34 lines
1.3 KiB
Org Mode
34 lines
1.3 KiB
Org Mode
|
:PROPERTIES:
|
||
|
|
:ID: 83380ee8-f90a-41e0-955f-473b81a043d0
|
||
|
|
:END:
|
||
|
|
#+title: Cisco Staging Environment Presentation
|
||
|
|
#+Author: Yann Esposito
|
||
|
|
#+Date: [2023-10-18]
|
||
|
|
|
||
|
|
- tags :: [[id:ce893df9-32a4-44e0-9eb5-b9817141ee6a][cisco]]
|
||
|
|
- related :: [[id:c33df84f-9b64-47a8-b716-fcadc0ec4f8c][Cisco Staging Environment Doc]]
|
||
|
|
* Short History
|
||
|
|
|
||
|
|
1. Environment deployment was always a 3rd class citizen.
|
||
|
|
2. Node administration was always a 2nd class citizen, we had to build that ourselves
|
||
|
|
in the middle of feature work.
|
||
|
|
3. 1st class citizen: "Integration" (make a Platform)
|
||
|
|
1. Login
|
||
|
|
+ Use external IdP for user management (first without internal user DB)
|
||
|
|
- supported SAML (deprecated now)
|
||
|
|
- support OpenID Connect (as client)
|
||
|
|
2. Share tokens
|
||
|
|
+ OAuth2 Client Credential Grant. (One client per user)
|
||
|
|
+ OAuth2 Authorization Code Grant. (One client per integration and
|
||
|
|
multiple users, need a dedicated URL)
|
||
|
|
+ OAuth2 device grant. (One client per integration and multiple users, no
|
||
|
|
dedicated URL)
|
||
|
|
3. Share Identity
|
||
|
|
+ OpenID Connect Provider
|
||
|
|
4. Use external APIs
|
||
|
|
+ Modules:
|
||
|
|
+ module-record (backend used)
|
||
|
|
+ module-type (one by integration, one for VirusTotal, Crowdstrike, etc…)
|
||
|
|
+ module-instance (one by org)
|
||
|
|
* Demo ~config.edn~
|