SlideShare a Scribd company logo

2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue

ShapeBlue
ShapeBlue
ShapeBlueOperations and Service Delivery at ShapeBlue

This talk is about authentication and authorization – Two-Factor Authentication (2FA) and OAuth2 explaining their critical roles in enhancing security and user experience within the realm of Apache CloudStack. With Two-Factor Authentication (2FA), we strengthen the authentication process, mitigate password-related or usual login vulnerabilities, and ensure compliance with security standards. On the other side of the authentication spectrum, OAuth2, the industry-standard authorization framework, simplifies the process of granting access to resources. Andrija discusses how this can be used and how it fits in CloudStack. ----------------------------------------- The CloudStack Collaboration Conference 2023 took place on 23-24th November. The conference, arranged by a group of volunteers from the Apache CloudStack Community, took place in the voco hotel, in Porte de Clichy, Paris. It hosted over 350 attendees, with 47 speakers holding technical talks, user stories, new features and integrations presentations and more.

2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue

1 of 23
Download to read offline
2FA and
OAuth2 in
CloudStack
Andrija Panic™
CloudStack Collaboration Conference 2023 / #CSCollab2023
/ 23-24 Nov 2023 / Paris, France
About me,
myself and I
• Cloud Architect @ ShapeBlue
• With “my teeth into” IT, Cloud and
virtualization for last 15+ years
• Involved with CloudStack since version
4.0.0-incubating
• Apache CloudStack project committer
and PMC member
• Petrol head (dislike Tesla)
• Wannabe drummer
CloudStack
Authentication
Methods
 Local passwords
 LDAP
 SSO/SAML2
 OAUTH2
CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
CloudStack
Authentication
Methods
 Local passwords (+ 2FA)
 LDAP (+ 2FA)
 SSO/SAML2 (+ 2FA)
 OAUTH2 (+ 2FA)
CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
Local Authentication
 User’s password stored in DB
 Encrypted
 Can be hack-replaced with another user’s password (reset to a known value)
 Comes as default
CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
LDAP Authentication
 Global LDAP config, or
 Per-domain LDAP config
 3 different ways of configuration
 Manual import
 Auto import
 Auto sync
 Takes some effort to configure
CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
Ad

Recommended

Microsoft Azure News - August 2019
Microsoft Azure News - August 2019Microsoft Azure News - August 2019
Microsoft Azure News - August 2019Daniel Toomey
 
Microsoft Azure News - Dec 2023
Microsoft Azure News - Dec 2023Microsoft Azure News - Dec 2023
Microsoft Azure News - Dec 2023Daniel Toomey
 
Microsoft Azure News - June 2020
Microsoft Azure News - June 2020Microsoft Azure News - June 2020
Microsoft Azure News - June 2020Daniel Toomey
 
Kubernetes Operability Tooling (GOTO Chicago 2019)
Kubernetes Operability Tooling (GOTO Chicago 2019)Kubernetes Operability Tooling (GOTO Chicago 2019)
Kubernetes Operability Tooling (GOTO Chicago 2019)bridgetkromhout
 
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...ShapeBlue
 
Microsoft Azure News - August 2021
Microsoft Azure News - August 2021Microsoft Azure News - August 2021
Microsoft Azure News - August 2021Daniel Toomey
 
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Identity Days
 
Microsoft Azure News - July 2020
Microsoft Azure News - July 2020Microsoft Azure News - July 2020
Microsoft Azure News - July 2020Daniel Toomey
 

More Related Content

Similar to 2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue

Welcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack CommunityWelcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack CommunityShapeBlue
 
Community clouds from scratch
Community clouds from scratchCommunity clouds from scratch
Community clouds from scratchJordi Guijarro
 
Corda on Azure Blockchain
Corda on Azure BlockchainCorda on Azure Blockchain
Corda on Azure BlockchainJuarez Junior
 
Community Clouds from Scratch
Community Clouds from ScratchCommunity Clouds from Scratch
Community Clouds from ScratchNETWAYS
 
Microsoft Azure News - June 2021
Microsoft Azure News - June 2021Microsoft Azure News - June 2021
Microsoft Azure News - June 2021Daniel Toomey
 
Start Automating InfluxDB Deployments at the Edge with balena
Start Automating InfluxDB Deployments at the Edge with balena Start Automating InfluxDB Deployments at the Edge with balena
Start Automating InfluxDB Deployments at the Edge with balena InfluxData
 
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Marc Müller
 
VanillaJS & the Web Platform, a match made in heaven?
VanillaJS & the Web Platform, a match made in heaven?VanillaJS & the Web Platform, a match made in heaven?
VanillaJS & the Web Platform, a match made in heaven?Bertrand Delacretaz
 
Decide for Dummies
Decide for DummiesDecide for Dummies
Decide for Dummiespruizclaudia
 
