SlideShare a Scribd company logo

SSO To go

Marcus Deglos
Marcus Deglos
1 of 17
Download to read offline
SSO  To  Go   A  ramble  along  the  pathways  of   Single  Sign  On  modules:  increasing   security  and  simplifying  user  sign-­‐up.   Marcus  Deglos   @manarth   hAp://deglos.com/  
Is  SSO  about?   High-­‐tech  security?   Generic  enterprise  image  
Usability   AAracFng   new  users   SSO   and   IdenFty   Management   Security  
Usability  and  Drupal.org   api.drupal.org   drupal.org   groups.drupal.org  
Bakery:  a  shared  cookie  soluFon   example.com   foo.example.com   POST   SET  COOKIE   -­‐  username   Chocolate  chip   -­‐  password  
Bakery:  a  shared  cookie  soluFon   example.com   foo.example.com   Request  a/c   HTTP  request   COOKIE   Chocolate  chip  
Bakery:  a  shared  cookie  soluFon   Responds  with   example.com   a/c  details   foo.example.com   Request  a/c   HTTP  request   COOKIE   Logged  in   Chocolate  chip  
Bakery  is  good  for:   BeAer  usability  with:    MulFple  Drupal  sites    Same  domain    Simple  (no)  user  profiles  
SSO  and  Security   Clichéd  security  icon  here  
"ConvenFonal"  SSO  modules    Use  an  independent  idenFty  backend    Can  handle  more  complex  user  profiles    Usually  provide  role-­‐integraFon   MicrosoW   Atlassian   AcFve  Directory   Crowd   LDAP  
Crowd:  delegated  authenFcaFon   Check  credenFals   -­‐  username   Crowd   ID  mgr:   -­‐  password   server   LDAP/ AD/???   example.com   POST   -­‐  username   Logged  in   -­‐  password  
Security  best  pracFce   SSO  can  help  you   manage   and   review   your   admin   accounts  
Users:  GoAa  catch  'em  all!   Copyrighted  image   can't  go  here.  
CollecFng  users:  making  signup  easy   facebook  
OpenID  and  user  profiling   OpenID  s-­‐reg  supports:   Drupal  core  supports:    Nickname    Nickname    Email    Email    Full  name    Date  of  birth    Gender    Postcode   Add  with    Country   hook_openid    Language    Timezone  
OpenID,  TwiAer,  FBconnect   Can  aAract  users  by:    Simplifying  user-­‐signup    Sharing  profiling   informaFon  
Summary    SSO  for  usability:   Share  credenFals  across  sub-­‐domains.    SSO  for  security:   Manage  your  roles  and  users  with  a  dedicated   IdenFty  Management  pla_orm.    SSO  for  a7rac8ng  users:   Make  it  easy  for  visitors  to  become  members.  

Recommended

Joomla Features
Joomla FeaturesJoomla Features
Joomla FeaturesUS Joomla Force
 
My Top WordPress Plugins
My Top WordPress PluginsMy Top WordPress Plugins
My Top WordPress PluginsJoe Casabona
 
Joomla basic-i introduction-to-joomla-cms
Joomla basic-i introduction-to-joomla-cmsJoomla basic-i introduction-to-joomla-cms
Joomla basic-i introduction-to-joomla-cmsChanratha Sorn
 
Symfony: A Brief Introduction
Symfony: A Brief IntroductionSymfony: A Brief Introduction
Symfony: A Brief IntroductionCraig Willis
 
BROWSER UI SECURITY INDICATORS
BROWSER UI SECURITY INDICATORSBROWSER UI SECURITY INDICATORS
BROWSER UI SECURITY INDICATORSThe SSL Store™
 
Performance all teh things
Performance all teh thingsPerformance all teh things
Performance all teh thingsMarcus Deglos
 
Varnish bof
Varnish bofVarnish bof
Varnish bofMarcus Deglos
 
Drupal haters gonna hate
Drupal haters gonna hateDrupal haters gonna hate
Drupal haters gonna hateMarcus Deglos
 

Recommended

Joomla Features
Joomla FeaturesJoomla Features
Joomla FeaturesUS Joomla Force
 
My Top WordPress Plugins
My Top WordPress PluginsMy Top WordPress Plugins
My Top WordPress PluginsJoe Casabona
 
