Your SlideShare is downloading. ×
0
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Odin Authenticator
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Odin Authenticator

8,420

Published on

Announcement of the Odin Authenticator, a cookie-based single sign-on system for Apache, implemented as a mod_perl handler and a Perl Dancer webapp.

Announcement of the Odin Authenticator, a cookie-based single sign-on system for Apache, implemented as a mod_perl handler and a Perl Dancer webapp.

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
8,420
On Slideshare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
6
Comments
0
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Transcript

    • 1. Odin AuthenticatorA cookie-based single sign-on system for Apache
    • 2. Act IThe Sad Situation
    • 3. You are in a maze of twisty little webapps, all alike.• Munin • Rundeck• Icinga • Logstash• Resque-Web • Graphite• Jenkins • … Multiple servers, same users
    • 4. How to authenticate?• HTTP auth? – Awful UX & UI. Syncing passwords is tricky.• LDAP? – No. Just no.• OpenID? – Dependency on a new third party, frequent callbacks, slow, inconvenient.• FreeIPA? – Overkill.
    • 5. GodAuth• https://github.com/exflickr/GodAuth• A mod_perl module shared by Flickr• Shared cookie, HMAC-signed with a shared secret• Clunky, manual installation & setup• Badly needed a rewrite
    • 6. Act IILight in the tunnel
    • 7. Odin Authenticator The badly needed rewrite of GodAuthhttp://ginzamarkets.github.com/odin_authenticator/
    • 8. General setup• Individual services under single domain (something.i.yourdomain.com)• Domain root (i.yourdomain.com) serves the authenticator, which sets the cookie
    • 9. OdinAuth• ginzamarkets/Apache2-Authen-OdinAuth on GitHub• Apache2::Authen::OdinAuth on CPAN• Apache 2 mod_perl handler• Sane(r) config in YAML• Automated installation
    • 10. OdinAuth1. cpan install Apache2::Authen::OdinAuth2. PerlSetVar odinauth_config /path/to/odin_auth.yml3. PerlFixupHandler Apache2::Authen::OdinAuth4. Copy and edit odin_auth.yml config file
    • 11. Odin Authorizer App• ginzamarkets/App-OdinAuthorizer on GitHub• Perl Dancer webapp that calls out to Google Apps for Domains to authenticate and sets the signed cookie if successful• Simple & basic – no user roles, single configured valid domain
    • 12. Odin Authorizer App 1. hub clone ginzamarkets/App-OdinAuthorizer 2. perl Build.pl ./Build installdeps 3. ./bin/app.plUse Apache, mod_perl, and http://plackperl.org/ for real deployment
    • 13. DEMO TIME
    • 14. Act IIIThe Bright Future
    • 15. • Move Apache handler config into httpd.conf• Make authorizer webapp more flexible• Different sources of identity• Multi-factor authentication• RBAC• More eyeballs on the crypto stuff
    • 16. Have fun!http://ginzamarkets.github.com/odin_authenticator/

    ×