DECIDE for Dummies
DECIDE for Dummies DECIDE for Dummies
DECIDE for Dummies DECIDEH2020
 
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptx
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptxFIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptx
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptxFIWARE
 
David Campro - FromData2ML (1).pptx
David Campro - FromData2ML  (1).pptxDavid Campro - FromData2ML  (1).pptx
David Campro - FromData2ML (1).pptxFIWARE
 
Citrix Octoblu Architecture Breakdown
Citrix Octoblu Architecture BreakdownCitrix Octoblu Architecture Breakdown
Citrix Octoblu Architecture BreakdownJohn Moody
 
Meet the Committers Webinar_ Lab Preparation
Meet the Committers Webinar_ Lab PreparationMeet the Committers Webinar_ Lab Preparation
Meet the Committers Webinar_ Lab PreparationTimothy Spann
 
Microsoft Azure News - 2019 January
Microsoft Azure News - 2019 JanuaryMicrosoft Azure News - 2019 January
Microsoft Azure News - 2019 JanuaryDaniel Toomey
 
Serverless PostGIS
Serverless PostGISServerless PostGIS
Serverless PostGISAddresscloud
 
クラウドネイティブ時代の分散トレーシング - Distributed Tracing in a Cloud Native Age
クラウドネイティブ時代の分散トレーシング - Distributed Tracing in a Cloud Native Ageクラウドネイティブ時代の分散トレーシング - Distributed Tracing in a Cloud Native Age
クラウドネイティブ時代の分散トレーシング - Distributed Tracing in a Cloud Native AgeYoichi Kawasaki
 
Microsoft Azure News - November 2021
Microsoft Azure News - November 2021Microsoft Azure News - November 2021
Microsoft Azure News - November 2021Daniel Toomey
 

Similar to 2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue (20)

Welcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack CommunityWelcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack Community
 
Community clouds from scratch
Community clouds from scratchCommunity clouds from scratch
Community clouds from scratch
 
Corda on Azure Blockchain
Corda on Azure BlockchainCorda on Azure Blockchain
Corda on Azure Blockchain
 
Community Clouds from Scratch
Community Clouds from ScratchCommunity Clouds from Scratch
Community Clouds from Scratch
 
Microsoft Azure News - June 2021
Microsoft Azure News - June 2021Microsoft Azure News - June 2021
Microsoft Azure News - June 2021
 
Curso Microsoft Azure Solutions Arquitect Expert
Curso Microsoft Azure Solutions Arquitect ExpertCurso Microsoft Azure Solutions Arquitect Expert
Curso Microsoft Azure Solutions Arquitect Expert
 
Start Automating InfluxDB Deployments at the Edge with balena
Start Automating InfluxDB Deployments at the Edge with balena Start Automating InfluxDB Deployments at the Edge with balena
Start Automating InfluxDB Deployments at the Edge with balena
 
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
 
VanillaJS & the Web Platform, a match made in heaven?
VanillaJS & the Web Platform, a match made in heaven?VanillaJS & the Web Platform, a match made in heaven?
VanillaJS & the Web Platform, a match made in heaven?
 
Decide for Dummies
Decide for DummiesDecide for Dummies
Decide for Dummies
 
DECIDE for Dummies
DECIDE for Dummies DECIDE for Dummies
DECIDE for Dummies
 
Bye bye Identity Server
Bye bye Identity ServerBye bye Identity Server
Bye bye Identity Server
 
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptx
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptxFIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptx
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptx
 
David Campro - FromData2ML (1).pptx
David Campro - FromData2ML  (1).pptxDavid Campro - FromData2ML  (1).pptx
David Campro - FromData2ML (1).pptx
 
Citrix Octoblu Architecture Breakdown
Citrix Octoblu Architecture BreakdownCitrix Octoblu Architecture Breakdown
Citrix Octoblu Architecture Breakdown
 
Meet the Committers Webinar_ Lab Preparation
Meet the Committers Webinar_ Lab PreparationMeet the Committers Webinar_ Lab Preparation
Meet the Committers Webinar_ Lab Preparation
 
Microsoft Azure News - 2019 January
Microsoft Azure News - 2019 JanuaryMicrosoft Azure News - 2019 January
Microsoft Azure News - 2019 January
 
Serverless PostGIS
Serverless PostGISServerless PostGIS
Serverless PostGIS
 
クラウドネイティブ時代の分散トレーシング - Distributed Tracing in a Cloud Native Age
クラウドネイティブ時代の分散トレーシング - Distributed Tracing in a Cloud Native Ageクラウドネイティブ時代の分散トレーシング - Distributed Tracing in a Cloud Native Age
クラウドネイティブ時代の分散トレーシング - Distributed Tracing in a Cloud Native Age
 
Microsoft Azure News - November 2021
Microsoft Azure News - November 2021Microsoft Azure News - November 2021
Microsoft Azure News - November 2021
 

