Please enable JavaScript.
Coggle requires JavaScript to display documents.
PREDIX Security (UAA (User Account and Authentication) (Security Service…
PREDIX Security
UAA (User Account and Authentication)
Security Service
User Account Management
Authentication
Authorization
Multi Tenant
Federated Identity
JWT (JSON Web Token)
Definition
JSON Object
Securely transmitting information between applications
Open standard
Structure
Header
The type of the token
The hashing algorithm
Payload (Body)
User's
metadata
Signature
Digital Signed
Features
Identity management through SCIM APIs
SCIM (Simple Cloud Identity Management)
Reduce cost and complexity
of user management operation by providing a
common user schema
and
extension model
Manage user identity
in
cloud based
applications and services easier
A complete OAuth 2.0 authorization server
OAuth2
Roles
Server
Authorization Server
Hold the information of resource owner
Resource Server
Authorization
Authentication
Issuing Token
Client
Web-service or application that need to access protected resource of resource owner
Resource Owner
The user whose data stored at the server
Architecture
Login and logout services for UAA authentication
SAML federation capabilities to meet third-party SAML identity provider requirements
Authorization Grant
Authorization Code
Used with
server-side
application
Implicit
Used with
Mobile Apps
or
Web Applications
Resource Owner Password Credentials
Used with
trusted
Applications
Client Credentials
Used with
Applications API access
Bind your UAA service instance
Install the UAA CLI
Create your UAA instance
Bind the UAAC instance to your application
UAA Deployment Architecture
Local identity
management in the UAA
Federated identity
(UAA
integrated
) management
Federated identity
management with
additional identity management
using UAA
UAA Dashboard tasks
View, Create, and Manage Clients
View, Create, and Manage User and Groups
Manage SSO configuration with SAML or OpenID Connect (OIDC) identity providers
Add and Manage Password Policies
ACS (Access Control Service)
Overview
Add granular authorization mechanisms to access web applications and services without having to add complex authorization logic to their code
Work in conjunction with the UAA
Components
Attribute Management
Assign user/resource attributes
CRUD for user and resource attributes
Policy Management
Set access control policies
CRUD for application policies
Policy Evaluation
Permit/Deny user and resource security context
Policy evaluation (such as access control) request for an OAuth client
Authorize Using ACS
Create an ACS instance
Bind your Application to the ACS instance
Update an OAuth2 client to work with ACS
Target your UAA instance URL
Login as the administration client
Update the OAuth2 client with
Original authorities
Client authorities required for ACS
Admin authorities zones
Env variable oauth-scope