Security¶
SSO¶
Service Provider¶
SAML Protocol¶
- Security Assertion Markup Language
- What problems does it solve?
- Having to maintain duplicate credentials
- Having to maintain the same user information per app
- Users having to login in each time to access apps that belong to the same organization
OAuth Protocol¶
- What problems does it solve?
Shibboleth (Shi-buh-leth🔉)¶
https://www.shibboleth.net/index/intermediate/
Session/Cookie vs JWT¶
Terminology¶
- IdP - Organization that maintains a list of users
- SSO
- Service Provider - The application that has the content the user wants
- Federated SSO - System where the SP and IdP are NOT in the same organization. As in, a given SP may wish to work with more than one IdP. Likewise, a given IdP might wish to work with multiple SPs. When a group of Identity and Service Providers agree to work together, this group is called a federation.
- Embedded Discory Server - give a web interface for a user to select with IdP they will use when accessing a SP. This product is co-installed with a serice provider.
Questions * JWT vs Outh2 * what does it mean for something to be url encoded * XSS attack * CSRF
Tools¶
- BlazeMeter Extension
- Fiddler Desktop software
- Saml Scanner Extension
- Jmeter jar
Last update: October 13, 2020