SlideShare uma empresa Scribd logo

Odin Authenticator

Transferir como KEY, PDF
Maciej Pasternacki
Maciej Pasternacki

Announcement of the Odin Authenticator, a cookie-based single sign-on system for Apache, implemented as a mod_perl handler and a Perl Dancer webapp.

Tecnologia
1 de 17
Odin Authenticator A cookie-based single sign-on system for Apache
Act I The Sad Situation
You are in a maze of twisty little webapps, all alike. • Munin • Rundeck • Icinga • Logstash • Resque-Web • Graphite • Jenkins • … Multiple servers, same users
How to authenticate? • HTTP auth? – Awful UX & UI. Syncing passwords is tricky. • LDAP? – No. Just no. • OpenID? – Dependency on a new third party, frequent callbacks, slow, inconvenient. • FreeIPA? – Overkill.
GodAuth • https://github.com/exflickr/GodAuth • A mod_perl module shared by Flickr • Shared cookie, HMAC-signed with a shared secret • Clunky, manual installation & setup • Badly needed a rewrite
Act II Light in the tunnel
Odin Authenticator The badly needed rewrite of GodAuth http://ginzamarkets.github.com/odin_authenticator/
General setup • Individual services under single domain (something.i.yourdomain.com) • Domain root (i.yourdomain.com) serves the authenticator, which sets the cookie
OdinAuth • ginzamarkets/Apache2-Authen-OdinAuth on GitHub • Apache2::Authen::OdinAuth on CPAN • Apache 2 mod_perl handler • Sane(r) config in YAML • Automated installation
OdinAuth 1. cpan install Apache2::Authen::OdinAuth 2. PerlSetVar odinauth_config /path/to/odin_auth.yml 3. PerlFixupHandler Apache2::Authen::OdinAuth 4. Copy and edit odin_auth.yml config file
Odin Authorizer App • ginzamarkets/App-OdinAuthorizer on GitHub • Perl Dancer webapp that calls out to Google Apps for Domains to authenticate and sets the signed cookie if successful • Simple & basic – no user roles, single configured valid domain
Odin Authorizer App 1. hub clone ginzamarkets/App-OdinAuthorizer 2. perl Build.pl ./Build installdeps 3. ./bin/app.pl Use Apache, mod_perl, and http://plackperl.org/ for real deployment
DEMO TIME
Act III The Bright Future
• Move Apache handler config into httpd.conf • Make authorizer webapp more flexible • Different sources of identity • Multi-factor authentication • RBAC • More eyeballs on the crypto stuff
Have fun! http://ginzamarkets.github.com/odin_authenticator/

Recomendados

How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation Easy
Peter Sankauskas
 
Taking Spinnaker for a spin @ London DevOps Meetup 36
Taking Spinnaker for a spin @ London DevOps Meetup 36Taking Spinnaker for a spin @ London DevOps Meetup 36
Taking Spinnaker for a spin @ London DevOps Meetup 36
aleonhardt
 
Server deployment
Server deploymentServer deployment
Server deployment
bsadd
 
Sexy, Powerful, Exciting
Sexy, Powerful, ExcitingSexy, Powerful, Exciting
Sexy, Powerful, Exciting
Robert Senktas
 
Use case 1 - for Sitecore Automation Module
Use case 1 - for Sitecore Automation ModuleUse case 1 - for Sitecore Automation Module
Use case 1 - for Sitecore Automation Module
Robert Senktas
 
Hashicorp Products Overview
Hashicorp Products OverviewHashicorp Products Overview
Hashicorp Products Overview
Uchit Vyas ☁
 
Monitor-Driven Development Using Ansible
Monitor-Driven Development Using AnsibleMonitor-Driven Development Using Ansible
Monitor-Driven Development Using Ansible
Itamar Hassin
 
Hashicorp-Terraform_Packer_Vault-by Sushil
Hashicorp-Terraform_Packer_Vault-by SushilHashicorp-Terraform_Packer_Vault-by Sushil
Hashicorp-Terraform_Packer_Vault-by Sushil
Sushil Kumar
 

Recomendados

How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation Easy
Peter Sankauskas
 
Taking Spinnaker for a spin @ London DevOps Meetup 36
Taking Spinnaker for a spin @ London DevOps Meetup 36Taking Spinnaker for a spin @ London DevOps Meetup 36
Taking Spinnaker for a spin @ London DevOps Meetup 36
aleonhardt
 
Server deployment
Server deploymentServer deployment
Server deployment
bsadd
 
Sexy, Powerful, Exciting
Sexy, Powerful, ExcitingSexy, Powerful, Exciting
Sexy, Powerful, Exciting
Robert Senktas
 
Use case 1 - for Sitecore Automation Module
Use case 1 - for Sitecore Automation ModuleUse case 1 - for Sitecore Automation Module
Use case 1 - for Sitecore Automation Module
Robert Senktas
 
Hashicorp Products Overview
Hashicorp Products OverviewHashicorp Products Overview
Hashicorp Products Overview
Uchit Vyas ☁
 
