Qy/OakCloud提供与oauth2集成安全认证和授权

2017-11-13 14:13| 发布者: andy| 查看: 163| 评论: 0

摘要: The open industrial standard OAuth2 is now available for all ownCloud users. OAuth2 ensures a secure and simplified login process for ownCloud clients, as well as a significantly higher security level ...


The open industrial standard OAuth2 is now available for all ownCloud users. OAuth2 ensures a secure and simplified login process for ownCloud clients, as well as a significantly higher security level when embedding ownCloud into third party applications and web services. Due to the future integration, there is no need to store passwords in ownCloud desktop clients or ownCloud mobile apps for iOS and Android; the clients are instead authenticated in the automatically started web browser by entering a username and password. The corresponding client subsequently receives a unique access token, which together with the OAuth2 protocol, authorizes the login. The protocol is being used for all future connections to the ownCloud server. The ownCloud clients, as well as other third party web applications, will never see, nor store, the login credentials.

The usage of different access tokens for each client allows users to end their sessions selectively. Because the access-token is generated for each device and each application individually, users can check their authorised clients in their personal settings and revoke individual tokens. This comes in handy, especially when a device has been lost. The user now has more control and can simultaneously raise the access security.

The server-sided authentication facilitates the integration of identity management services (z.B. SAML/SSO) because clients only need to be authenticated though the server. The integration of other authentication protocols, such as CAS, within ownCloud will also take place entirely on the server. The clients are independently authenticated  by OAuth2.

This new development is the result of a community-project from a group of students at the University of Münster for the education-platform Sciebo@Learnweb. The goal was to have ownCloud integrated in the education-platform Moodle (https://pssl16.github.io/). The initial development was then adopted by ownCloud developers and further developed for professional use.

.OAuth2 is Available for the Following Platforms From Now On or Coming Soon:
.OAuth2 v0.2 server-side (needs minimum ownCloud Server 10.0.3) is available on the ownCloud Marketplace (https://marketplace.owncloud.com/apps/oauth2)
.ownCloud Android App 2.5.0 with OAuth2-Support is available in the PlayStore (https://play.google.com/store/apps/details?id=com.owncloud.android )
.ownCloud iOS App 3.7.0 with OAuth2-Support is planned to release in the beginning of November 2017
.ownCloud Desktop client 2.4.0 with OAuth2-Support, is planned for the beginning of November 2017. The Alpha Version already available (https://central.owncloud.org/t/desktop-client-2-4-0-alpha1-released/9837 )

Overview on the Secure Authentication and Authorisation Process with OAuth2 using the ownCloud Desktop Clients:

The user opens the newly installed desktop-client and calls the ownCloud-address (URL).
In the browser the user opens the login page. The authenticity of the login page can be verified by the user with the regular browser features.
Now the login credentials can be entered (authentication) and the application is authorised.
The ownCloud Server transmits the individual tokens (access & refresh) to the client.
The client is now completely authorised and ready.

开放的工业标准oauth2现在可用于所有用户的云。oauth2确保安全和云客户简化登录过程,以及作为一个显着较高的安全水平时,嵌入ownCloud到第三方应用程序和Web服务。由于未来的集成,不需要存储在云桌面客户端或ownCloud为iOS和Android移动应用程序;客户是不是认证的自动启动Web浏览器,通过输入用户名和密码。相应的客户端随后接收到一个独特的访问令牌,连同oauth2协议,授权登录。该协议是用于未来所有连接到云服务器。云的客户,以及其他第三方的Web应用程序,将永远看不到,也没有商店,登录凭据。

为每个客户端使用不同的访问令牌允许用户选择性地结束会话。由于每个设备和每个应用程序都单独生成访问令牌,用户可以在其个人设置中检查其授权客户机并撤消单个令牌。这很方便,特别是当设备丢失的时候。用户现在拥有更多的控制权,可以同时提高访问安全性。

服务器方面的认证有助于身份管理服务集成(例如SAML/SSO)因为客户只需要通过服务器认证。其他认证协议的集成,如CAS在ownCloud也将发生完全在服务器上。客户通过oauth2独立认证。

这一新的发展的结果是一个社区项目从一组学生在大学我ü明斯特的教育平台sciebo @ learnweb。目标是有云集成在教育平台Moodle(https://pssl16。GitHub。IO /)。最初的发展是通过ownCloud开发商采取进一步发展专业使用。

.OAuth2 is Available for the Following Platforms From Now On or Coming Soon:
.OAuth2 v0.2 server-side (needs minimum ownCloud Server 10.0.3) is available on the ownCloud Marketplace (https://marketplace.owncloud.com/apps/oauth2)
.ownCloud Android App 2.5.0 with OAuth2-Support is available in the PlayStore (https://play.google.com/store/apps/details?id=com.owncloud.android )
.ownCloud iOS App 3.7.0 with OAuth2-Support is planned to release in the beginning of November 2017
.ownCloud Desktop client 2.4.0 with OAuth2-Support, is planned for the beginning of November 2017. The Alpha Version already available (https://central.owncloud.org/t/desktop-client-2-4-0-alpha1-released/9837 )

在安全认证和授权使用云桌面客户端oauth2过程概述:

The user opens the newly installed desktop-client and calls the ownCloud-address (URL).
In the browser the user opens the login page. The authenticity of the login page can be verified by the user with the regular browser features.
Now the login credentials can be entered (authentication) and the application is authorised.
The ownCloud Server transmits the individual tokens (access & refresh) to the client.
The client is now completely authorised and ready.


吃惊

伤心

期待


最新评论

相关分类

 
QQ在线咨询
售前咨询热线
13435808100
售后服务热线
13435808100
返回顶部