• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Odin Authenticator
 

Odin Authenticator

on

  • 6,851 views

Announcement of the Odin Authenticator, a cookie-based single sign-on system for Apache, implemented as a mod_perl handler and a Perl Dancer webapp.

Announcement of the Odin Authenticator, a cookie-based single sign-on system for Apache, implemented as a mod_perl handler and a Perl Dancer webapp.

Statistics

Views

Total Views
6,851
Views on SlideShare
1,696
Embed Views
5,155

Actions

Likes
4
Downloads
5
Comments
0

9 Embeds 5,155

http://www.ginzametrics.com 5031
http://japhy.soup.io 100
https://twitter.com 16
http://loudnoises-staging.ginzametrics.com 2
http://www.tuicool.com 2
http://svay.com 1
http://www.bpe.net&_=1345535672462 HTTP 1
http://my-loc.dudamobile.com 1
http://twitter.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n

Odin Authenticator Odin Authenticator Presentation Transcript

  • Odin AuthenticatorA cookie-based single sign-on system for Apache
  • Act IThe Sad Situation
  • You are in a maze of twisty little webapps, all alike.• Munin • Rundeck• Icinga • Logstash• Resque-Web • Graphite• Jenkins • … Multiple servers, same users
  • How to authenticate?• HTTP auth? – Awful UX & UI. Syncing passwords is tricky.• LDAP? – No. Just no.• OpenID? – Dependency on a new third party, frequent callbacks, slow, inconvenient.• FreeIPA? – Overkill.
  • GodAuth• https://github.com/exflickr/GodAuth• A mod_perl module shared by Flickr• Shared cookie, HMAC-signed with a shared secret• Clunky, manual installation & setup• Badly needed a rewrite
  • Act IILight in the tunnel
  • Odin Authenticator The badly needed rewrite of GodAuthhttp://ginzamarkets.github.com/odin_authenticator/
  • General setup• Individual services under single domain (something.i.yourdomain.com)• Domain root (i.yourdomain.com) serves the authenticator, which sets the cookie
  • OdinAuth• ginzamarkets/Apache2-Authen-OdinAuth on GitHub• Apache2::Authen::OdinAuth on CPAN• Apache 2 mod_perl handler• Sane(r) config in YAML• Automated installation
  • OdinAuth1. cpan install Apache2::Authen::OdinAuth2. PerlSetVar odinauth_config /path/to/odin_auth.yml3. PerlFixupHandler Apache2::Authen::OdinAuth4. Copy and edit odin_auth.yml config file
  • Odin Authorizer App• ginzamarkets/App-OdinAuthorizer on GitHub• Perl Dancer webapp that calls out to Google Apps for Domains to authenticate and sets the signed cookie if successful• Simple & basic – no user roles, single configured valid domain
  • Odin Authorizer App 1. hub clone ginzamarkets/App-OdinAuthorizer 2. perl Build.pl ./Build installdeps 3. ./bin/app.plUse Apache, mod_perl, and http://plackperl.org/ for real deployment
  • DEMO TIME
  • Act IIIThe Bright Future
  • • Move Apache handler config into httpd.conf• Make authorizer webapp more flexible• Different sources of identity• Multi-factor authentication• RBAC• More eyeballs on the crypto stuff
  • Have fun!http://ginzamarkets.github.com/odin_authenticator/