SlideShare ist ein Scribd-Unternehmen logo

Odin Authenticator

Als KEY, PDF herunterladen
Maciej Pasternacki
Maciej Pasternacki

Announcement of the Odin Authenticator, a cookie-based single sign-on system for Apache, implemented as a mod_perl handler and a Perl Dancer webapp.

Technologie
1 von 17
Odin Authenticator A cookie-based single sign-on system for Apache
Act I The Sad Situation
You are in a maze of twisty little webapps, all alike. • Munin • Rundeck • Icinga • Logstash • Resque-Web • Graphite • Jenkins • … Multiple servers, same users
How to authenticate? • HTTP auth? – Awful UX & UI. Syncing passwords is tricky. • LDAP? – No. Just no. • OpenID? – Dependency on a new third party, frequent callbacks, slow, inconvenient. • FreeIPA? – Overkill.
GodAuth • https://github.com/exflickr/GodAuth • A mod_perl module shared by Flickr • Shared cookie, HMAC-signed with a shared secret • Clunky, manual installation & setup • Badly needed a rewrite
Act II Light in the tunnel
Odin Authenticator The badly needed rewrite of GodAuth http://ginzamarkets.github.com/odin_authenticator/
General setup • Individual services under single domain (something.i.yourdomain.com) • Domain root (i.yourdomain.com) serves the authenticator, which sets the cookie
OdinAuth • ginzamarkets/Apache2-Authen-OdinAuth on GitHub • Apache2::Authen::OdinAuth on CPAN • Apache 2 mod_perl handler • Sane(r) config in YAML • Automated installation
OdinAuth 1. cpan install Apache2::Authen::OdinAuth 2. PerlSetVar odinauth_config /path/to/odin_auth.yml 3. PerlFixupHandler Apache2::Authen::OdinAuth 4. Copy and edit odin_auth.yml config file
Odin Authorizer App • ginzamarkets/App-OdinAuthorizer on GitHub • Perl Dancer webapp that calls out to Google Apps for Domains to authenticate and sets the signed cookie if successful • Simple & basic – no user roles, single configured valid domain
Odin Authorizer App 1. hub clone ginzamarkets/App-OdinAuthorizer 2. perl Build.pl ./Build installdeps 3. ./bin/app.pl Use Apache, mod_perl, and http://plackperl.org/ for real deployment
DEMO TIME
Act III The Bright Future
• Move Apache handler config into httpd.conf • Make authorizer webapp more flexible • Different sources of identity • Multi-factor authentication • RBAC • More eyeballs on the crypto stuff
Have fun! http://ginzamarkets.github.com/odin_authenticator/

Empfohlen

How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation Easy
Peter Sankauskas
 
Taking Spinnaker for a spin @ London DevOps Meetup 36
Taking Spinnaker for a spin @ London DevOps Meetup 36Taking Spinnaker for a spin @ London DevOps Meetup 36
Taking Spinnaker for a spin @ London DevOps Meetup 36
aleonhardt
 
Server deployment
Server deploymentServer deployment
Server deployment
bsadd
 
Sexy, Powerful, Exciting
Sexy, Powerful, ExcitingSexy, Powerful, Exciting
Sexy, Powerful, Exciting
Robert Senktas
 
Use case 1 - for Sitecore Automation Module
Use case 1 - for Sitecore Automation ModuleUse case 1 - for Sitecore Automation Module
Use case 1 - for Sitecore Automation Module
Robert Senktas
 
Hashicorp Products Overview
Hashicorp Products OverviewHashicorp Products Overview
Hashicorp Products Overview
Uchit Vyas ☁
 
Monitor-Driven Development Using Ansible
Monitor-Driven Development Using AnsibleMonitor-Driven Development Using Ansible
Monitor-Driven Development Using Ansible
Itamar Hassin
 
Hashicorp-Terraform_Packer_Vault-by Sushil
Hashicorp-Terraform_Packer_Vault-by SushilHashicorp-Terraform_Packer_Vault-by Sushil
Hashicorp-Terraform_Packer_Vault-by Sushil
Sushil Kumar
 

Empfohlen

How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation Easy
Peter Sankauskas
 
Taking Spinnaker for a spin @ London DevOps Meetup 36
Taking Spinnaker for a spin @ London DevOps Meetup 36Taking Spinnaker for a spin @ London DevOps Meetup 36
Taking Spinnaker for a spin @ London DevOps Meetup 36
aleonhardt
 
Server deployment
Server deploymentServer deployment
Server deployment
bsadd
 
Sexy, Powerful, Exciting
Sexy, Powerful, ExcitingSexy, Powerful, Exciting
Sexy, Powerful, Exciting
Robert Senktas
 
Use case 1 - for Sitecore Automation Module
Use case 1 - for Sitecore Automation ModuleUse case 1 - for Sitecore Automation Module
Use case 1 - for Sitecore Automation Module
Robert Senktas
 
Hashicorp Products Overview
Hashicorp Products OverviewHashicorp Products Overview
Hashicorp Products Overview
Uchit Vyas ☁
 
