Gluu Blog

Follow us:
Back to Blog

Gluu OSCON Submission

Michael Schwartz January 30, 2014


Title: Meet OX : OAuth2 Authentication and API Security

Description (400 char): Provide a historical overview of domain authentication services like RADIUS, LDAP, Kerberos and PKI. Review SAML federation tools and rules. Technical deep dive into two profiles of OAuth2: OpenID Connect and UMA. The tutorial will demonstrate how to use OX to launch centralized domain authentication, SSO, and strong authentication. Integration will be shown for both Web and mobile applications.

Type: 3 hour tutorial

OX is an open source server that provides endpoints for the OpenID Connect and UMA profiles of OAuth2. It also provides a policy administration point to enable admins to manage trust with other domains. This tutorial will demystify centralized authentication, authorization, federation and session management for Web and mobile applications. It will also show how to use out-of-band mobile PUSH notifications to shore up password security.

OX has been leading the last two OpenID Connect interops. Results from Interop 4: Latest interim results from Interop 5:

Juju orchestration will make it even easier to deploy OX on Ubuntu: However, Red Hat and Centos users need not despair. As this tutorial will demonstrate, OX is not that hard to deploy, as described on the Wiki:

The tutorial will also review how to use Apache 2.4.6 as the OpenID Connect RP and the UMA client. The demo will also show how a native client, in this case a Python application, could use the OpenID Connect and UMA APIs to identify a person, and to authorize access to resources.

Finally, the tutorial will cover how to deploy oxPush : a lightweight server and Apache Cordova hybrid mobile application which enables a domain to use the Google or Apple mobile push networks to send a message to a trusted device. It’s one of the first open source mobile applications for strong authentication, and provides a good example of a two step authentication: (1) username / password; (2) a mobile push notification, prompting for approval.

Pre-Requisite Knowledge:
Nice to have : (1) Understanding of digital certificates (2) examples in Python

Be sure to subscibe to
our RSS Feed

Mike Schwartz

Mike has been an entrepreneur and identity specialist for more than two decades. He is the technical and business visionary behind Gluu. Mike is an application security expert and has been a featured speaker at RSA Conference, Gartner Catalyst, Cloud Identity Summity (now "Identiverse") and many other security conferences around the world.