Monitor-Driven Development Using Ansible
Monitor-Driven Development Using AnsibleMonitor-Driven Development Using Ansible
Monitor-Driven Development Using Ansible
Itamar Hassin
 
Hashicorp-Terraform_Packer_Vault-by Sushil
Hashicorp-Terraform_Packer_Vault-by SushilHashicorp-Terraform_Packer_Vault-by Sushil
Hashicorp-Terraform_Packer_Vault-by Sushil
Sushil Kumar
 
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Rick G. Garibay
 
Package Management on Windows with Chocolatey
Package Management on Windows with ChocolateyPackage Management on Windows with Chocolatey
Package Management on Windows with Chocolatey
Puppet
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
Greg DeKoenigsberg
 
Rubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行するRubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行する
Maki Toshio
 
Drupal and Elasticsearch
Drupal and ElasticsearchDrupal and Elasticsearch
Drupal and Elasticsearch
Nikolay Ignatov
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction
Robert Reiz
 
Ansible
AnsibleAnsible
Ansible
Rahul Bajaj
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014
Robert Reiz
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and Docker
Dennis Rowe
 
Infrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & AnsibleInfrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & Ansible
wajrcs
 
Delivery Pipeline for Windows Machines
Delivery Pipeline for Windows MachinesDelivery Pipeline for Windows Machines
Delivery Pipeline for Windows Machines
Dmitry Buzdin
 
My Top 5 Favorite Gems
My Top 5 Favorite GemsMy Top 5 Favorite Gems
My Top 5 Favorite Gems
Jimmy Ngu
 
Ansible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers GaliciaAnsible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers Galicia
Juan Diego Pereiro Arean
 
London Community Summit - Habitat 2016
London Community Summit - Habitat 2016London Community Summit - Habitat 2016
London Community Summit - Habitat 2016
Sarah Richards
 
Gigigo Workshop - Create an iOS Framework, document it and not die trying
Gigigo Workshop - Create an iOS Framework, document it and not die tryingGigigo Workshop - Create an iOS Framework, document it and not die trying
Gigigo Workshop - Create an iOS Framework, document it and not die trying
Alex Rupérez
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
rmcleay
 
Vagrant For DevOps
Vagrant For DevOpsVagrant For DevOps
Vagrant For DevOps
Lalatendu Mohanty
 
Getting started with automation using ansible
Getting started with automation using ansibleGetting started with automation using ansible
Getting started with automation using ansible
Kelvin Charles
 
CocoaPods Basic Usage
CocoaPods Basic UsageCocoaPods Basic Usage
CocoaPods Basic Usage
Ryan Wang
 
How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...
Dmytro Mykhailov
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
WO Community
 
Ci for i-os-codemash-01.2013
Ci for i-os-codemash-01.2013Ci for i-os-codemash-01.2013
Ci for i-os-codemash-01.2013
Kevin Munc
 

Mais conteúdo relacionado

Mais procurados

Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Rick G. Garibay
 
Package Management on Windows with Chocolatey
Package Management on Windows with ChocolateyPackage Management on Windows with Chocolatey
Package Management on Windows with Chocolatey
Puppet
 
Rubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行するRubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行する
Maki Toshio
 

Mais procurados (20)

Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
 
Package Management on Windows with Chocolatey
Package Management on Windows with ChocolateyPackage Management on Windows with Chocolatey
Package Management on Windows with Chocolatey
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
 
Rubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行するRubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行する
 
Drupal and Elasticsearch
Drupal and ElasticsearchDrupal and Elasticsearch
Drupal and Elasticsearch
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction
 
Ansible
AnsibleAnsible
Ansible
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and Docker
 
Infrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & AnsibleInfrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & Ansible
 
Delivery Pipeline for Windows Machines
Delivery Pipeline for Windows MachinesDelivery Pipeline for Windows Machines
Delivery Pipeline for Windows Machines
 
My Top 5 Favorite Gems
My Top 5 Favorite GemsMy Top 5 Favorite Gems
My Top 5 Favorite Gems
 
Ansible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers GaliciaAnsible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers Galicia
 
London Community Summit - Habitat 2016
London Community Summit - Habitat 2016London Community Summit - Habitat 2016
London Community Summit - Habitat 2016
 
Gigigo Workshop - Create an iOS Framework, document it and not die trying
Gigigo Workshop - Create an iOS Framework, document it and not die tryingGigigo Workshop - Create an iOS Framework, document it and not die trying
Gigigo Workshop - Create an iOS Framework, document it and not die trying
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
 
Vagrant For DevOps
Vagrant For DevOpsVagrant For DevOps
Vagrant For DevOps
 
Getting started with automation using ansible
Getting started with automation using ansibleGetting started with automation using ansible
Getting started with automation using ansible
 
CocoaPods Basic Usage
CocoaPods Basic UsageCocoaPods Basic Usage
CocoaPods Basic Usage
 
How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...
 

