Hi Abilashini, Are you using JSON-based identity tokens ? Then you need to maintain proper encryption for that.
On Thu, Aug 25, 2016 at 6:28 PM, Abilashini Thiyagarajah < [email protected]> wrote: > Hi, > > > OpenID Connect is an authentication layer on top of OAuth 2.0 protocol > which is becoming more popular to be used. The idea of this project is to > implement a valve for WSO2 AS which supports OpenID Connect based Single > Sign On (SSO). The valve will be implemented as a global level Tomcat > Valve. > > Following diagram explains the flow of Authorization code which is a type > of openID connect. > > > Parameters of the flow, > > Authentication Request > > scope, response_type, client_id, redirect_uri, state > > Authentication Response > > code, state > > If failed : error, state > > Token Request > > grand_type, code, redirect_uri, client_id > > Token Response > > access_token, token_type, expires_in, id_token > > If failed : error > > UserInfo Request > > access_token > > > Description on the flow of the openID connect, > > When a user tries to access a webapp, the flow will be initiated. > > The request will be intercepted by the valve. > > If the web app has configured OpenID Connect, then, > > 1. > > The valve sends an Authentication Request to the Authorization Server > by doing redirect via browser. > 2. > > Authorization server will authenticates the user. > 3. > > Authorization server obtains the authorization permission from the > user. > 4. > > Authorization server sends the Authentication response to the web app > via browser and it will be intercepted by the valve. > 5. > > Valve sends a token request to the Token Endpoint at Authorization > server using the HTTP POST method and form serialization. > 6. > > Token Endpoint sends Token Response for the request. > 7. > > Valve sends UserInfo Request to the UserInfo Endpoint at Authorization > Server. > 8. > > UserInfo Endpoint sends UserInfo Response. > 9. > > Finally the request will be sent to the webapp which was initially > accessed. > > > Functionalities of the Valve : > > > 1. > > Send Authentication Request. > 2. > > Validate the Authentication Response. > 3. > > Send Token Request. > 4. > > Validate the Token Response. > 5. > > Send UserInfo Request of scope/claim by sending the access token. > 6. > > Should support SLO > 7. > > Generic error handling should be done by the valve. > 8. > > When a user initiates a request, it should check whether the web app > is configured as OpenID Connect SSO then check whether it has an > authenticated session then it should do the redirection. > 9. > > It should keep the user informations of each request as a model object > in the request session. > > > > -- > T. Abilashini > Intern > Software Engineering > WSO2 Inc. http://wso2.com/ > Phone +94 719248432 > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thank You, Best Regards, Sidath Weerasinghe *Intern* *WSO2, Inc. * *lean . enterprise . middleware * *Mobile: +94719802550* *Email: *[email protected] Blog: https://medium.com/@sidath Linkedin: https://lk.linkedin.com/in/sidathweerasinghe
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
