SlideShare a Scribd company logo

Extending drupal authentication

Download as PPTX, PDF
Charles Russell
Charles Russell

Slides from Sacramento Drupal camp presentation

Technology
1 of 23
Charles Russell CTSC UC Davis Medical Center Bennubird Media SacProNet
http://web-cms.findthebest.com/compare/2-42/Drupal-vs-Liferay-Portal
• Multi Layered Security System • Account/Role based • SQL table based and internal into the system • OpenID (optional) Great for a stand alone site, but what if • You have to integrate with legacy systems • You have to tie this site to other service providers not using Drupal. • You have to coordinate with other organizations
• Directory Based • May be some type of SQL based system • LDAP (Lightweight Directory Access Protocol) • Central Single Sign On • Kerberose • CAS (Central Access System) • Federated System • OpenID • SAML (Security Assertion Markup Language) • XACML ( eXtensible Access Control Markup Language) • Shibboleth • Oauth
• Identity Providers (IP) • Verify and provide credentials • Service Providers (SP) • Provide the requested services if user authenticates In a Drupal only site Drupal is both IP and SP
• Drupal requires accounts • Drupal needs three pieces of information to establish an account. • User name • Password • Email • Direct Login is possible and plans should be made to handle the case that the IP no longer certifies the user.
There are many SQL implementations are custom so look up is going resist generic a generic solution LDAP is a standard and fortunately is the most common implementation of directory. A good argument could be made that Drupal’s native authentication is of this type
Directory System Agent is contacted by a client which sends a response back to the client. • Requests and Responses are sent in plain text • Every entry has a unique Identifier DN and a set of attributes.
http://drupal.org/project/ldap Drupal 6 use LDAP Integration Module not LDAP Module
Allows users throughout an organization use a single password to access all of the resources of that organization. • Passwords are not shared with the application • Communication between client and server are encrypted and prevents eves dropping and replay attacks • Kerberos and CAS Protocols are the most common implementation.
Developed at MIT as part of Project Athena which was a project a campus wide computing environment
http://drupal.org/project/kerberos_authentication
Developed at Yale University. Currently maintained by Java Architectures Special Interest Group.
http://drupal.org/project/cas
Allows access to users of the system outside of their local environment, sending identity information to the application or site that has already been verified by the IP Allows you to send users to external resources and allows external resources to in a secure way to use your site.. There is a long list of federated protocols some of the more popular open source solutions are OpenID, OAuth, SAML, and Shibboleth.
• Developed in 2005 Originally Called YADIS • Comes with Drupal Out of the box • Because Drupal requires user and password Open id must be assigned to Drupal user • Email still required so legitimacy can be established • Documentation at http://Drupal.org/documentation/modules/openid
• Grew out of Open ID • Commercial use very common • Allows sharing of private information with giving out credentials
http://drupal.org/project/oauth
• Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. • Very common in education and government • Shibboleth home page http://shibboleth.net
http://drupal.org/project/shib_auth
Organization for the Advancement of Structured Information Standards
• XML Based mark up language to assert Identity • Usually assertion sent as web service in soap wrapper <saml:Assertion Version="2.0" IssueInstant="2009-02-04T23:08:00.173Z" ID="el-hJZpkAd5XlBywvK_LxieTaC."> <saml:Issuer>IDFED_E2E_IDP_SP_APP</saml:Issuer> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#el-hJZpkAd5XlBywvK_LxieTaC."> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>A7IVn/YqCJW6ZQT9/PqFBdZzhuY=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> ………. </saml:Assertion >
Extending drupal authentication

Recommended

SPTECHCON - Rev Your Engines - SharePoint 2013 Performance Enhancements
SPTECHCON - Rev Your Engines - SharePoint 2013 Performance EnhancementsSPTECHCON - Rev Your Engines - SharePoint 2013 Performance Enhancements
SPTECHCON - Rev Your Engines - SharePoint 2013 Performance EnhancementsEric Shupps
 
Building better SQL Server Databases
Building better SQL Server DatabasesBuilding better SQL Server Databases
Building better SQL Server DatabasesColdFusionConference
 
