Your SlideShare is downloading. ×
0
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Plone and Single-Sign On - Active Directory and the Holy Grail

3,438

Published on

These are the slides of a talk I gave on Single Sign On in Plone via Active Directory using netsight.windowsauthplugin

These are the slides of a talk I gave on Single Sign On in Plone via Active Directory using netsight.windowsauthplugin

2 Comments
5 Likes
Statistics
Notes
No Downloads
Views
Total Views
3,438
On Slideshare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
17
Comments
2
Likes
5
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Plone and Single-Sign On Active Directory and the Holy Grail Matt Hamilton
  • 2. Who am I?• Working with Plone/Zope since 1999• Director at Netsight in the UK• Worked on a number of projects doing authentication over the years Plone Open Garden 2013
  • 3. What are we trying to do?• Allow uses to be automatically logged in to a website without having to type in their username/password Plone Open Garden 2013
  • 4. Kerberos• Developed by MIT many many years ago• Used in Unix.... but also used on Windows, OSX, Linux• Based on authentication ‘tickets’ Plone Open Garden 2013
  • 5. Other approaches• Apache in front of Plone - mod_kerberos - mod_ntlm - mod_authtkt / mod_pubcookie• Plone on IIS - Enfold proxy - IISAPI Plone Open Garden 2013
  • 6. Why do it in Plone?• Ultimate control over if/when to require authentication from a user• Fallback to other authentication methods• Mix of user sources Plone Open Garden 2013
  • 7. netsight.windowsauthplugin• Runs on either Windows or Unix/Linux/ OSX• Windows: Uses Windows’ internal SSPI API• Unix: Uses MIT Kerberos libraries Plone Open Garden 2013
  • 8. [buildout]...eggs = ... netsight.windowsauthplugin Plone Open Garden 2013
  • 9. Recent Use-case• Two departments of National Health Service are merging• ...but their IT systems are still separate• Two different Active Directory domains: CFH and IC Plone Open Garden 2013
  • 10. Recent Use-case• Half the users in one domain, half in the other• Both need to be automatically authenticated to a single, common intranet• Need to allow fallback to manual username/password Plone Open Garden 2013
  • 11. Plone Open Garden 2013
  • 12. How does Kerberos work? Plone Open Garden 2013
  • 13. How does Kerberos work? Plone Open Garden 2013
  • 14. How does Kerberos work? Plone Open Garden 2013
  • 15. Demo Plone Open Garden 2013
  • 16. Complex Setups Plone Open Garden 2013
  • 17. Member Properties• Get data from Active Directory via LDAP• Use plone.app.ldap• Can use OpenLDAP as a proxy server - Increased reliability - Combine multiple LDAP/AD servers - Caching Plone Open Garden 2013
  • 18. Questions?• Matt Hamilton• matth@netsight.co.uk• @hammertoe• https://github.com/netsight/ netsight.windowsauthplugin Plone Open Garden 2013

×