More from ShapeBlue

How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIOHow We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIOShapeBlue
 
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...ShapeBlue
 
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineShapeBlue
 
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...ShapeBlue
 
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...ShapeBlue
 
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...ShapeBlue
 
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...ShapeBlue
 
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueShapeBlue
 
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...ShapeBlue
 
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...ShapeBlue
 
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueShapeBlue
 
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...ShapeBlue
 
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueShapeBlue
 
Why and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsShapeBlue
 
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueShapeBlue
 
State of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStackShapeBlue
 
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...ShapeBlue
 
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...ShapeBlue
 
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITShapeBlue
 
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlueCloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlueShapeBlue
 

More from ShapeBlue (20)

How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIOHow We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
 
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
 
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
 
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
 
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
 
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
 
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
 
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
 
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
 
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
 
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
 
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
 
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
 
Why and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystems
 
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
 
State of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStack
 
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
 
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
 
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
 
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlueCloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
 

Recently uploaded

Breaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologyBreaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologySafe Software
 
Tete thermostatique Zigbee MOES BRT-100 V2.pdf
Tete thermostatique Zigbee MOES BRT-100 V2.pdfTete thermostatique Zigbee MOES BRT-100 V2.pdf
Tete thermostatique Zigbee MOES BRT-100 V2.pdfDomotica daVinci
 
Importance of magazines in education ppt
Importance of magazines in education pptImportance of magazines in education ppt
Importance of magazines in education pptsafnarafeek2002
 
Curtain Module Manual Zigbee Neo CS01-1C.pdf
Curtain Module Manual Zigbee Neo CS01-1C.pdfCurtain Module Manual Zigbee Neo CS01-1C.pdf
Curtain Module Manual Zigbee Neo CS01-1C.pdfDomotica daVinci
 
AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS Chicago
 
Manual Eurotronic Thermostatic Valve Comry Z-Wave
Manual Eurotronic Thermostatic Valve Comry Z-WaveManual Eurotronic Thermostatic Valve Comry Z-Wave
Manual Eurotronic Thermostatic Valve Comry Z-WaveDomotica daVinci
 
M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____Aathiraju
 
5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!
5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!
5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!XfilesPro
 
Power of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfPower of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfkatalinjordans1
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellencePrecisely
 
Zi-Stick UBS Dongle ZIgbee from Aeotec manual
Zi-Stick UBS Dongle ZIgbee from  Aeotec manualZi-Stick UBS Dongle ZIgbee from  Aeotec manual
Zi-Stick UBS Dongle ZIgbee from Aeotec manualDomotica daVinci
 
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre..."Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...shaiyuvasv
 
My self introduction to know others abut me
My self  introduction to know others abut meMy self  introduction to know others abut me
My self introduction to know others abut meManoj Prabakar B
 
AUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMING
AUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMINGAUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMING
AUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMINGLiveplex
 
Unlocking the Cloud's True Potential: Why Multitenancy Is The Key?
Unlocking the Cloud's True Potential: Why Multitenancy Is The Key?Unlocking the Cloud's True Potential: Why Multitenancy Is The Key?
Unlocking the Cloud's True Potential: Why Multitenancy Is The Key?GleecusTechlabs1
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERNRonnelBaroc
 
Artificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdfArtificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdfIsidro Navarro
 
Bit N Build Poland
Bit N Build PolandBit N Build Poland
Bit N Build PolandGDSC PJATK
 
Enhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersEnhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

Breaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologyBreaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI Technology
 
Tete thermostatique Zigbee MOES BRT-100 V2.pdf
Tete thermostatique Zigbee MOES BRT-100 V2.pdfTete thermostatique Zigbee MOES BRT-100 V2.pdf
Tete thermostatique Zigbee MOES BRT-100 V2.pdf
 
Importance of magazines in education ppt
Importance of magazines in education pptImportance of magazines in education ppt
Importance of magazines in education ppt
 
Curtain Module Manual Zigbee Neo CS01-1C.pdf
Curtain Module Manual Zigbee Neo CS01-1C.pdfCurtain Module Manual Zigbee Neo CS01-1C.pdf
Curtain Module Manual Zigbee Neo CS01-1C.pdf
 
AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
 
Manual Eurotronic Thermostatic Valve Comry Z-Wave
Manual Eurotronic Thermostatic Valve Comry Z-WaveManual Eurotronic Thermostatic Valve Comry Z-Wave
Manual Eurotronic Thermostatic Valve Comry Z-Wave
 
M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____
 
5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!
5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!
5 Things You Shouldn’t Do at Salesforce World Tour Sydney 2024!
 
