Your SlideShare is downloading. ×
0
Odin AuthenticatorA cookie-based single sign-on system for Apache
Act IThe Sad Situation
You are in a maze of twisty  little webapps, all alike.• Munin         • Rundeck• Icinga        • Logstash• Resque-Web    ...
How to authenticate?• HTTP auth? – Awful UX & UI. Syncing  passwords is tricky.• LDAP? – No. Just no.• OpenID? – Dependenc...
GodAuth• https://github.com/exflickr/GodAuth• A mod_perl module shared by Flickr• Shared cookie, HMAC-signed with a shared ...
Act IILight in the tunnel
Odin Authenticator      The badly needed rewrite of GodAuthhttp://ginzamarkets.github.com/odin_authenticator/
General setup• Individual services under single domain  (something.i.yourdomain.com)• Domain root (i.yourdomain.com) serve...
OdinAuth• ginzamarkets/Apache2-Authen-OdinAuth  on GitHub• Apache2::Authen::OdinAuth on CPAN• Apache 2 mod_perl handler• S...
OdinAuth1. cpan install Apache2::Authen::OdinAuth2. PerlSetVar odinauth_config     /path/to/odin_auth.yml3. PerlFixupHandle...
Odin Authorizer App• ginzamarkets/App-OdinAuthorizer  on GitHub• Perl Dancer webapp that calls out to  Google Apps for Dom...
Odin Authorizer App 1. hub clone      ginzamarkets/App-OdinAuthorizer 2. perl Build.pl   ./Build installdeps 3. ./bin/app....
DEMO TIME
Act IIIThe Bright Future
• Move Apache handler config into httpd.conf• Make authorizer webapp more flexible• Different sources of identity• Multi-fac...
Have fun!http://ginzamarkets.github.com/odin_authenticator/
Odin Authenticator
Upcoming SlideShare
Loading in...5
×

Odin Authenticator

8,593

Published on

Announcement of the Odin Authenticator, a cookie-based single sign-on system for Apache, implemented as a mod_perl handler and a Perl Dancer webapp.

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
8,593
On Slideshare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
6
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Transcript of "Odin Authenticator"

    1. 1. Odin AuthenticatorA cookie-based single sign-on system for Apache
    2. 2. Act IThe Sad Situation
    3. 3. You are in a maze of twisty little webapps, all alike.• Munin • Rundeck• Icinga • Logstash• Resque-Web • Graphite• Jenkins • … Multiple servers, same users
    4. 4. How to authenticate?• HTTP auth? – Awful UX & UI. Syncing passwords is tricky.• LDAP? – No. Just no.• OpenID? – Dependency on a new third party, frequent callbacks, slow, inconvenient.• FreeIPA? – Overkill.
    5. 5. GodAuth• https://github.com/exflickr/GodAuth• A mod_perl module shared by Flickr• Shared cookie, HMAC-signed with a shared secret• Clunky, manual installation & setup• Badly needed a rewrite
    6. 6. Act IILight in the tunnel
    7. 7. Odin Authenticator The badly needed rewrite of GodAuthhttp://ginzamarkets.github.com/odin_authenticator/
    8. 8. General setup• Individual services under single domain (something.i.yourdomain.com)• Domain root (i.yourdomain.com) serves the authenticator, which sets the cookie
    9. 9. OdinAuth• ginzamarkets/Apache2-Authen-OdinAuth on GitHub• Apache2::Authen::OdinAuth on CPAN• Apache 2 mod_perl handler• Sane(r) config in YAML• Automated installation
    10. 10. OdinAuth1. cpan install Apache2::Authen::OdinAuth2. PerlSetVar odinauth_config /path/to/odin_auth.yml3. PerlFixupHandler Apache2::Authen::OdinAuth4. Copy and edit odin_auth.yml config file
    11. 11. Odin Authorizer App• ginzamarkets/App-OdinAuthorizer on GitHub• Perl Dancer webapp that calls out to Google Apps for Domains to authenticate and sets the signed cookie if successful• Simple & basic – no user roles, single configured valid domain
    12. 12. Odin Authorizer App 1. hub clone ginzamarkets/App-OdinAuthorizer 2. perl Build.pl ./Build installdeps 3. ./bin/app.plUse Apache, mod_perl, and http://plackperl.org/ for real deployment
    13. 13. DEMO TIME
    14. 14. Act IIIThe Bright Future
    15. 15. • Move Apache handler config into httpd.conf• Make authorizer webapp more flexible• Different sources of identity• Multi-factor authentication• RBAC• More eyeballs on the crypto stuff
    16. 16. Have fun!http://ginzamarkets.github.com/odin_authenticator/
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×