Monitor-Driven Development Using Ansible
Monitor-Driven Development Using AnsibleMonitor-Driven Development Using Ansible
Monitor-Driven Development Using Ansible
Itamar Hassin
 
Hashicorp-Terraform_Packer_Vault-by Sushil
Hashicorp-Terraform_Packer_Vault-by SushilHashicorp-Terraform_Packer_Vault-by Sushil
Hashicorp-Terraform_Packer_Vault-by Sushil
Sushil Kumar
 
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Rick G. Garibay
 
Package Management on Windows with Chocolatey
Package Management on Windows with ChocolateyPackage Management on Windows with Chocolatey
Package Management on Windows with Chocolatey
Puppet
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
Greg DeKoenigsberg
 
Rubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行するRubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行する
Maki Toshio
 
Drupal and Elasticsearch
Drupal and ElasticsearchDrupal and Elasticsearch
Drupal and Elasticsearch
Nikolay Ignatov
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction
Robert Reiz
 
Ansible
AnsibleAnsible
Ansible
Rahul Bajaj
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014
Robert Reiz
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and Docker
Dennis Rowe
 
Infrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & AnsibleInfrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & Ansible
wajrcs
 
Delivery Pipeline for Windows Machines
Delivery Pipeline for Windows MachinesDelivery Pipeline for Windows Machines
Delivery Pipeline for Windows Machines
Dmitry Buzdin
 
My Top 5 Favorite Gems
My Top 5 Favorite GemsMy Top 5 Favorite Gems
My Top 5 Favorite Gems
Jimmy Ngu
 
Ansible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers GaliciaAnsible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers Galicia
Juan Diego Pereiro Arean
 
London Community Summit - Habitat 2016
London Community Summit - Habitat 2016London Community Summit - Habitat 2016
London Community Summit - Habitat 2016
Sarah Richards
 
Gigigo Workshop - Create an iOS Framework, document it and not die trying
Gigigo Workshop - Create an iOS Framework, document it and not die tryingGigigo Workshop - Create an iOS Framework, document it and not die trying
Gigigo Workshop - Create an iOS Framework, document it and not die trying
Alex Rupérez
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
rmcleay
 
Vagrant For DevOps
Vagrant For DevOpsVagrant For DevOps
Vagrant For DevOps
Lalatendu Mohanty
 
Getting started with automation using ansible
Getting started with automation using ansibleGetting started with automation using ansible
Getting started with automation using ansible
Kelvin Charles
 
CocoaPods Basic Usage
CocoaPods Basic UsageCocoaPods Basic Usage
CocoaPods Basic Usage
Ryan Wang
 
How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...
Dmytro Mykhailov
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
WO Community
 
Ci for i-os-codemash-01.2013
Ci for i-os-codemash-01.2013Ci for i-os-codemash-01.2013
Ci for i-os-codemash-01.2013
Kevin Munc
 

Weitere ähnliche Inhalte

Was ist angesagt?

Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Rick G. Garibay
 
Package Management on Windows with Chocolatey
Package Management on Windows with ChocolateyPackage Management on Windows with Chocolatey
Package Management on Windows with Chocolatey
Puppet
 
Rubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行するRubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行する
Maki Toshio
 

Was ist angesagt? (20)

Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
 
Package Management on Windows with Chocolatey
Package Management on Windows with ChocolateyPackage Management on Windows with Chocolatey
Package Management on Windows with Chocolatey
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
 
Rubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行するRubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行する
 
Drupal and Elasticsearch
Drupal and ElasticsearchDrupal and Elasticsearch
Drupal and Elasticsearch
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction
 
Ansible
AnsibleAnsible
Ansible
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and Docker
 
Infrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & AnsibleInfrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & Ansible
 
Delivery Pipeline for Windows Machines
Delivery Pipeline for Windows MachinesDelivery Pipeline for Windows Machines
Delivery Pipeline for Windows Machines
 
My Top 5 Favorite Gems
My Top 5 Favorite GemsMy Top 5 Favorite Gems
My Top 5 Favorite Gems
 
Ansible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers GaliciaAnsible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers Galicia
 
London Community Summit - Habitat 2016
London Community Summit - Habitat 2016London Community Summit - Habitat 2016
London Community Summit - Habitat 2016
 
Gigigo Workshop - Create an iOS Framework, document it and not die trying
Gigigo Workshop - Create an iOS Framework, document it and not die tryingGigigo Workshop - Create an iOS Framework, document it and not die trying
Gigigo Workshop - Create an iOS Framework, document it and not die trying
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
 
Vagrant For DevOps
Vagrant For DevOpsVagrant For DevOps
Vagrant For DevOps
 
Getting started with automation using ansible
Getting started with automation using ansibleGetting started with automation using ansible
Getting started with automation using ansible
 
CocoaPods Basic Usage
CocoaPods Basic UsageCocoaPods Basic Usage
CocoaPods Basic Usage
 
How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...
 

