Single Sign On Enterprizzzey ready!Nikos Dimitrakopoulos | @nikosd
Single Sign On (really)● Centralized (almost) authentication● Login once - be logged-in in multiple services● More than just "no password required"● Single Log Out● Actual "authenticator" can be an outsider (Facebook, Twitter, or whatever...)
shamelessy stolen from http://merbist.com/2012/04/04/building-and-implementing-a-single-sign-on-solution/
Additional specs● KISS (reaaaaally simple)● DRY● Modular● Extensible● Ruby!
Components● Standard● Ruby implementation for standard● An actual *abstract* server
RSAML● Wrapper library around SAML 2.0● Pure ruby● Most of the functionality required● Untouched for 2 years● Now maintained at github.com:rsaml/rsaml● Missing some functionality...
Server (codename "russo")● The actual "server" thing● WIP (unreleased code yet)
Russo● Rails 3 engine● Reeeeeaaally KISS● Actually HTTP to SAML 2.0 library● SAML 2.0 logic in RSAML● No actual auth logic inside : ○ Do it on the mounted app ○ Use OmniAuth!!!
Russo● Status : Core functionality should be there during this week● Use cases : Pretty open since most of the functionality is done on the mounted app● Learning curve : Pretty high - understanding SAML is required
Why this presentation??? Please help!!! :)● Finish up RSAML ○ XML Signing ○ Unimplemented features● Complete Russo ○ Single Log Out ○ Support for other use cases ○ Documentation