Power of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfPower of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdf
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center Excellence
 
Zi-Stick UBS Dongle ZIgbee from Aeotec manual
Zi-Stick UBS Dongle ZIgbee from  Aeotec manualZi-Stick UBS Dongle ZIgbee from  Aeotec manual
Zi-Stick UBS Dongle ZIgbee from Aeotec manual
 
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre..."Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
 
My self introduction to know others abut me
My self  introduction to know others abut meMy self  introduction to know others abut me
My self introduction to know others abut me
 
AUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMING
AUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMINGAUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMING
AUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMING
 
Unlocking the Cloud's True Potential: Why Multitenancy Is The Key?
Unlocking the Cloud's True Potential: Why Multitenancy Is The Key?Unlocking the Cloud's True Potential: Why Multitenancy Is The Key?
Unlocking the Cloud's True Potential: Why Multitenancy Is The Key?
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
 
Artificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdfArtificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdf
 
Bit N Build Poland
Bit N Build PolandBit N Build Poland
Bit N Build Poland
 
Enhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersEnhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for Partners
 

2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue

  • 1. 2FA and OAuth2 in CloudStack Andrija Panic™ CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 2. About me, myself and I • Cloud Architect @ ShapeBlue • With “my teeth into” IT, Cloud and virtualization for last 15+ years • Involved with CloudStack since version 4.0.0-incubating • Apache CloudStack project committer and PMC member • Petrol head (dislike Tesla) • Wannabe drummer
  • 3. CloudStack Authentication Methods  Local passwords  LDAP  SSO/SAML2  OAUTH2 CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 4. CloudStack Authentication Methods  Local passwords (+ 2FA)  LDAP (+ 2FA)  SSO/SAML2 (+ 2FA)  OAUTH2 (+ 2FA) CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 5. Local Authentication  User’s password stored in DB  Encrypted  Can be hack-replaced with another user’s password (reset to a known value)  Comes as default CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 6. LDAP Authentication  Global LDAP config, or  Per-domain LDAP config  3 different ways of configuration  Manual import  Auto import  Auto sync  Takes some effort to configure CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 7. SAML/SSO Authentication  Require enabling the SAML 2.0 service provider plugin in CloudStack  Requires that admin enables each user for the SAML SSO login  SAML authentication plugin finds user accounts whose username match the username attribute value returned by the SAML authentication response  Tested with Shibboleth 2.4, SSOCircle, Microsoft ADFS, OneLogin, Feide OpenIDP , PingIdentity  Takes some effort to configure CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 8. OAuth2 Authentication  Require enabling the OAuth2 plugin in CloudStack  Currently supports Google and GitHub  OAuth2 plugin finds user accounts whose email match the email attribute value returned by the OAuth2 service provider  Pretty easy to configure CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 9. OAuth2 Authentication CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 10. 2FA CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 11. Why 2FA?  Make end-user’s life more miserable! CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 12. Why 2FA?  Additional layer of security:  Prevents man-in-the-middle attack  Prevents attacker access if they have your password  Prevents hijacking an account CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 13. 2FA configuration  Introduced in ACS 4.18.0.0  Disabled by default, needs to be enabled  Optional (i.e. not mandatory), by default  Can be set to mandatory, optionally CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 14. 2FA configuration  TOTP or static pin  TOTP: Google/other Authenticator  Static PIN – nor a real 2FA ?  (stored in ACS database)  Can be disabled/enabled per domain  “Issuer” (visible inside the TOTP app) can be configured per domain CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 15. 2FA DB-hacks  Disable 2FA for a user  UPDATE cloud.user SET is_user_2fa_enabled=0, key_for_2fa=NULL, user_2fa_provider=NULL WHERE id=xxxxx;  Set static PIN for a user  UPDATE cloud.user SET is_user_2fa_enabled=1, key_for_2fa=123456, user_2fa_provider='staticpin’ WHERE id=xxxxx;  Disabling 2FA globally, does not remove 2FA that is already set for a user CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 16. 2FA demo  Let’s do it later together with OAuth2 demo! CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 17. OAuth2 CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 18. Why OAuth2?  Available from CloudStack 4.19.0.0  Enables users to authenticate against their own organizations  GitHub and Google currently supported  Others can be added easily  Modern, widely used, secure CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 19. OAuth2 configuration  Disabled by default  Once enabled, new "OAuth configuration" available under the "Configuration" menu  Google and GitHub currently supported  Needs configuration on the provider's side (Google or GitHub) – usually only “Name” and "Authorised redirect URIs" (redirect URL of ACS) need to be specified.  Provider generates ID, secret – and this is added to CloudStack, under “Oauth configuration” menu CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 20. OAuth2 configuration  Needs a user with matching email created previously inside ACS  User can still use local authentication (with his password)  Redirect ULR in form of “http://mycloud.com:8080/?verifyOau th” CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 21. DEMO  Let’s configure GitHub-based OAuth2 and enable 2FA for that user! CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 22. CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France