Building a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsBuilding a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsJoonas Westlin
 
A Complete BI Solution in About an Hour!
A Complete BI Solution in About an Hour!A Complete BI Solution in About an Hour!
A Complete BI Solution in About an Hour!Aaron King
 
SPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST API
SPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST APISPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST API
SPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST APIEric Shupps
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?Liam Cleary [MVP]
 
Rev Your Engines: SharePoint Performance Best Practices
Rev Your Engines: SharePoint Performance Best PracticesRev Your Engines: SharePoint Performance Best Practices
Rev Your Engines: SharePoint Performance Best PracticesSPC Adriatics
 
ECS19 - Ingo Gegenwarth - Running Exchange in large environment
ECS19 - Ingo Gegenwarth - Running Exchange in large environmentECS19 - Ingo Gegenwarth - Running Exchange in large environment
ECS19 - Ingo Gegenwarth - Running Exchange in large environmentEuropean Collaboration Summit
 

Recommended

SPTECHCON - Rev Your Engines - SharePoint 2013 Performance Enhancements
SPTECHCON - Rev Your Engines - SharePoint 2013 Performance EnhancementsSPTECHCON - Rev Your Engines - SharePoint 2013 Performance Enhancements
SPTECHCON - Rev Your Engines - SharePoint 2013 Performance EnhancementsEric Shupps
 
Building better SQL Server Databases
Building better SQL Server DatabasesBuilding better SQL Server Databases
Building better SQL Server DatabasesColdFusionConference
 
Building a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsBuilding a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsJoonas Westlin
 
A Complete BI Solution in About an Hour!
A Complete BI Solution in About an Hour!A Complete BI Solution in About an Hour!
A Complete BI Solution in About an Hour!Aaron King
 
SPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST API
SPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST APISPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST API
SPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST APIEric Shupps
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?Liam Cleary [MVP]
 
Rev Your Engines: SharePoint Performance Best Practices
Rev Your Engines: SharePoint Performance Best PracticesRev Your Engines: SharePoint Performance Best Practices
Rev Your Engines: SharePoint Performance Best PracticesSPC Adriatics
 
ECS19 - Ingo Gegenwarth - Running Exchange in large environment
ECS19 - Ingo Gegenwarth - Running Exchange in large environmentECS19 - Ingo Gegenwarth - Running Exchange in large environment
ECS19 - Ingo Gegenwarth - Running Exchange in large environmentEuropean Collaboration Summit
 
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...European Collaboration Summit
 
Talking Services with Oracle ADF and Oracle SOA Suite
Talking Services with Oracle ADF and Oracle SOA SuiteTalking Services with Oracle ADF and Oracle SOA Suite
Talking Services with Oracle ADF and Oracle SOA SuiteDataNext Solutions
 
ECS2019 - Managing Content Types in the Modern World
ECS2019 - Managing Content Types in the Modern WorldECS2019 - Managing Content Types in the Modern World
ECS2019 - Managing Content Types in the Modern WorldMarc D Anderson
 
Your first step by step tutorial for oracle SOA
Your first step by step tutorial for oracle SOAYour first step by step tutorial for oracle SOA
Your first step by step tutorial for oracle SOAhalimelnagar
 
Solving Single-Sign-On
Solving Single-Sign-OnSolving Single-Sign-On
Solving Single-Sign-OnAaron King
 
Working with Portlets in ADF and Webcenter
Working with Portlets in ADF and WebcenterWorking with Portlets in ADF and Webcenter
Working with Portlets in ADF and WebcenterDataNext Solutions
 
Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)J V
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Community and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZCommunity and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZMarkus Eisele
 
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...SPTechCon
 
Onion Architecture and the Blog
Onion Architecture and the BlogOnion Architecture and the Blog
Onion Architecture and the Blogbarryosull
 
Databases & Microsoft SQL Server
Databases & Microsoft SQL ServerDatabases & Microsoft SQL Server
Databases & Microsoft SQL ServerMahmoud Abdallah
 
AMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyAMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyJaap Poot
 
