Single Sign On    Enterprizzzey ready!Nikos Dimitrakopoulos | @nikosd
Single Sign On (really)● Centralized (almost) authentication● Login once - be logged-in in multiple  services● More than j...
shamelessy stolen from http://merbist.com/2012/04/04/building-and-implementing-a-single-sign-on-solution/
Additional specs●   KISS (reaaaaally simple)●   DRY●   Modular●   Extensible●   Ruby!
Components● Standard● Ruby implementation for standard● An actual *abstract* server
Standards●   OpenID●   OAuth●   CAS●   Shibboleth●   SAML●   Custom
OpenID● Decentralization of authentication● Not about Single Sign On
Standards●   OpenID●   OAuth●   CAS●   Shibboleth●   SAML●   Custom
OAuth● Authorization● NOT authentication
Standards●   OpenID●   OAuth●   CAS●   Shibboleth●   SAML●   Custom
CAS● Not bad...● With a lot of free implementations :   ○ RubyCAS-Server   ○ Jasig CAS (Java)   ○ ...   ○
Standards●   OpenID●   OAuth●   CAS●   Shibboleth●   SAML●   Custom
Shibboleth● Actually got integrated in SAML 2.0...
Standards●   OpenID●   OAuth●   CAS●   Shibboleth●   SAML 2.0●   Custom
SAML (2.0)● Complex● XML based● (Unhappy face here...)
SAML (2.0)● Complex● XML based● (Unhappy face here...)But :● Really the only de-facto standard● Implemented / supported by...
Standards●   OpenID●   OAuth●   CAS●   Shibboleth●   SAML 2.0●   Custom
Custom● http://merbist.com/2012/04/04/building-and-  implementing-a-single-sign-on-solution/● http://blog.joshsoftware.  c...
Standards●   OpenID●   OAuth●   CAS●   Shibboleth●   SAML 2.0●   Custom
CAS vs SAML 2.0● Lets go for the interoperability....● And yes, I suck at XML
Standards●   OpenID●   OAuth●   CAS●   Shibboleth●   SAML 2.0●   Custom
RSAML●   Wrapper library around SAML 2.0●   Pure ruby●   Most of the functionality required●   Untouched for 2 years●   No...
Server (codename "russo")● The actual "server" thing● WIP (unreleased code yet)
Russo●   Rails 3 engine●   Reeeeeaaally KISS●   Actually HTTP to SAML 2.0 library●   SAML 2.0 logic in RSAML●   No actual ...
Russo● Status : Core functionality should be there  during this week● Use cases : Pretty open since most of the  functiona...
Why this presentation???                 Please help!!! :)● Finish up RSAML  ○ XML Signing  ○ Unimplemented features● Comp...
Upcoming SlideShare
Loading in …5
×

Single Sign On in Ruby - Enterprise Ready!

5,567 views
5,234 views

Published on

Published in: Technology
2 Comments
4 Likes
Statistics
Notes
  • With a little work it could be published. It's basically a minimal Rails engine that does the mapping between 'user' entities to SAML bindings... Find me at demisone at gmail dot com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Where can I find russo source code? Can we test it?
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
5,567
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
30
Comments
2
Likes
4
Embeds 0
No embeds

No notes for slide

Single Sign On in Ruby - Enterprise Ready!

  1. 1. Single Sign On Enterprizzzey ready!Nikos Dimitrakopoulos | @nikosd
  2. 2. Single Sign On (really)● Centralized (almost) authentication● Login once - be logged-in in multiple services● More than just "no password required"● Single Log Out● Actual "authenticator" can be an outsider (Facebook, Twitter, or whatever...)
  3. 3. shamelessy stolen from http://merbist.com/2012/04/04/building-and-implementing-a-single-sign-on-solution/
  4. 4. Additional specs● KISS (reaaaaally simple)● DRY● Modular● Extensible● Ruby!
  5. 5. Components● Standard● Ruby implementation for standard● An actual *abstract* server
  6. 6. Standards● OpenID● OAuth● CAS● Shibboleth● SAML● Custom
  7. 7. OpenID● Decentralization of authentication● Not about Single Sign On
  8. 8. Standards● OpenID● OAuth● CAS● Shibboleth● SAML● Custom
  9. 9. OAuth● Authorization● NOT authentication
  10. 10. Standards● OpenID● OAuth● CAS● Shibboleth● SAML● Custom
  11. 11. CAS● Not bad...● With a lot of free implementations : ○ RubyCAS-Server ○ Jasig CAS (Java) ○ ... ○
  12. 12. Standards● OpenID● OAuth● CAS● Shibboleth● SAML● Custom
  13. 13. Shibboleth● Actually got integrated in SAML 2.0...
  14. 14. Standards● OpenID● OAuth● CAS● Shibboleth● SAML 2.0● Custom
  15. 15. SAML (2.0)● Complex● XML based● (Unhappy face here...)
  16. 16. SAML (2.0)● Complex● XML based● (Unhappy face here...)But :● Really the only de-facto standard● Implemented / supported by : ○ Google ○ Microsoft ○ Oracle ○ ...
  17. 17. Standards● OpenID● OAuth● CAS● Shibboleth● SAML 2.0● Custom
  18. 18. Custom● http://merbist.com/2012/04/04/building-and- implementing-a-single-sign-on-solution/● http://blog.joshsoftware. com/2010/12/16/multiple-applications-with- devise-omniauth-and-single-sign-on/No thanks...
  19. 19. Standards● OpenID● OAuth● CAS● Shibboleth● SAML 2.0● Custom
  20. 20. CAS vs SAML 2.0● Lets go for the interoperability....● And yes, I suck at XML
  21. 21. Standards● OpenID● OAuth● CAS● Shibboleth● SAML 2.0● Custom
  22. 22. RSAML● Wrapper library around SAML 2.0● Pure ruby● Most of the functionality required● Untouched for 2 years● Now maintained at github.com:rsaml/rsaml● Missing some functionality...
  23. 23. Server (codename "russo")● The actual "server" thing● WIP (unreleased code yet)
  24. 24. Russo● Rails 3 engine● Reeeeeaaally KISS● Actually HTTP to SAML 2.0 library● SAML 2.0 logic in RSAML● No actual auth logic inside : ○ Do it on the mounted app ○ Use OmniAuth!!!
  25. 25. Russo● Status : Core functionality should be there during this week● Use cases : Pretty open since most of the functionality is done on the mounted app● Learning curve : Pretty high - understanding SAML is required
  26. 26. Why this presentation??? Please help!!! :)● Finish up RSAML ○ XML Signing ○ Unimplemented features● Complete Russo ○ Single Log Out ○ Support for other use cases ○ Documentation

×