Restcomm in an oauth environment
15
turns OAuth! author: Orestis Tsakiridis
-
Upload
telestax -
Category
Technology
-
view
252 -
download
4
Transcript of Restcomm in an oauth environment
turns OAuth!
author: Orestis Tsakiridis
What is it all about ?
Restcomm authentication & authorization implementation and workflows change.
Use of standardized Oauth 2.0 and OpenId Connect 1.0 protocols.
Traditional password authentication stays but only for compatibility with Restcomm REST API.
JBoss Keycloak implementation.
The protocols
Oauth 2.0
OpenID Connect 1.0
Restcomm Identity Architecture
What’s new ?
Instance bootstrapping needed
Instance registration
User migration
Two paths available
restcomm.conf
Administration Console (AdminUI)
Accounts & Users
Introduced User concept
Account-to-User linking
Dual authorization
Profile UI
Instance registration - I
Instance registration - II
#/profile
Deployment
Three options available
1. Restcomm / cloud authorization server
quickly get up’n’running
use of central user repository, integration with Application Store ootb
2. Restcomm / own authorization server
keep user accounts
works offline
needs auth server setup
3. Headless Restcomm
no auth server needed, no oauth protocol support
REST API available
no UI offered (forget about AdminUI and RVD)
authorization still in place through locally stored Account tokens
Benefits
SSO user experience
Administration console
RVD
Application Store [...]
Third party applications [...]
Security
Credentials only sent to authorization server
External identity providers - extendable architecture
Use existing Social networks like Twitter, Google or Facebook
Implement your own provider using SAML 2.0 or OpenID Connect 1.0 protocols and use existing user database
Expose Restcomm API in an oauth'ish way
Third party developers can easily build service oriented applications that use Restcomm API
Authorization using tokens, not actual credentials
Drawbacks
More complex workflows and topology
For deployment option 2
More resources: +1 machine for auth server
Additional setup needed
Where do we stand ?
Oauth workflows implemented and supported for Restcomm applications (REST API, RVD, AdminUI) ✔
Dual authorization ✔
Account linking ✔
Automatic migration from older versions - Almost there
What comes next ?
Support for all deployment options (1,2,3)
Official restcomm release using Oauth enabled codebase (2016 Q1)
Better RAS integration. Authentication on official Restcomm authorization server.
External identity provider support. Social networks, Google, Facebook, Custom etc.
Questions ?
Thank you!Orestis Tsakiridis <[email protected]>
