OAuth protocol for CERN Web Applications

Project Specification

The CERN Authentication service has recently increased his offer of SSO protocols/frameworks with OAuth2 standard. The purpose of the work is to explain the need for an authorization standard and explain how does OAuth2 protocol addresses our requirements.

OAuth is an open standard for authorization which provides a secure access to server resources that belongs to a user. As a wide known and relatively new standard (2012) is used by big players in the industry and is compatible and designed to work with different types of clients including native and web applications.

The aim of this project is to study how CERN Web applications can make use of OAuth 2.0 protocol and compare it with the current standard SAML2. Moreover investigate how OAuth 2.0 protocol works with Single Sign-On and integrate this solution into current infrastructure at CERN.

Abstract

The purpose of this report is to document the project that I was working on during openlab summer student program in IT-DB-IMS section.

In the first chapter of this paper you can find introduction into the project. In this part I have explained what is Single Sign-On and how it works as well as listed all the use cases for authorization protocols at CERN. In the next chapter you will find project overview with the explanation of two protocols and comparison of them. SAML2 is an authorization protocol widely used at CERN and OAuth2 is the subject of the project. In system analysis chapter, all the scenarios for OAuth2 protocol have been presented. In the next section you will find three different approaches that I have implemented to test OAuth2 protocol. Last two parts of the report are conclusions and future work.