SharePoint 2013 - A Real World Help Desk App End to End
SharePoint 2013 - A Real World Help Desk App End to EndSharePoint 2013 - A Real World Help Desk App End to End
SharePoint 2013 - A Real World Help Desk App End to EndEric Shupps
 
Spca2014 keynote johnson
Spca2014 keynote johnsonSpca2014 keynote johnson
Spca2014 keynote johnsonNCCOMMS
 
Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People SPC Adriatics
 
Building Software Backend (Web API)
Building Software Backend (Web API)Building Software Backend (Web API)
Building Software Backend (Web API)Alexander Goida
 
SharePoint 2013 APIs
SharePoint 2013 APIsSharePoint 2013 APIs
SharePoint 2013 APIsJohn Calvert
 
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...European Collaboration Summit
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2
 
Drupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsDrupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsAlex S
 
How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudLDAPCon
 

More Related Content

What's hot

ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...European Collaboration Summit
 
Talking Services with Oracle ADF and Oracle SOA Suite
Talking Services with Oracle ADF and Oracle SOA SuiteTalking Services with Oracle ADF and Oracle SOA Suite
Talking Services with Oracle ADF and Oracle SOA SuiteDataNext Solutions
 
ECS2019 - Managing Content Types in the Modern World
ECS2019 - Managing Content Types in the Modern WorldECS2019 - Managing Content Types in the Modern World
ECS2019 - Managing Content Types in the Modern WorldMarc D Anderson
 
Your first step by step tutorial for oracle SOA
Your first step by step tutorial for oracle SOAYour first step by step tutorial for oracle SOA
Your first step by step tutorial for oracle SOAhalimelnagar
 
Solving Single-Sign-On
Solving Single-Sign-OnSolving Single-Sign-On
Solving Single-Sign-OnAaron King
 
Working with Portlets in ADF and Webcenter
Working with Portlets in ADF and WebcenterWorking with Portlets in ADF and Webcenter
Working with Portlets in ADF and WebcenterDataNext Solutions
 
Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)J V
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Community and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZCommunity and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZMarkus Eisele
 
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...SPTechCon
 
Onion Architecture and the Blog
Onion Architecture and the BlogOnion Architecture and the Blog
Onion Architecture and the Blogbarryosull
 
Databases & Microsoft SQL Server
Databases & Microsoft SQL ServerDatabases & Microsoft SQL Server
Databases & Microsoft SQL ServerMahmoud Abdallah
 
AMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyAMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyJaap Poot
 
SharePoint 2013 - A Real World Help Desk App End to End
SharePoint 2013 - A Real World Help Desk App End to EndSharePoint 2013 - A Real World Help Desk App End to End
SharePoint 2013 - A Real World Help Desk App End to EndEric Shupps
 
Spca2014 keynote johnson
Spca2014 keynote johnsonSpca2014 keynote johnson
Spca2014 keynote johnsonNCCOMMS
 
Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People SPC Adriatics
 
Building Software Backend (Web API)
Building Software Backend (Web API)Building Software Backend (Web API)
Building Software Backend (Web API)Alexander Goida
 
SharePoint 2013 APIs
SharePoint 2013 APIsSharePoint 2013 APIs
SharePoint 2013 APIsJohn Calvert
 
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...European Collaboration Summit
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2
 

What's hot (20)

ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
 
Talking Services with Oracle ADF and Oracle SOA Suite
Talking Services with Oracle ADF and Oracle SOA SuiteTalking Services with Oracle ADF and Oracle SOA Suite
Talking Services with Oracle ADF and Oracle SOA Suite
 
ECS2019 - Managing Content Types in the Modern World
ECS2019 - Managing Content Types in the Modern WorldECS2019 - Managing Content Types in the Modern World
ECS2019 - Managing Content Types in the Modern World
 
Your first step by step tutorial for oracle SOA
Your first step by step tutorial for oracle SOAYour first step by step tutorial for oracle SOA
Your first step by step tutorial for oracle SOA
 
Solving Single-Sign-On
Solving Single-Sign-OnSolving Single-Sign-On
Solving Single-Sign-On
 
