalistic, Secure Single-Sign-On-Library 20/11/2015 Göschlberger/Göttfert 1

  2. Introduction • Research Studios Austria FG – MicroLearning and Information Environments • Bernhard Göschlberger – Research field: Technology Enhanced Learning • Sebastian Göttfert – Computer Science @JKU • Research Project: KnowledgeMgmt-Plattform – Extend existing plattform seamlessly 20/11/2015 Göschlberger/Göttfert 2

  3. Problem • Legacy system – 12.000 existing accounts – Continuous changes – Closed registration • Single Sign on – Use existing accounts – Authenticate users to third party apps 20/11/2015 Göschlberger/Göttfert 3

  4. Existing standards/solutions • Authorization: – OAuth 2.0 • Authentication: – SAML – OpenID Connect – JWT 20/11/2015 Göschlberger/Göttfert 4

  5. SAML – Security Assertion Markup Language • Identity Provider (IdP) – Issues Assertion • Digital Signature – Authentication and Message Integrity • Service Provider (SP) – Trusts IdP – Validates signature – Grants authorization based on Assertions 20/11/2015 Göschlberger/Göttfert 5

  6. JWT – JSON Web Tokens • Compact URL-save representation for claims • Self-contained – Header – Claim set – Signature • Less flexible but much simpler than SAML • Used by – OAuth 2.0 – OpenId Connect 20/11/2015 Göschlberger/Göttfert 6

  7. Standards Implementation • Service Provider: – Easy, cheap – Many frameworks and libraries • Identity Providers – Heavy weight – Complex – Full software solutions available • In general: – Standards try to cover (almost) every usecase – Tend to get complex and bulky 20/11/2015 Göschlberger/Göttfert 7

  8. Previous Approach • No single sign on • Authorization via Backend-Webservice: – Is this a valid user? • Problems: – Weak WS protection (static API key) – Password is sent in cleartext – Phishing (third party gets the password) 20/11/2015 Göschlberger/Göttfert 8

  9. Chosen Approach • Claim based – Authorisation – Authentication • Simple issuence by legacy system • Signed and encrypted • POST binding • Additional security on top of TLS 20/11/2015 Göschlberger/Göttfert 9

  10. Authentication flow 20/11/2015 Göschlberger/Göttfert 10

  11. First step – Service Provider I • Generate a random one-time secret for symmetric encryption (=nonce) – Nonce has to be attached to user session to detect replay attacks • Encrypt nonce and return-URL with Public Key of IDP – Only IDP should be able to decrypt this! • Outside library: Send nonce and return-URL to IDP 20/11/2015 Göschlberger/Göttfert 11

  12. First step – Service Provider II 20/11/2015 Göschlberger/Göttfert 12

  13. Second step – Identity Provider I • (Precondition: User has successfully logged in) • Decrypt nonce & return URL • Calculate signature of user info • Encrypt user info with nonce • Encrypt nonce with public key of SP • Outside library: Send signature, encrypted nonce and encrypted user info to the return URL 20/11/2015 Göschlberger/Göttfert 13

  14. Second step – Identity Provider II 20/11/2015 Göschlberger/Göttfert 14

  15. Third step – Service Provider I • Decrypt nonce – Equal to initial nonce? • Decrypt user info with nonce – Does user info meet the signature? 20/11/2015 Göschlberger/Göttfert 15

  16. Third step – Service Provider II 20/11/2015 Göschlberger/Göttfert 16

  17. Live demo http://localhost/deepsec/legacy 20/11/2015 Göschlberger/Göttfert 17

  18. Result & Conclusion • minSSO Library – IdP: 114 loc (92 sloc) – SP: 156 loc (129 sloc) – https://github.com/bgoeschi/minSSO • Conclusions – SSO doesn‘t need to be a hassle – Legacy system as IdP feasable 20/11/2015 Göschlberger/Göttfert 18

  19. Questions & Answers Any questions? 20/11/2015 Göschlberger/Göttfert 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Day 1 Summary 1 Extending the Web Platform to Automotive What considerations need to be

Day 1 Summary 1 Extending the Web Platform to Automotive What considerations need to be

Day 1 Summary 1 Extending the Web Platform to Automotive What considerations need to be addressed? Safety, liability, legislation, and technical considerations Situational awareness and safer driving Privacy of user data (and

153 views • 4 slides
MARK 10:1-31 SPIRITUAL LEGACY SPIRITUAL LEGACY Legacy in Marriage v. 1-12 Legacy in

MARK 10:1-31 SPIRITUAL LEGACY SPIRITUAL LEGACY Legacy in Marriage v. 1-12 Legacy in

