Recipe for a Reverse Proxy using SAML and UMA - PowerPoint PPT Presentation

About This Presentation
Title:

Recipe for a Reverse Proxy using SAML and UMA

Description:

We at Gluu have been working on a solution for a healthcare SaaS provider for a “reverse proxy” to help them migrate from a home grown web access management solution. – PowerPoint PPT presentation

Number of Views:250

less

Transcript and Presenter's Notes

Title: Recipe for a Reverse Proxy using SAML and UMA


1
Recipe for a Reverse Proxy using SAML and UMA
  • We at Gluu have been working on a solution for a
    healthcare SaaS provider for a reverse proxy to
    help them migrate from a home grown web access
    management solution. The driver for the
    integration was supporting an important customer
    who required SAML authentication. However, SAML
    was not enough. The SaaS provider used the proxy
    as the policy enforcement point to ensure data
    privacy for their multi-tenant system. So the
    reverse proxy had to enforce URL access control,
    not just enforce that all users were
    authenticated.
  •  
  • I admit, it seems a little weird to use SAML and
    UMA together.
  •  
  • One of my questions about this solution is how
    the OX Authorization Server (AS) will be able to
    make polcies based on user claims (attributes
    in SAML jargon). How would the AS even get the
    attributes? Another bothersome question, if the
    Person is using a SAML IDP, where is the UMA
    Relying Party (i.e. the client). The solution we
    derived was to build a proxy application that
    acts as the Relying Party, and passes the user
    attributes in the HTTP Request.
  •  

2
Of course, we dont want to write any SAML code,
so we actually use the Shibboleth SAML SP and
Apache to handle the authentication and SAML
attribute request. If you think about the
flow   http//example.com gt Shib
authentication   http//example.com/oxProx gt
Oauth2 session established web access management
solution http//example.com/oxProx/App1 gt UMA
policy enforcement via the Resource Server   The
AS could also handle enrollment of new users
for just-in-time provisioning.   Article
Resource-http//gluu.jimdo.com/gluu-blog/recipe-f
or-a-reverse-proxy-using-saml-and-uma/
Write a Comment
User Comments (0)
About PowerShow.com