Your SlideShare is downloading. ×
  • Like
Plone and Single-Sign On - Active Directory and the Holy Grail
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Plone and Single-Sign On - Active Directory and the Holy Grail

  • 3,146 views
Published

These are the slides of a talk I gave on Single Sign On in Plone via Active Directory using netsight.windowsauthplugin

These are the slides of a talk I gave on Single Sign On in Plone via Active Directory using netsight.windowsauthplugin

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Excellent talk in Sorrento how professional 'Single-Sign On' can improve your business life with well configured Plone sites compared with boring procedures or workarounds you need with MS native stuff like Sharepoint to reach compareable comfort if at all. #Plone #Comfort #Enterprise #ContentManagement #cms #ecm.
    Are you sure you want to
    Your message goes here
  • Screencast of the demo I did in this talk:
    http://www.youtube.com/watch?v=-FLQxeD5_1M
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
3,146
On SlideShare
0
From Embeds
0
Number of Embeds
7

Actions

Shares
Downloads
14
Comments
2
Likes
5

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Plone and Single-Sign On Active Directory and the Holy Grail Matt Hamilton
  • 2. Who am I?• Working with Plone/Zope since 1999• Director at Netsight in the UK• Worked on a number of projects doing authentication over the years Plone Open Garden 2013
  • 3. What are we trying to do?• Allow uses to be automatically logged in to a website without having to type in their username/password Plone Open Garden 2013
  • 4. Kerberos• Developed by MIT many many years ago• Used in Unix.... but also used on Windows, OSX, Linux• Based on authentication ‘tickets’ Plone Open Garden 2013
  • 5. Other approaches• Apache in front of Plone - mod_kerberos - mod_ntlm - mod_authtkt / mod_pubcookie• Plone on IIS - Enfold proxy - IISAPI Plone Open Garden 2013
  • 6. Why do it in Plone?• Ultimate control over if/when to require authentication from a user• Fallback to other authentication methods• Mix of user sources Plone Open Garden 2013
  • 7. netsight.windowsauthplugin• Runs on either Windows or Unix/Linux/ OSX• Windows: Uses Windows’ internal SSPI API• Unix: Uses MIT Kerberos libraries Plone Open Garden 2013
  • 8. [buildout]...eggs = ... netsight.windowsauthplugin Plone Open Garden 2013
  • 9. Recent Use-case• Two departments of National Health Service are merging• ...but their IT systems are still separate• Two different Active Directory domains: CFH and IC Plone Open Garden 2013
  • 10. Recent Use-case• Half the users in one domain, half in the other• Both need to be automatically authenticated to a single, common intranet• Need to allow fallback to manual username/password Plone Open Garden 2013
  • 11. Plone Open Garden 2013
  • 12. How does Kerberos work? Plone Open Garden 2013
  • 13. How does Kerberos work? Plone Open Garden 2013
  • 14. How does Kerberos work? Plone Open Garden 2013
  • 15. Demo Plone Open Garden 2013
  • 16. Complex Setups Plone Open Garden 2013
  • 17. Member Properties• Get data from Active Directory via LDAP• Use plone.app.ldap• Can use OpenLDAP as a proxy server - Increased reliability - Combine multiple LDAP/AD servers - Caching Plone Open Garden 2013
  • 18. Questions?• Matt Hamilton• matth@netsight.co.uk• @hammertoe• https://github.com/netsight/ netsight.windowsauthplugin Plone Open Garden 2013