Joomla basic-i introduction-to-joomla-cms
Joomla basic-i introduction-to-joomla-cmsJoomla basic-i introduction-to-joomla-cms
Joomla basic-i introduction-to-joomla-cmsChanratha Sorn
 
Symfony: A Brief Introduction
Symfony: A Brief IntroductionSymfony: A Brief Introduction
Symfony: A Brief IntroductionCraig Willis
 
BROWSER UI SECURITY INDICATORS
BROWSER UI SECURITY INDICATORSBROWSER UI SECURITY INDICATORS
BROWSER UI SECURITY INDICATORSThe SSL Store™
 
Performance all teh things
Performance all teh thingsPerformance all teh things
Performance all teh thingsMarcus Deglos
 
Varnish bof
Varnish bofVarnish bof
Varnish bofMarcus Deglos
 
Drupal haters gonna hate
Drupal haters gonna hateDrupal haters gonna hate
Drupal haters gonna hateMarcus Deglos
 
Single sign on with TYPO3
Single sign on with TYPO3Single sign on with TYPO3
Single sign on with TYPO3tschikarski
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...Luis Benitez
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementNikola Milosevic
 
Flash Development Guide
Flash Development GuideFlash Development Guide
Flash Development GuideStanley Fok
 
Introduction Yii Framework
Introduction Yii FrameworkIntroduction Yii Framework
Introduction Yii FrameworkTuan Nguyen
 
ABCs of Security in the Cloud Webinar
ABCs of Security in the Cloud WebinarABCs of Security in the Cloud Webinar
ABCs of Security in the Cloud WebinarSalesforce Developers
 
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK... Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...Matt Raible
 
32026148 manual
32026148 manual32026148 manual
32026148 manualmruizroa
 
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Ioan Eugen Stan
 
Enterprise 2.0 With Plone
Enterprise 2.0 With PloneEnterprise 2.0 With Plone
Enterprise 2.0 With Plonevirginiachoy
 
Inventory your network and clients with PowerShell
Inventory your network and clients with PowerShellInventory your network and clients with PowerShell
Inventory your network and clients with PowerShellConcentrated Technology
 
Joomla Explained - As Easy as 1, 2, 3
Joomla Explained - As Easy as 1, 2, 3Joomla Explained - As Easy as 1, 2, 3
Joomla Explained - As Easy as 1, 2, 3Rod Martin
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityRyan Dawson
 
Kaltura and Drupal: Two Great Tastes That Taste Great Together
Kaltura and Drupal: Two Great Tastes That Taste Great TogetherKaltura and Drupal: Two Great Tastes That Taste Great Together
Kaltura and Drupal: Two Great Tastes That Taste Great TogetherJohn Eckman
 
How to implement sso using o auth in golang application
How to implement sso using o auth in golang applicationHow to implement sso using o auth in golang application
How to implement sso using o auth in golang applicationKaty Slemon
 
What is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign OnWhat is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign OnRiddhi Sood
 
The Ball Launch on 2013 Microsoft TechDays Part 2/2
The Ball Launch on 2013 Microsoft TechDays Part 2/2The Ball Launch on 2013 Microsoft TechDays Part 2/2
The Ball Launch on 2013 Microsoft TechDays Part 2/2Kallex
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesAndrew Petro
 
ImplementationGuide-220920-101456.pdf
ImplementationGuide-220920-101456.pdfImplementationGuide-220920-101456.pdf
ImplementationGuide-220920-101456.pdfspikecloudcloud
 
Drupal feature proposal: two new stream-wrappers
Drupal feature proposal: two new stream-wrappersDrupal feature proposal: two new stream-wrappers
Drupal feature proposal: two new stream-wrappersMarcus Deglos
 
Vagrant crash course
Vagrant crash courseVagrant crash course
Vagrant crash courseMarcus Deglos
 

More Related Content

Similar to SSO To go

Single sign on with TYPO3
Single sign on with TYPO3Single sign on with TYPO3
Single sign on with TYPO3tschikarski
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...Luis Benitez
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementNikola Milosevic
 
Flash Development Guide
Flash Development GuideFlash Development Guide
Flash Development GuideStanley Fok
 
Introduction Yii Framework
Introduction Yii FrameworkIntroduction Yii Framework
Introduction Yii FrameworkTuan Nguyen
 
ABCs of Security in the Cloud Webinar
ABCs of Security in the Cloud WebinarABCs of Security in the Cloud Webinar
ABCs of Security in the Cloud WebinarSalesforce Developers
 
