Licensing & Security	SSO
16 Questions
3 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of the certificate described in the content?

  • To authenticate server identity
  • To encrypt website traffic
  • To manage domain access
  • To sign authentication tokens (correct)
  • Which command parameter is used to set the expiration date of the self-signed certificate?

  • -b
  • -sky
  • -e (correct)
  • -n
  • Where should the exported Personal Information Exchange (.pfx) file be stored?

  • @/Certificates/insiteidentity.pfx
  • @/Certificates/identity.pfx
  • @/App_Data/insiteidentity.pfx (correct)
  • @/App_Data/identity_certificate.pfx
  • Which authentication method requires the 'Allow Sign in with Facebook Account' setting to be enabled?

    <p>Facebook</p> Signup and view all the answers

    What is the purpose of the Windows Metadata URL setting?

    <p>To retrieve WsFederation metadata</p> Signup and view all the answers

    Which of the following is NOT a supported external authentication method mentioned?

    <p>Twitter</p> Signup and view all the answers

    What property is used to set the signing certificate in IdentityServerOptions?

    <p>SigningCertificate</p> Signup and view all the answers

    What information do you need to connect to Google for authentication?

    <p>Google Client ID and Google Client Secret</p> Signup and view all the answers

    What does the getAccessToken method in the Session service provide?

    <p>A bearer access token for future requests</p> Signup and view all the answers

    What role does the OWIN middleware play in the security architecture?

    <p>It validates requests and checks for bearer tokens</p> Signup and view all the answers

    Which line of code correctly demonstrates how user credentials are configured in the getAccessToken method?

    <p>var loginData = 'grant_type=password&amp;username=' + userName + '&amp;password=' + password;</p> Signup and view all the answers

    What is the purpose of the bearer token once it is issued to the client?

    <p>It must be included in all subsequent requests to the website</p> Signup and view all the answers

    Where does cookie authentication middleware take place in the security architecture?

    <p>In the OWIN workflows after calls reach IIS</p> Signup and view all the answers

    What is one necessity for the IdentityServerSkipUrlValidation setting in the appSettings.config file?

    <p>It must be set to true if the identity server is inactive</p> Signup and view all the answers

    What must be included in the headers when obtaining a bearer token in the getAccessToken method?

    <p>Authorization: Basic base64EncodedCredentials</p> Signup and view all the answers

    Which of the following is NOT part of the credentials sent during the token request?

    <p>Role</p> Signup and view all the answers

    Study Notes

    Configured Commerce Security Architecture

    • Configured Commerce uses Identity Server and OWIN middleware to authenticate requests.
    • Identity Server validates username, password, and scope.
    • OWIN middleware sits between the Optimizely API and IIS, validating requests and using Identity Server token authentication to validate the bearer token.
    • Cookie authentication middleware takes place within IIS's OWIN workflows.

    Obtaining a Bearer Token

    • The getAccessToken method in insite.session.service.ts retrieves a bearer token using a specified username and password.
    • The method sends a POST request to the token URI with encoded credentials and scope information.
    • The request includes a base64 encoded authorization header.

    Sending a Bearer Token

    • The bearer token is attached to every request to the website by an interceptor.
    • The implementation for this can be found in insite.authenticationinterceptor.factory.ts.

    Configuring appSettings

    • The following app settings are required in the appSettings.config file:
      • IdentityServerUrl: URL of the identity server (defaults to websiteurl/identity).
      • IdentityServerCertificatePassword: Password for the client certificate.
      • IdentityServerSkipUrlValidation: Set to true if identity server is disabled.

    Certificate Management

    • Identity server uses certificates to sign authentication tokens.
    • This certificate should be self-signed and different from the website's SSL certificate.
    • The certificate is set on the IdentityServerOptions using the SigningCertificate property.
    • A self-signed certificate can be created using the makecert command.
    • Once installed, the Personal Information Exchange (.pfx) file should be exported and stored at @"~\App_Data\insiteidentity.pfx."

    External Authentication

    • Configured Commerce supports Windows, Google, and Facebook login.

    Facebook Authentication

    • Enabled by toggling the "Allow Sign in with Facebook Account" setting to YES.
    • Requires the following credentials:
      • Facebook App ID
      • Facebook App Secret

    Google Authentication

    • Enabled by toggling the "Allow Sign in with Google Account" setting to YES.
    • Requires the following credentials:
      • Google Client ID
      • Google Client Secret

    Windows Authentication

    • Enabled by toggling the "Allow Sign in with Windows Account" setting to YES.
    • Additional settings control storefront and admin console use:
      • "Use Windows Sign In on Storefront"
      • "Use Windows Sign In on Admin Console"
    • The "Windows Metadata URL" setting stores the address to retrieve WsFederation metadata.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Licensing & Security - SSO PDF

    Description

    This quiz covers key concepts surrounding the security architecture of Configured Commerce. Learn about the use of Identity Server and OWIN middleware for authentication, as well as how to obtain and send bearer tokens. Testing your understanding of these concepts will enhance your knowledge in modern web application security.

    More Like This

    Use Quizgecko on...
    Browser
    Browser