Semelhante a Odin Authenticator

Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for Pentesting
Mike Felch
 
OpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red HatsOpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red Hats
Mark Atwood
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
lior mazor
 
Apache Cordova phonegap plugins for mobile app development
Apache Cordova phonegap plugins for mobile app developmentApache Cordova phonegap plugins for mobile app development
Apache Cordova phonegap plugins for mobile app development
webprogr.com
 
Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012
Volkan Özçelik
 

Semelhante a Odin Authenticator (20)

Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
 
Ci for i-os-codemash-01.2013
Ci for i-os-codemash-01.2013Ci for i-os-codemash-01.2013
Ci for i-os-codemash-01.2013
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for Pentesting
 
Kubeflow Development Environment
Kubeflow Development EnvironmentKubeflow Development Environment
Kubeflow Development Environment
 
Cocoapods in action
Cocoapods in actionCocoapods in action
Cocoapods in action
 
OpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red HatsOpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red Hats
 
VMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put together
VMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put togetherVMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put together
VMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put together
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 
External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1)
 
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfest
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
Gocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous DeploymentGocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous Deployment
 
Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017
 
Google App Engine: For PHP Developers
Google App Engine: For PHP DevelopersGoogle App Engine: For PHP Developers
Google App Engine: For PHP Developers
 
Apache Cordova phonegap plugins for mobile app development
Apache Cordova phonegap plugins for mobile app developmentApache Cordova phonegap plugins for mobile app development
Apache Cordova phonegap plugins for mobile app development
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
 
Continuous Deployment with Jenkins and Salt
Continuous Deployment with Jenkins and SaltContinuous Deployment with Jenkins and Salt
Continuous Deployment with Jenkins and Salt
 
Building with Virtual Development Environments
Building with Virtual Development EnvironmentsBuilding with Virtual Development Environments
Building with Virtual Development Environments
 
Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012
 

Mais de Maciej Pasternacki

Mais de Maciej Pasternacki (6)

A Continuous Packaging Pipeline
A Continuous Packaging PipelineA Continuous Packaging Pipeline
A Continuous Packaging Pipeline
 
Why do we fail? (And how do we stop doing that?
Why do we fail? (And how do we stop doing that?Why do we fail? (And how do we stop doing that?
Why do we fail? (And how do we stop doing that?
 
Monitoringsucks
MonitoringsucksMonitoringsucks
Monitoringsucks
 
Test-driven development: a case study
Test-driven development: a case studyTest-driven development: a case study
Test-driven development: a case study
 
Amazon Web Services (cloud: is it good for anything?)
Amazon Web Services (cloud: is it good for anything?)Amazon Web Services (cloud: is it good for anything?)
Amazon Web Services (cloud: is it good for anything?)
 
Devops lightning talk
Devops lightning talkDevops lightning talk
Devops lightning talk
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Odin Authenticator

  • 1.
  • 2. Odin Authenticator A cookie-based single sign-on system for Apache
  • 3. Act I The Sad Situation
  • 4. You are in a maze of twisty little webapps, all alike. • Munin • Rundeck • Icinga • Logstash • Resque-Web • Graphite • Jenkins • … Multiple servers, same users
  • 5. How to authenticate? • HTTP auth? – Awful UX & UI. Syncing passwords is tricky. • LDAP? – No. Just no. • OpenID? – Dependency on a new third party, frequent callbacks, slow, inconvenient. • FreeIPA? – Overkill.
  • 6. GodAuth • https://github.com/exflickr/GodAuth • A mod_perl module shared by Flickr • Shared cookie, HMAC-signed with a shared secret • Clunky, manual installation & setup • Badly needed a rewrite
  • 7. Act II Light in the tunnel
  • 8. Odin Authenticator The badly needed rewrite of GodAuth http://ginzamarkets.github.com/odin_authenticator/
  • 9. General setup • Individual services under single domain (something.i.yourdomain.com) • Domain root (i.yourdomain.com) serves the authenticator, which sets the cookie
  • 10. OdinAuth • ginzamarkets/Apache2-Authen-OdinAuth on GitHub • Apache2::Authen::OdinAuth on CPAN • Apache 2 mod_perl handler • Sane(r) config in YAML • Automated installation
  • 11. OdinAuth 1. cpan install Apache2::Authen::OdinAuth 2. PerlSetVar odinauth_config /path/to/odin_auth.yml 3. PerlFixupHandler Apache2::Authen::OdinAuth 4. Copy and edit odin_auth.yml config file
  • 12. Odin Authorizer App • ginzamarkets/App-OdinAuthorizer on GitHub • Perl Dancer webapp that calls out to Google Apps for Domains to authenticate and sets the signed cookie if successful • Simple & basic – no user roles, single configured valid domain
  • 13. Odin Authorizer App 1. hub clone ginzamarkets/App-OdinAuthorizer 2. perl Build.pl ./Build installdeps 3. ./bin/app.pl Use Apache, mod_perl, and http://plackperl.org/ for real deployment
  • 16. • Move Apache handler config into httpd.conf • Make authorizer webapp more flexible • Different sources of identity • Multi-factor authentication • RBAC • More eyeballs on the crypto stuff

Notas do Editor

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n