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK... Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...Matt Raible
 
32026148 manual
32026148 manual32026148 manual
32026148 manualmruizroa
 
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Ioan Eugen Stan
 
Enterprise 2.0 With Plone
Enterprise 2.0 With PloneEnterprise 2.0 With Plone
Enterprise 2.0 With Plonevirginiachoy
 
Inventory your network and clients with PowerShell
Inventory your network and clients with PowerShellInventory your network and clients with PowerShell
Inventory your network and clients with PowerShellConcentrated Technology
 
Joomla Explained - As Easy as 1, 2, 3
Joomla Explained - As Easy as 1, 2, 3Joomla Explained - As Easy as 1, 2, 3
Joomla Explained - As Easy as 1, 2, 3Rod Martin
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityRyan Dawson
 
Kaltura and Drupal: Two Great Tastes That Taste Great Together
Kaltura and Drupal: Two Great Tastes That Taste Great TogetherKaltura and Drupal: Two Great Tastes That Taste Great Together
Kaltura and Drupal: Two Great Tastes That Taste Great TogetherJohn Eckman
 
How to implement sso using o auth in golang application
How to implement sso using o auth in golang applicationHow to implement sso using o auth in golang application
How to implement sso using o auth in golang applicationKaty Slemon
 
What is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign OnWhat is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign OnRiddhi Sood
 
The Ball Launch on 2013 Microsoft TechDays Part 2/2
The Ball Launch on 2013 Microsoft TechDays Part 2/2The Ball Launch on 2013 Microsoft TechDays Part 2/2
The Ball Launch on 2013 Microsoft TechDays Part 2/2Kallex
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesAndrew Petro
 
ImplementationGuide-220920-101456.pdf
ImplementationGuide-220920-101456.pdfImplementationGuide-220920-101456.pdf
ImplementationGuide-220920-101456.pdfspikecloudcloud
 

Similar to SSO To go (20)

Single sign on with TYPO3
Single sign on with TYPO3Single sign on with TYPO3
Single sign on with TYPO3
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSO
 
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
 
Flash Development Guide
Flash Development GuideFlash Development Guide
Flash Development Guide
 
Introduction Yii Framework
Introduction Yii FrameworkIntroduction Yii Framework
Introduction Yii Framework
 
ABCs of Security in the Cloud Webinar
ABCs of Security in the Cloud WebinarABCs of Security in the Cloud Webinar
ABCs of Security in the Cloud Webinar
 
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK... Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...
 
32026148 manual
32026148 manual32026148 manual
32026148 manual
 
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
 
Enterprise 2.0 With Plone
Enterprise 2.0 With PloneEnterprise 2.0 With Plone
Enterprise 2.0 With Plone
 
Inventory your network and clients with PowerShell
Inventory your network and clients with PowerShellInventory your network and clients with PowerShell
Inventory your network and clients with PowerShell
 
Joomla Explained - As Easy as 1, 2, 3
Joomla Explained - As Easy as 1, 2, 3Joomla Explained - As Easy as 1, 2, 3
Joomla Explained - As Easy as 1, 2, 3
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibility
 
Kaltura and Drupal: Two Great Tastes That Taste Great Together
Kaltura and Drupal: Two Great Tastes That Taste Great TogetherKaltura and Drupal: Two Great Tastes That Taste Great Together
Kaltura and Drupal: Two Great Tastes That Taste Great Together
 
How to implement sso using o auth in golang application
How to implement sso using o auth in golang applicationHow to implement sso using o auth in golang application
How to implement sso using o auth in golang application
 
What is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign OnWhat is SSO? An introduction to Single Sign On
What is SSO? An introduction to Single Sign On
 
The Ball Launch on 2013 Microsoft TechDays Part 2/2
The Ball Launch on 2013 Microsoft TechDays Part 2/2The Ball Launch on 2013 Microsoft TechDays Part 2/2
The Ball Launch on 2013 Microsoft TechDays Part 2/2
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten Minutes
 
ImplementationGuide-220920-101456.pdf
ImplementationGuide-220920-101456.pdfImplementationGuide-220920-101456.pdf
ImplementationGuide-220920-101456.pdf
 