MARK 10:1-31 SPIRITUAL LEGACY SPIRITUAL LEGACY Legacy in Marriage v. 1-12 Legacy in Children v. 13-16 Legacy in Eternity v. 17-31 LEGACY IN MARRIAGE 2 Schools of thought 1. Rabbi Sammai- Strict interpretation. Divorce only

775 views • 9 slides
Computational plasma physics extending legacy codes, computing functionals and other ideas

Computational plasma physics extending legacy codes, computing functionals and other ideas

Computational plasma physics extending legacy codes, computing functionals and other ideas Monash Workshop on and Applications 2020 Markus Hegland, ANU February 2020 computational plasma physics 1 / 40 Introduction Introduction

429 views • 40 slides
RE NET RE Agenda Extending OMNeT++ Towards a Platform for the Design of Future In-Vehicle

RE NET RE Agenda Extending OMNeT++ Towards a Platform for the Design of Future In-Vehicle

Extending OMNeT++ Towards a Platform for the Design of Future In-Vehicle Network Architectures Till Steinbach Philipp Meyer Stefan Buschmann Franz Korf Hamburg University of Applied Sciences philipp.meyer@haw-hamburg.de OMNeT++ Community

729 views • 27 slides
Legacy Yen Tu Live the legacy Deeply rooted in Vietnams history, the Tran dynastys legacy

Legacy Yen Tu Live the legacy Deeply rooted in Vietnams history, the Tran dynastys legacy

Legacy Yen Tu Live the legacy Deeply rooted in Vietnams history, the Tran dynastys legacy and the spirit of Truc Lam Yen Zen Buddhism, the Legacy Yen Tu is an inspiring journey into the past. It offers travelers a stay filled with storied

688 views • 32 slides
Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns

Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns

Outline Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns Directory Structure Extending ns in OTcl ns-allinone If you dont want to compile source your changes in your sim Tcl8.3 TK8.3

303 views • 9 slides
EXTENDING SPLUNK WITH GPUS Joshua Patterson @datametrician Keith Kraus @keithjkraus SPLUNK

EXTENDING SPLUNK WITH GPUS Joshua Patterson @datametrician Keith Kraus @keithjkraus SPLUNK

EXTENDING SPLUNK WITH GPUS Joshua Patterson @datametrician Keith Kraus @keithjkraus SPLUNK Industry leading machine data platform Splunk is a software platform to search, analyze, and visualize the machine-generated data gathered from the

705 views • 41 slides
Associated Lighting Representatives The Opticom Value GTT builds on a 40 year legacy of

Associated Lighting Representatives The Opticom Value GTT builds on a 40 year legacy of

Associated Lighting Representatives The Opticom Value GTT builds on a 40 year legacy of leadership in the priority control market, providing: Highly reliable, scalable, and proven designs Solid integration and interoperability track

831 views • 39 slides
L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L M E E T I N G 1 WELCOME The

L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L M E E T I N G 1 WELCOME The

L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L M E E T I N G 1 WELCOME The Legacy Residents Association was created for the homeowners of Legacy, with the intent of augmenting the lifestyle in Legacy. The goal is to create

1.18k views • 56 slides
L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L G E N E R A L M E E T I N G

L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L G E N E R A L M E E T I N G

L E G A C Y R E S I D E N T S A S S O C I A T I O N A N N U A L G E N E R A L M E E T I N G WELCOME The Legacy Residents Association was created for the homeowners of Legacy, with the intent of augmenting the lifestyle in Legacy. The goal

412 views • 40 slides
LEAVE A LEGACY Qubec And your legacy! What will it be? Action Plan 2010 LEAVE A LEGACY TM

LEAVE A LEGACY Qubec And your legacy! What will it be? Action Plan 2010 LEAVE A LEGACY TM

LEAVE A LEGACY Qubec And your legacy! What will it be? Action Plan 2010 LEAVE A LEGACY TM Qubec , is comprised of 163 charitable organizations that support its mission which is to encourage the population of Quebec to make a planned

312 views • 18 slides
Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com

Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com

Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com Case Study Migrating Legacy.com Jordan Ryan Product Owner Ankur Gupta Lead Developer Bassam Ismail Front-end Lakshmi Narasimhan RESTful

458 views • 45 slides
Extending the GC hardware Rob Reilink Extending the GC hardware Why? GC can be an embedded

Extending the GC hardware Rob Reilink Extending the GC hardware Why? GC can be an embedded

Extending the GC hardware Rob Reilink Extending the GC hardware Why? GC can be an embedded computer Home automation Cinema set Car Infotainment system ... But: Essential hardware lacks: Data storage (harddisk and/or flash)

221 views • 9 slides
Extending ns Padma Haldar USC/ISI 1 Outline Extending ns In OTcl In C++