Working with Portlets in ADF and Webcenter
Working with Portlets in ADF and WebcenterWorking with Portlets in ADF and Webcenter
Working with Portlets in ADF and Webcenter
 
Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
Community and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZCommunity and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZ
 
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
 
Onion Architecture and the Blog
Onion Architecture and the BlogOnion Architecture and the Blog
Onion Architecture and the Blog
 
Databases & Microsoft SQL Server
Databases & Microsoft SQL ServerDatabases & Microsoft SQL Server
Databases & Microsoft SQL Server
 
AMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyAMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancy
 
SharePoint 2013 - A Real World Help Desk App End to End
SharePoint 2013 - A Real World Help Desk App End to EndSharePoint 2013 - A Real World Help Desk App End to End
SharePoint 2013 - A Real World Help Desk App End to End
 
Spca2014 keynote johnson
Spca2014 keynote johnsonSpca2014 keynote johnson
Spca2014 keynote johnson
 
Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People
 
Building Software Backend (Web API)
Building Software Backend (Web API)Building Software Backend (Web API)
Building Software Backend (Web API)
 
SharePoint 2013 APIs
SharePoint 2013 APIsSharePoint 2013 APIs
SharePoint 2013 APIs
 
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure Enterprise
 

Similar to Extending drupal authentication

Drupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsDrupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsAlex S
 
How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudLDAPCon
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directoryrwgorrel
 
SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesVagif Abilov
 
Drupal security
Drupal securityDrupal security
Drupal securityJozef Toth
 
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidpasalapudi
 
Drupal security
Drupal securityDrupal security
Drupal securityTechday7
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active DirectoryJalpesh Vadgama
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Doing Drupal security right
Doing Drupal security rightDoing Drupal security right
Doing Drupal security rightGábor Hojtsy
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersTobias Koprowski
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debuggingMaarten Smeets
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentFelipe Prado
 
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by ClouderaBig Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by ClouderaCaserta
 
drupal 7 amfserver presentation: integrating flash and drupal
drupal 7 amfserver presentation: integrating flash and drupaldrupal 7 amfserver presentation: integrating flash and drupal
drupal 7 amfserver presentation: integrating flash and drupalrolf vreijdenberger
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseScott Sutherland
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and SecurityBlueinfy Solutions
 
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCloudIDSummit
 

Similar to Extending drupal authentication (20)

Drupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsDrupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systems
 
How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloud
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
 
SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class Libraries
 
Drupal security
Drupal securityDrupal security
Drupal security
 
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oid
 
Drupal security
Drupal securityDrupal security
Drupal security
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Doing Drupal security right
Doing Drupal security rightDoing Drupal security right
Doing Drupal security right
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginners
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debugging
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
 
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by ClouderaBig Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
 
drupal 7 amfserver presentation: integrating flash and drupal
drupal 7 amfserver presentation: integrating flash and drupaldrupal 7 amfserver presentation: integrating flash and drupal
drupal 7 amfserver presentation: integrating flash and drupal
 
Solr Recipes
Solr RecipesSolr Recipes
Solr Recipes
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and Security
 
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
 

More from Charles Russell

JavaScript Introductin to Functions
JavaScript Introductin to FunctionsJavaScript Introductin to Functions
JavaScript Introductin to FunctionsCharles Russell
 
JavaScript Tools and Implementation
JavaScript Tools and ImplementationJavaScript Tools and Implementation
JavaScript Tools and ImplementationCharles Russell
 
JavaScript Comments and Conditionals
JavaScript Comments and ConditionalsJavaScript Comments and Conditionals
JavaScript Comments and ConditionalsCharles Russell
 

More from Charles Russell (10)

Js objects
Js objectsJs objects
Js objects
 
JavaScript Introductin to Functions
JavaScript Introductin to FunctionsJavaScript Introductin to Functions
JavaScript Introductin to Functions
 
JavaScript iteration
JavaScript iterationJavaScript iteration
JavaScript iteration
 
Open Source Software
Open Source SoftwareOpen Source Software
Open Source Software
 
JavaScript Variables
JavaScript VariablesJavaScript Variables
JavaScript Variables
 