More from Marcus Deglos

Drupal feature proposal: two new stream-wrappers
Drupal feature proposal: two new stream-wrappersDrupal feature proposal: two new stream-wrappers
Drupal feature proposal: two new stream-wrappersMarcus Deglos
 
Vagrant crash course
Vagrant crash courseVagrant crash course
Vagrant crash courseMarcus Deglos
 
Drupal, varnish, esi - Toulouse November 2
Drupal, varnish, esi - Toulouse November 2Drupal, varnish, esi - Toulouse November 2
Drupal, varnish, esi - Toulouse November 2Marcus Deglos
 
Speeding Up The Snail
Speeding Up The SnailSpeeding Up The Snail
Speeding Up The SnailMarcus Deglos
 

More from Marcus Deglos (7)

Drupal feature proposal: two new stream-wrappers
Drupal feature proposal: two new stream-wrappersDrupal feature proposal: two new stream-wrappers
Drupal feature proposal: two new stream-wrappers
 
Vagrant crash course
Vagrant crash courseVagrant crash course
Vagrant crash course
 
Drupal, varnish, esi - Toulouse November 2
Drupal, varnish, esi - Toulouse November 2Drupal, varnish, esi - Toulouse November 2
Drupal, varnish, esi - Toulouse November 2
 
With one click
With one clickWith one click
With one click
 
Panels rocks!
Panels rocks!Panels rocks!
Panels rocks!
 
Where in the world
Where in the worldWhere in the world
Where in the world
 
Speeding Up The Snail
Speeding Up The SnailSpeeding Up The Snail
Speeding Up The Snail
 

SSO To go

  • 1. SSO  To  Go   A  ramble  along  the  pathways  of   Single  Sign  On  modules:  increasing   security  and  simplifying  user  sign-­‐up.   Marcus  Deglos   @manarth   hAp://deglos.com/  
  • 2. Is  SSO  about?   High-­‐tech  security?   Generic  enterprise  image  
  • 3. Usability   AAracFng   new  users   SSO   and   IdenFty   Management   Security  
  • 4. Usability  and  Drupal.org   api.drupal.org   drupal.org   groups.drupal.org  
  • 5. Bakery:  a  shared  cookie  soluFon   example.com   foo.example.com   POST   SET  COOKIE   -­‐  username   Chocolate  chip   -­‐  password  
  • 6. Bakery:  a  shared  cookie  soluFon   example.com   foo.example.com   Request  a/c   HTTP  request   COOKIE   Chocolate  chip  
  • 7. Bakery:  a  shared  cookie  soluFon   Responds  with   example.com   a/c  details   foo.example.com   Request  a/c   HTTP  request   COOKIE   Logged  in   Chocolate  chip  
  • 8. Bakery  is  good  for:   BeAer  usability  with:    MulFple  Drupal  sites    Same  domain    Simple  (no)  user  profiles  
  • 9. SSO  and  Security   Clichéd  security  icon  here  
  • 10. "ConvenFonal"  SSO  modules    Use  an  independent  idenFty  backend    Can  handle  more  complex  user  profiles    Usually  provide  role-­‐integraFon   MicrosoW   Atlassian   AcFve  Directory   Crowd   LDAP  
  • 11. Crowd:  delegated  authenFcaFon   Check  credenFals   -­‐  username   Crowd   ID  mgr:   -­‐  password   server   LDAP/ AD/???   example.com   POST   -­‐  username   Logged  in   -­‐  password  
  • 12. Security  best  pracFce   SSO  can  help  you   manage   and   review   your   admin   accounts  
  • 13. Users:  GoAa  catch  'em  all!   Copyrighted  image   can't  go  here.  
  • 14. CollecFng  users:  making  signup  easy   facebook  
  • 15. OpenID  and  user  profiling   OpenID  s-­‐reg  supports:   Drupal  core  supports:    Nickname    Nickname    Email    Email    Full  name    Date  of  birth    Gender    Postcode   Add  with    Country   hook_openid    Language    Timezone  
  • 16. OpenID,  TwiAer,  FBconnect   Can  aAract  users  by:    Simplifying  user-­‐signup    Sharing  profiling   informaFon  
  • 17. Summary    SSO  for  usability:   Share  credenFals  across  sub-­‐domains.    SSO  for  security:   Manage  your  roles  and  users  with  a  dedicated   IdenFty  Management  pla_orm.    SSO  for  a7rac8ng  users:   Make  it  easy  for  visitors  to  become  members.