Extending ns Padma Haldar USC/ISI 1 Outline Extending ns In OTcl In C++

Extending ns Padma Haldar USC/ISI 1 Outline Extending ns In OTcl In C++ Debugging 2 ns Directory Structure ns-allinone Tcl8.3 TK8.3 OTcl tclcl ns-2 nam-1 ... tcl C+ + code ex test mcast ... lib examples

965 views • 52 slides
EXTENDING ODF-FIELDS FOR SMART DOCUMENT PROCESSING WHAT ARE WE DOING? For over 25 years CIB has

EXTENDING ODF-FIELDS FOR SMART DOCUMENT PROCESSING WHAT ARE WE DOING? For over 25 years CIB has

EXTENDING ODF-FIELDS FOR SMART DOCUMENT PROCESSING WHAT ARE WE DOING? For over 25 years CIB has been successfully providing Document Lifecycle Management solutions. CIB software aids in all phases of the document lifecycle Consulting,

348 views • 15 slides
LEGACY/PACIFICSOURCE JOINT VENTURE George Brown, M.D. President and CEO, Legacy Health Systems

LEGACY/PACIFICSOURCE JOINT VENTURE George Brown, M.D. President and CEO, Legacy Health Systems

LEGACY/PACIFICSOURCE JOINT VENTURE George Brown, M.D. President and CEO, Legacy Health Systems I. Legacy Outline I. Legacy a) Mission and History b) People, Services, and Locations c) Financial Strength II. Partnership a)

603 views • 26 slides
The Security State of Open Source PHP Applications Dr. Johannes Dahse, RIPS Technologies GmbH

The Security State of Open Source PHP Applications Dr. Johannes Dahse, RIPS Technologies GmbH

The Security State of Open Source PHP Applications Dr. Johannes Dahse, RIPS Technologies GmbH Introduction About Johannes Dahse Master IT Security at RUB, Germany (2006 - 2012) Capture The Flag (CTF) Contests Security Consultant

673 views • 64 slides
Hardware Acceleration: An Essential Part of Cyber Security in High-Speed Networks Ji

Hardware Acceleration: An Essential Part of Cyber Security in High-Speed Networks Ji

Hardware Acceleration: An Essential Part of Cyber Security in High-Speed Networks Ji Novotn Pavel eleda Radek Krej novotny@ics.muni.cz celeda@ics.muni.cz krejci@liberouter.org DeepSec In-Depth Security Conference 2010

652 views • 52 slides
Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and

Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and

Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and Stephen Remias COMPASS Lab Wayne State University DIMVA, June 19, 2019 Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 1

952 views • 53 slides
SCADA Hacking Clear and Present Danger ITAC 2014 02 Oct 2014 Presen sented ed b by:

SCADA Hacking Clear and Present Danger ITAC 2014 02 Oct 2014 Presen sented ed b by:

SCADA Hacking Clear and Present Danger ITAC 2014 02 Oct 2014 Presen sented ed b by: Francis Brown Bishop Fox, LLC www.bishopfox.com Agenda O V E R V I E W Introd oduction on/B /Bac ackgr grou ound Target eting ng S

892 views • 64 slides
The Opportunity in Front of Us Marc Rowan Co-Founder and Senior Managing Director September

The Opportunity in Front of Us Marc Rowan Co-Founder and Senior Managing Director September

Strictly Confidential The Opportunity in Front of Us Marc Rowan Co-Founder and Senior Managing Director September 12, 2011 It should not be assumed that investments made in the future will be profitable or will equal the performance of the

447 views • 25 slides
Verizon Transactions Conference Call Lowell McAdam Chairman and CEO Fran Shammo Chief

Verizon Transactions Conference Call Lowell McAdam Chairman and CEO Fran Shammo Chief

VlpHU09DSUQyMDE0UTM Verizon Transactions Conference Call Lowell McAdam Chairman and CEO Fran Shammo Chief Financial Officer February 5, 2015 VlpHU09DSUQyMDE0UTM= Safe Harbor Statement NOTE: In this presentation we have made

397 views • 10 slides
Supertex, Inc. (Name of Registrant as Specified In Its Charter) Microchip Technology Incorporated

Supertex, Inc. (Name of Registrant as Specified In Its Charter) Microchip Technology Incorporated

UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 SCHEDULE 14A Proxy Statement Pursuant to Section 14(a) of the Securities Exchange Act of 1934 Filed by the Registrant Filed by a Party other than the Registrant Check

376 views • 9 slides
Third Quarter 2016 Earnings Call November 3, 2016 Dis iscla laim imers Non on-GAAP P

Third Quarter 2016 Earnings Call November 3, 2016 Dis iscla laim imers Non on-GAAP P

Third Quarter 2016 Earnings Call November 3, 2016 Dis iscla laim imers Non on-GAAP P Fina nancial Mea easures To supplement Bats consolidated financial statements prepared in accordance with accounting principles generally accepted

499 views • 26 slides

More recommend