Description (400 char): Provide a historical overview of domain authentication services like RADIUS, LDAP, Kerberos and PKI. Review federation SAML tools and rules. Technical deep dive into two profiles of OAuth2: OpenID Connect and UMA. The tutorial will demonstrate how to use OX to launch centralized domain authentication, SSO, and strong authentication. Integration will be shown for both Web and mobile applications.
Type: 3 hour tutorial
OX is an open source server that provides endpoints for the OpenID Connect and UMA profiles of OAuth2. It also provides a policy administration point to enable admins to manage trust with other domains. This tutorial will demystify centralized authentication, authorization, federation ,web access management and mobile applications. It will also show how to use out-of-band mobile PUSH notifications to shore up password security.
OX has been leading the last two OpenID Connect interops. Red Hat and Centos users need not despair. As this tutorial will demonstrate, OX is not that hard to deploy, as described on the Wiki .The tutorial will also review how to use Apache 2.4.6 as the OpenID Connect RP and the UMA client. The demo will also show how a native client, in this case a Python application, could use the OpenID Connect and UMA APIs to identify a person, and to authorize access to resources.
Finally, the tutorial will cover how to deploy oxPush ip2d a lightweight server and Apache Cordova hybrid mobile application which enables a domain to use the Google or Apple mobile push networks to send a message to a trusted device. It’s one of the first open source mobile applications for strong authentication, and provides a good example of a two step authentication: (1) username / password; (2) a mobile push notification, prompting for approval.