Certificate Based Authentication in a Cloud Native Environment - a Migration Journey from Handcrafted XML Signing to OpenID Connect

During this best practice session we will present you with hands-on experience from one of our financial services industry customers.

The company used a handcrafted xml signature mechanism to authenticate their business partners when initiating machine-to-machine communication to exchange data between data centers. When the customer decided to migrate to REST APIs in a cloud native setup, the existing mechanism was no longer fit for purpose. Together, we designed a solution to keep the benefits of certificate based authentication while establishing an interaction model conforming to the OpenID Connect standard. We implemented the mechanism based on the open source software Keycloak, successfully passed an external penetration test and have to this point authenticated hundres of thousands of sessions. After our session, attendees will

• be familiar with standard conforming approaches to use OpenID Connect with certificates for authentication
• be able to assess which parts of their authentication flow will benefit from using certificates
• know relevant open source technologies and technical approaches to use in their own implementations
• understand common pitfalls and relevant considerations when implementing the standards in a real-world, cloud based scenario