Plone and Single-Sign On - Active Directory and the Holy Grail
Upcoming SlideShare
Loading in...5
×
 

Plone and Single-Sign On - Active Directory and the Holy Grail

on

  • 3,085 views

These are the slides of a talk I gave on Single Sign On in Plone via Active Directory using netsight.windowsauthplugin

These are the slides of a talk I gave on Single Sign On in Plone via Active Directory using netsight.windowsauthplugin

Statistics

Views

Total Views
3,085
Views on SlideShare
2,448
Embed Views
637

Actions

Likes
4
Downloads
10
Comments
2

9 Embeds 637

http://www.netsight.co.uk 432
http://www.abstract.it 109
http://www.evenios.com 42
http://gestione-www.abstract.it 32
https://twitter.com 16
http://amixia18.dinjarpel.com 3
http://ranksit.com 1
https://duckduckgo.com 1
http://old-www.abstract.it 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

12 of 2

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Excellent talk in Sorrento how professional 'Single-Sign On' can improve your business life with well configured Plone sites compared with boring procedures or workarounds you need with MS native stuff like Sharepoint to reach compareable comfort if at all. #Plone #Comfort #Enterprise #ContentManagement #cms #ecm.
    Are you sure you want to
    Your message goes here
    Processing…
  • Screencast of the demo I did in this talk:
    http://www.youtube.com/watch?v=-FLQxeD5_1M
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Plone and Single-Sign On - Active Directory and the Holy Grail Plone and Single-Sign On - Active Directory and the Holy Grail Presentation Transcript

    • Plone and Single-Sign On Active Directory and the Holy Grail Matt Hamilton
    • Who am I?• Working with Plone/Zope since 1999• Director at Netsight in the UK• Worked on a number of projects doing authentication over the years Plone Open Garden 2013
    • What are we trying to do?• Allow uses to be automatically logged in to a website without having to type in their username/password Plone Open Garden 2013
    • Kerberos• Developed by MIT many many years ago• Used in Unix.... but also used on Windows, OSX, Linux• Based on authentication ‘tickets’ Plone Open Garden 2013
    • Other approaches• Apache in front of Plone - mod_kerberos - mod_ntlm - mod_authtkt / mod_pubcookie• Plone on IIS - Enfold proxy - IISAPI Plone Open Garden 2013
    • Why do it in Plone?• Ultimate control over if/when to require authentication from a user• Fallback to other authentication methods• Mix of user sources Plone Open Garden 2013
    • netsight.windowsauthplugin• Runs on either Windows or Unix/Linux/ OSX• Windows: Uses Windows’ internal SSPI API• Unix: Uses MIT Kerberos libraries Plone Open Garden 2013
    • [buildout]...eggs = ... netsight.windowsauthplugin Plone Open Garden 2013
    • Recent Use-case• Two departments of National Health Service are merging• ...but their IT systems are still separate• Two different Active Directory domains: CFH and IC Plone Open Garden 2013
    • Recent Use-case• Half the users in one domain, half in the other• Both need to be automatically authenticated to a single, common intranet• Need to allow fallback to manual username/password Plone Open Garden 2013
    • Plone Open Garden 2013
    • How does Kerberos work? Plone Open Garden 2013
    • How does Kerberos work? Plone Open Garden 2013
    • How does Kerberos work? Plone Open Garden 2013
    • Demo Plone Open Garden 2013
    • Complex Setups Plone Open Garden 2013
    • Member Properties• Get data from Active Directory via LDAP• Use plone.app.ldap• Can use OpenLDAP as a proxy server - Increased reliability - Combine multiple LDAP/AD servers - Caching Plone Open Garden 2013
    • Questions?• Matt Hamilton• matth@netsight.co.uk• @hammertoe• https://github.com/netsight/ netsight.windowsauthplugin Plone Open Garden 2013