JavaScript Tools and Implementation
JavaScript Tools and ImplementationJavaScript Tools and Implementation
JavaScript Tools and Implementation
 
JavaScript Operators
JavaScript OperatorsJavaScript Operators
JavaScript Operators
 
JavaScript Comments and Conditionals
JavaScript Comments and ConditionalsJavaScript Comments and Conditionals
JavaScript Comments and Conditionals
 
JavaScript Introduction
JavaScript IntroductionJavaScript Introduction
JavaScript Introduction
 
JavaScript Data Types
JavaScript Data TypesJavaScript Data Types
JavaScript Data Types
 

Recently uploaded

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Recently uploaded (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Extending drupal authentication

  • 1. Charles Russell CTSC UC Davis Medical Center Bennubird Media SacProNet
  • 3. Multi Layered Security System • Account/Role based • SQL table based and internal into the system • OpenID (optional) Great for a stand alone site, but what if • You have to integrate with legacy systems • You have to tie this site to other service providers not using Drupal. • You have to coordinate with other organizations
  • 4. • Directory Based • May be some type of SQL based system • LDAP (Lightweight Directory Access Protocol) • Central Single Sign On • Kerberose • CAS (Central Access System) • Federated System • OpenID • SAML (Security Assertion Markup Language) • XACML ( eXtensible Access Control Markup Language) • Shibboleth • Oauth
  • 5. • Identity Providers (IP) • Verify and provide credentials • Service Providers (SP) • Provide the requested services if user authenticates In a Drupal only site Drupal is both IP and SP
  • 6. • Drupal requires accounts • Drupal needs three pieces of information to establish an account. • User name • Password • Email • Direct Login is possible and plans should be made to handle the case that the IP no longer certifies the user.
  • 7. There are many SQL implementations are custom so look up is going resist generic a generic solution LDAP is a standard and fortunately is the most common implementation of directory. A good argument could be made that Drupal’s native authentication is of this type
  • 8. Directory System Agent is contacted by a client which sends a response back to the client. • Requests and Responses are sent in plain text • Every entry has a unique Identifier DN and a set of attributes.
  • 9. http://drupal.org/project/ldap Drupal 6 use LDAP Integration Module not LDAP Module
  • 10. Allows users throughout an organization use a single password to access all of the resources of that organization. • Passwords are not shared with the application • Communication between client and server are encrypted and prevents eves dropping and replay attacks • Kerberos and CAS Protocols are the most common implementation.
  • 11. Developed at MIT as part of Project Athena which was a project a campus wide computing environment
  • 13. Developed at Yale University. Currently maintained by Java Architectures Special Interest Group.
  • 15. Allows access to users of the system outside of their local environment, sending identity information to the application or site that has already been verified by the IP Allows you to send users to external resources and allows external resources to in a secure way to use your site.. There is a long list of federated protocols some of the more popular open source solutions are OpenID, OAuth, SAML, and Shibboleth.
  • 16. • Developed in 2005 Originally Called YADIS • Comes with Drupal Out of the box • Because Drupal requires user and password Open id must be assigned to Drupal user • Email still required so legitimacy can be established • Documentation at http://Drupal.org/documentation/modules/openid
  • 17. • Grew out of Open ID • Commercial use very common • Allows sharing of private information with giving out credentials
  • 19. • Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. • Very common in education and government • Shibboleth home page http://shibboleth.net
  • 21. Organization for the Advancement of Structured Information Standards
  • 22. • XML Based mark up language to assert Identity • Usually assertion sent as web service in soap wrapper <saml:Assertion Version="2.0" IssueInstant="2009-02-04T23:08:00.173Z" ID="el-hJZpkAd5XlBywvK_LxieTaC."> <saml:Issuer>IDFED_E2E_IDP_SP_APP</saml:Issuer> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#el-hJZpkAd5XlBywvK_LxieTaC."> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>A7IVn/YqCJW6ZQT9/PqFBdZzhuY=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> ………. </saml:Assertion >

Editor's Notes

  1. 30/60 me
  2. As of Drupal 7 we now can use PDO and with DBTNG we are now database neutral. Bigger issue is on the right where they are discussing authentication type. And that is the subject of this d