Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Plone and Single-Sign On - Active Directory and the Holy Grail

9,700 views

Published on

These are the slides of a talk I gave on Single Sign On in Plone via Active Directory using netsight.windowsauthplugin

  • ⇒ www.WritePaper.info ⇐ This service will write as best as they can. So you do not need to waste the time on rewritings.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating for everyone is here: ❤❤❤ http://bit.ly/39sFWPG ❤❤❤
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Sex in your area is here: ❶❶❶ http://bit.ly/39sFWPG ❶❶❶
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • This Single Mother Makes Over $700 per Week Helping Businesses with their Facebook and Twitter Accounts! and Now You Can Too!  http://t.cn/AieXiXbg
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Plone and Single-Sign On - Active Directory and the Holy Grail

  1. 1. Plone and Single-Sign On Active Directory and the Holy Grail Matt Hamilton
  2. 2. Who am I?• Working with Plone/Zope since 1999• Director at Netsight in the UK• Worked on a number of projects doing authentication over the years Plone Open Garden 2013
  3. 3. What are we trying to do?• Allow uses to be automatically logged in to a website without having to type in their username/password Plone Open Garden 2013
  4. 4. Kerberos• Developed by MIT many many years ago• Used in Unix.... but also used on Windows, OSX, Linux• Based on authentication ‘tickets’ Plone Open Garden 2013
  5. 5. Other approaches• Apache in front of Plone - mod_kerberos - mod_ntlm - mod_authtkt / mod_pubcookie• Plone on IIS - Enfold proxy - IISAPI Plone Open Garden 2013
  6. 6. Why do it in Plone?• Ultimate control over if/when to require authentication from a user• Fallback to other authentication methods• Mix of user sources Plone Open Garden 2013
  7. 7. netsight.windowsauthplugin• Runs on either Windows or Unix/Linux/ OSX• Windows: Uses Windows’ internal SSPI API• Unix: Uses MIT Kerberos libraries Plone Open Garden 2013
  8. 8. [buildout]...eggs = ... netsight.windowsauthplugin Plone Open Garden 2013
  9. 9. Recent Use-case• Two departments of National Health Service are merging• ...but their IT systems are still separate• Two different Active Directory domains: CFH and IC Plone Open Garden 2013
  10. 10. Recent Use-case• Half the users in one domain, half in the other• Both need to be automatically authenticated to a single, common intranet• Need to allow fallback to manual username/password Plone Open Garden 2013
  11. 11. Plone Open Garden 2013
  12. 12. How does Kerberos work? Plone Open Garden 2013
  13. 13. How does Kerberos work? Plone Open Garden 2013
  14. 14. How does Kerberos work? Plone Open Garden 2013
  15. 15. Demo Plone Open Garden 2013
  16. 16. Complex Setups Plone Open Garden 2013
  17. 17. Member Properties• Get data from Active Directory via LDAP• Use plone.app.ldap• Can use OpenLDAP as a proxy server - Increased reliability - Combine multiple LDAP/AD servers - Caching Plone Open Garden 2013
  18. 18. Questions?• Matt Hamilton• matth@netsight.co.uk• @hammertoe• https://github.com/netsight/ netsight.windowsauthplugin Plone Open Garden 2013

×