Ähnlich wie Odin Authenticator

Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for Pentesting
Mike Felch
 
OpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red HatsOpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red Hats
Mark Atwood
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
lior mazor
 
Apache Cordova phonegap plugins for mobile app development
Apache Cordova phonegap plugins for mobile app developmentApache Cordova phonegap plugins for mobile app development
Apache Cordova phonegap plugins for mobile app development
webprogr.com
 
Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012
Volkan Özçelik
 

Ähnlich wie Odin Authenticator (20)

Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
 
Ci for i-os-codemash-01.2013
Ci for i-os-codemash-01.2013Ci for i-os-codemash-01.2013
Ci for i-os-codemash-01.2013
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for Pentesting
 
Kubeflow Development Environment
Kubeflow Development EnvironmentKubeflow Development Environment
Kubeflow Development Environment
 
Cocoapods in action
Cocoapods in actionCocoapods in action
Cocoapods in action
 
OpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red HatsOpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red Hats
 
VMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put together
VMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put togetherVMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put together
VMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put together
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 
External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1)
 
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfest
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
Gocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous DeploymentGocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous Deployment
 
Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017
 
Google App Engine: For PHP Developers
Google App Engine: For PHP DevelopersGoogle App Engine: For PHP Developers
Google App Engine: For PHP Developers
 
Apache Cordova phonegap plugins for mobile app development
Apache Cordova phonegap plugins for mobile app developmentApache Cordova phonegap plugins for mobile app development
Apache Cordova phonegap plugins for mobile app development
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
 
Continuous Deployment with Jenkins and Salt
Continuous Deployment with Jenkins and SaltContinuous Deployment with Jenkins and Salt
Continuous Deployment with Jenkins and Salt
 
Building with Virtual Development Environments
Building with Virtual Development EnvironmentsBuilding with Virtual Development Environments
Building with Virtual Development Environments
 
Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012
 

Mehr von Maciej Pasternacki

Mehr von Maciej Pasternacki (6)

A Continuous Packaging Pipeline
A Continuous Packaging PipelineA Continuous Packaging Pipeline
A Continuous Packaging Pipeline
 
Why do we fail? (And how do we stop doing that?
Why do we fail? (And how do we stop doing that?Why do we fail? (And how do we stop doing that?
Why do we fail? (And how do we stop doing that?
 
Monitoringsucks
MonitoringsucksMonitoringsucks
Monitoringsucks
 
Test-driven development: a case study
Test-driven development: a case studyTest-driven development: a case study
Test-driven development: a case study
 
Amazon Web Services (cloud: is it good for anything?)
Amazon Web Services (cloud: is it good for anything?)Amazon Web Services (cloud: is it good for anything?)
Amazon Web Services (cloud: is it good for anything?)
 
Devops lightning talk
Devops lightning talkDevops lightning talk
Devops lightning talk
 

Kürzlich hochgeladen

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Kürzlich hochgeladen (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Odin Authenticator

  • 1.
  • 2. Odin Authenticator A cookie-based single sign-on system for Apache
  • 3. Act I The Sad Situation
  • 4. You are in a maze of twisty little webapps, all alike. • Munin • Rundeck • Icinga • Logstash • Resque-Web • Graphite • Jenkins • … Multiple servers, same users
  • 5. How to authenticate? • HTTP auth? – Awful UX & UI. Syncing passwords is tricky. • LDAP? – No. Just no. • OpenID? – Dependency on a new third party, frequent callbacks, slow, inconvenient. • FreeIPA? – Overkill.
  • 6. GodAuth • https://github.com/exflickr/GodAuth • A mod_perl module shared by Flickr • Shared cookie, HMAC-signed with a shared secret • Clunky, manual installation & setup • Badly needed a rewrite
  • 7. Act II Light in the tunnel
  • 8. Odin Authenticator The badly needed rewrite of GodAuth http://ginzamarkets.github.com/odin_authenticator/
  • 9. General setup • Individual services under single domain (something.i.yourdomain.com) • Domain root (i.yourdomain.com) serves the authenticator, which sets the cookie
  • 10. OdinAuth • ginzamarkets/Apache2-Authen-OdinAuth on GitHub • Apache2::Authen::OdinAuth on CPAN • Apache 2 mod_perl handler • Sane(r) config in YAML • Automated installation
  • 11. OdinAuth 1. cpan install Apache2::Authen::OdinAuth 2. PerlSetVar odinauth_config /path/to/odin_auth.yml 3. PerlFixupHandler Apache2::Authen::OdinAuth 4. Copy and edit odin_auth.yml config file
  • 12. Odin Authorizer App • ginzamarkets/App-OdinAuthorizer on GitHub • Perl Dancer webapp that calls out to Google Apps for Domains to authenticate and sets the signed cookie if successful • Simple & basic – no user roles, single configured valid domain
  • 13. Odin Authorizer App 1. hub clone ginzamarkets/App-OdinAuthorizer 2. perl Build.pl ./Build installdeps 3. ./bin/app.pl Use Apache, mod_perl, and http://plackperl.org/ for real deployment
  • 16. • Move Apache handler config into httpd.conf • Make authorizer webapp more flexible • Different sources of identity • Multi-factor authentication • RBAC • More eyeballs on the crypto stuff

Hinweis der Redaktion

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n