📥 Download PDF

Solving Identity Management in Modern Applications

by Yvonne Wilson, Abhishek Hingnikar

Cybersecurity

Book Details

Book Title

Solving Identity Management in Modern Applications: Demystifying OAuth 2, OpenID Connect, and SAML 2

Author

Yvonne Wilson, Abhishek Hingnikar

Publisher

Apress

Publication Date

2022

ISBN

9781484282601

Number of Pages

398

Language

English

Format

PDF

File Size

7.58MB

Subject

Identity and Access Management (IAM)

Contents
About the Authors
About the Technical Reviewers
Acknowledgments
Introduction
Chapter 1: The Hydra of Modern Identity
Identity Challenges
Objective
Sample Application
Design Questions
Summary
Notes
Chapter 2: The Life of an Identity
Terminology
Events in the Life of an Identity
Summary
Chapter 3: Evolution of Identity
Identity Management Approaches
Standard Protocols
Summary
Notes
Chapter 4: Identity Provisioning
Provisioning Options
Selecting an External Identity Service
Identity Provider Selection
Identity Proofing
Choosing and Validating Identity Attributes
Consent Management
Summary
Notes
Chapter 5: OAuth 2 and API Authorization
API Authorization
OAuth 2
Terminology
How It Works
Token Usage Guidance
Further Learning
Summary
Notes
Chapter 6: OpenID Connect
Problem to Solve
Terminology
How It Works
UserInfo Endpoint
Further Learning
Summary
Notes
Chapter 7: SAML 2
Problem to Solve
Terminology
How It Works
Identity Federation
Authentication Brokers
Configuration
Summary
Notes
Chapter 8: Authorization and Policy Enforcement
Authorization vs. Policy Enforcement
Levels of Authorization and Access Policy Enforcement
User vs. Application Authorization
Application Authorization
Authorization and Enforcement Extensions
Summary
Notes
Chapter 9: Sessions
Application Sessions
Identity Provider Sessions
Multiple Sessions
Session Duration
Session Renewal
Token Renewal
Reconstituted Sessions
Summary
Notes
Chapter 10: Using Modern Identity to Build Applications
Sample Application: Collaborative Text Editor
Design
Implementation: Front End
Implementation: Back-End API
Other Applications
Additional Note on Sessions
Browsers, Trackers, and OAuth 2
Summary
Notes
Chapter 11: Single Sign-On
What Is SSO?
How SSO Works
SSO Configuration
Summary
Notes
Chapter 12: Stronger Authentication
The Problem with Passwords
Stronger Forms of Authentication
Session Timeouts
Requesting Authentication Mechanisms
Step-Down Authentication
Deployment
Summary
Notes
Chapter 13: Logout
Multiple Sessions
Logout Triggers
Logout Options
Application Logout
OAuth 2
OIDC
SAML 2
Session Termination
Logout and Multilevel Authentication
Redirect After Logout
Summary
Notes
Chapter 14: Account Management
Identity Attributes
Credential Reset
Account Recovery
Password Guidance
Helpdesk Reset
Notification
Summary
Notes
Chapter 15: Deprovisioning
Account Termination
Best Practices
Summary
Notes
Chapter 16: Troubleshooting
Get Familiar with the Protocols
Prepare Your Tools
Check the Simple Things
Gather Information
Analyzing an HTTP/Network Trace
Collaborating with Others
Summary
Note
Chapter 17: Exceptions
Accounts
Identity Providers
System Outages
Cybersecurity Threats
Summary
Notes
Chapter 18: Less Common Requirements
People
Accounts
Environment
Summary
Chapter 19: Failures
Pay Attention to Process
Beware of Phishy Emails
Use Multi-factor Authentication
Stay on Top of Patches
Secure Your Cloud Storage
Encrypt Sensitive Data
Do Not Store Cleartext Passwords
Provide Security Training to Developers
Vet Your Partners
Insider Threat
Summary
Notes
Chapter 20: Compliance
What Is Compliance?
Why Compliance
Compliance Landscape
How to Proceed
Summary
Notes
Chapter 21: Looking into the Crystal Ball
Continued Security Challenges
More Targets
Identity – Not Just for Humans
On the Horizon
Lessons Learned
Summary
Notes
Chapter 22: Conclusion
Appendices
Appendix A: Glossary
Appendix B: Resources for Further Learning
Appendix C: SAML 2 Authentication Request and Response
Appendix D: Public Key Cryptography
Appendix E: Troubleshooting Tools
Appendix F: Privacy Legislation
Appendix G: Security Compliance Frameworks
Index