Licensing & Security SSO

Podcast Beta

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of the certificate described in the content?

To authenticate server identity

To encrypt website traffic

To manage domain access

To sign authentication tokens (correct)

Which command parameter is used to set the expiration date of the self-signed certificate?

-b

-sky

-e (correct)

-n

Where should the exported Personal Information Exchange (.pfx) file be stored?

@/Certificates/insiteidentity.pfx

@/Certificates/identity.pfx

@/App_Data/insiteidentity.pfx (correct)

@/App_Data/identity_certificate.pfx

Which authentication method requires the 'Allow Sign in with Facebook Account' setting to be enabled?

Facebook Signup and view all the answers

What is the purpose of the Windows Metadata URL setting?

To retrieve WsFederation metadata Signup and view all the answers

Which of the following is NOT a supported external authentication method mentioned?

Twitter Signup and view all the answers

What property is used to set the signing certificate in IdentityServerOptions?

SigningCertificate Signup and view all the answers

What information do you need to connect to Google for authentication?

Google Client ID and Google Client Secret Signup and view all the answers

What does the getAccessToken method in the Session service provide?

A bearer access token for future requests Signup and view all the answers

What role does the OWIN middleware play in the security architecture?

It validates requests and checks for bearer tokens Signup and view all the answers

Which line of code correctly demonstrates how user credentials are configured in the getAccessToken method?

var loginData = 'grant_type=password&username=' + userName + '&password=' + password; Signup and view all the answers

What is the purpose of the bearer token once it is issued to the client?

It must be included in all subsequent requests to the website Signup and view all the answers

Where does cookie authentication middleware take place in the security architecture?

In the OWIN workflows after calls reach IIS Signup and view all the answers

What is one necessity for the IdentityServerSkipUrlValidation setting in the appSettings.config file?

It must be set to true if the identity server is inactive Signup and view all the answers

What must be included in the headers when obtaining a bearer token in the getAccessToken method?

Authorization: Basic base64EncodedCredentials Signup and view all the answers

Which of the following is NOT part of the credentials sent during the token request?

Role Signup and view all the answers

Study Notes

Configured Commerce Security Architecture

Configured Commerce uses Identity Server and OWIN middleware to authenticate requests.
Identity Server validates username, password, and scope.
OWIN middleware sits between the Optimizely API and IIS, validating requests and using Identity Server token authentication to validate the bearer token.
Cookie authentication middleware takes place within IIS's OWIN workflows.

Obtaining a Bearer Token

The getAccessToken method in insite.session.service.ts retrieves a bearer token using a specified username and password.
The method sends a POST request to the token URI with encoded credentials and scope information.
The request includes a base64 encoded authorization header.

Sending a Bearer Token

The bearer token is attached to every request to the website by an interceptor.
The implementation for this can be found in insite.authenticationinterceptor.factory.ts.

Configuring appSettings

The following app settings are required in the appSettings.config file:
- IdentityServerUrl: URL of the identity server (defaults to websiteurl/identity).
- IdentityServerCertificatePassword: Password for the client certificate.
- IdentityServerSkipUrlValidation: Set to true if identity server is disabled.

Certificate Management

Identity server uses certificates to sign authentication tokens.
This certificate should be self-signed and different from the website's SSL certificate.
The certificate is set on the IdentityServerOptions using the SigningCertificate property.
A self-signed certificate can be created using the makecert command.
Once installed, the Personal Information Exchange (.pfx) file should be exported and stored at @"~\App_Data\insiteidentity.pfx."

External Authentication

Configured Commerce supports Windows, Google, and Facebook login.

Facebook Authentication

Enabled by toggling the "Allow Sign in with Facebook Account" setting to YES.
Requires the following credentials:
- Facebook App ID
- Facebook App Secret

Google Authentication

Enabled by toggling the "Allow Sign in with Google Account" setting to YES.
Requires the following credentials:
- Google Client ID
- Google Client Secret

Windows Authentication

Enabled by toggling the "Allow Sign in with Windows Account" setting to YES.
Additional settings control storefront and admin console use:
- "Use Windows Sign In on Storefront"
- "Use Windows Sign In on Admin Console"
The "Windows Metadata URL" setting stores the address to retrieve WsFederation metadata.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

This quiz covers key concepts surrounding the security architecture of Configured Commerce. Learn about the use of Identity Server and OWIN middleware for authentication, as well as how to obtain and send bearer tokens. Testing your understanding of these concepts will enhance your knowledge in modern web application security.