SlideShare a Scribd company logo
1 of 17
Download to read offline
Odin Authenticator
A cookie-based single sign-on system for Apache
Act I
The Sad Situation
You are in a maze of twisty
  little webapps, all alike.
• Munin         • Rundeck
• Icinga        • Logstash
• Resque-Web    • Graphite
• Jenkins       • …

 Multiple servers, same users
How to authenticate?
• HTTP auth? – Awful UX & UI. Syncing
  passwords is tricky.
• LDAP? – No. Just no.
• OpenID? – Dependency on a new third
  party, frequent callbacks, slow, inconvenient.
• FreeIPA? – Overkill.
GodAuth
• https://github.com/exflickr/GodAuth
• A mod_perl module shared by Flickr
• Shared cookie, HMAC-signed with a shared
  secret
• Clunky, manual installation & setup

• Badly needed a rewrite
Act II
Light in the tunnel
Odin Authenticator
      The badly needed rewrite of GodAuth


http://ginzamarkets.github.com/odin_authenticator/
General setup

• Individual services under single domain
  (something.i.yourdomain.com)
• Domain root (i.yourdomain.com) serves
  the authenticator, which sets the cookie
OdinAuth
• ginzamarkets/Apache2-Authen-OdinAuth
  on GitHub
• Apache2::Authen::OdinAuth on CPAN

• Apache 2 mod_perl handler
• Sane(r) config in YAML
• Automated installation
OdinAuth

1. cpan install Apache2::Authen::OdinAuth
2. PerlSetVar odinauth_config 
    /path/to/odin_auth.yml
3. PerlFixupHandler Apache2::Authen::OdinAuth
4. Copy and edit odin_auth.yml config file
Odin Authorizer App
• ginzamarkets/App-OdinAuthorizer
  on GitHub
• Perl Dancer webapp that calls out to
  Google Apps for Domains to authenticate
  and sets the signed cookie if successful
• Simple & basic – no user roles, single
  configured valid domain
Odin Authorizer App
 1. hub clone 
     ginzamarkets/App-OdinAuthorizer
 2. perl Build.pl
   ./Build installdeps
 3. ./bin/app.pl

Use Apache, mod_perl, and http://plackperl.org/
             for real deployment
DEMO TIME
Act III
The Bright Future
• Move Apache handler config into httpd.conf

• Make authorizer webapp more flexible

• Different sources of identity

• Multi-factor authentication

• RBAC

• More eyeballs on the crypto stuff
Have fun!
http://ginzamarkets.github.com/odin_authenticator/

More Related Content

What's hot

Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...Rick G. Garibay
 
Package Management on Windows with Chocolatey
Package Management on Windows with ChocolateyPackage Management on Windows with Chocolatey
Package Management on Windows with ChocolateyPuppet
 
Rubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行するRubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行するMaki Toshio
 
Drupal and Elasticsearch
Drupal and ElasticsearchDrupal and Elasticsearch
Drupal and ElasticsearchNikolay Ignatov
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Robert Reiz
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerDennis Rowe
 
Infrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & AnsibleInfrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & Ansiblewajrcs
 
Delivery Pipeline for Windows Machines
Delivery Pipeline for Windows MachinesDelivery Pipeline for Windows Machines
Delivery Pipeline for Windows MachinesDmitry Buzdin
 
My Top 5 Favorite Gems
My Top 5 Favorite GemsMy Top 5 Favorite Gems
My Top 5 Favorite GemsJimmy Ngu
 
Ansible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers GaliciaAnsible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers GaliciaJuan Diego Pereiro Arean
 
London Community Summit - Habitat 2016
London Community Summit - Habitat 2016London Community Summit - Habitat 2016
London Community Summit - Habitat 2016Sarah Richards
 
Gigigo Workshop - Create an iOS Framework, document it and not die trying
Gigigo Workshop - Create an iOS Framework, document it and not die tryingGigigo Workshop - Create an iOS Framework, document it and not die trying
Gigigo Workshop - Create an iOS Framework, document it and not die tryingAlex Rupérez
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'rmcleay
 
Getting started with automation using ansible
Getting started with automation using ansibleGetting started with automation using ansible
Getting started with automation using ansibleKelvin Charles
 
CocoaPods Basic Usage
CocoaPods Basic UsageCocoaPods Basic Usage
CocoaPods Basic UsageRyan Wang
 
How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...Dmytro Mykhailov
 

What's hot (20)

Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
 
Package Management on Windows with Chocolatey
Package Management on Windows with ChocolateyPackage Management on Windows with Chocolatey
Package Management on Windows with Chocolatey
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
 
Rubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行するRubyで簡単にremote access apiを実行する
Rubyで簡単にremote access apiを実行する
 
Drupal and Elasticsearch
Drupal and ElasticsearchDrupal and Elasticsearch
Drupal and Elasticsearch
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction
 
Ansible
AnsibleAnsible
Ansible
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and Docker
 
Infrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & AnsibleInfrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & Ansible
 
Delivery Pipeline for Windows Machines
Delivery Pipeline for Windows MachinesDelivery Pipeline for Windows Machines
Delivery Pipeline for Windows Machines
 
My Top 5 Favorite Gems
My Top 5 Favorite GemsMy Top 5 Favorite Gems
My Top 5 Favorite Gems
 
Ansible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers GaliciaAnsible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers Galicia
 
London Community Summit - Habitat 2016
London Community Summit - Habitat 2016London Community Summit - Habitat 2016
London Community Summit - Habitat 2016
 
Gigigo Workshop - Create an iOS Framework, document it and not die trying
Gigigo Workshop - Create an iOS Framework, document it and not die tryingGigigo Workshop - Create an iOS Framework, document it and not die trying
Gigigo Workshop - Create an iOS Framework, document it and not die trying
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
 
Vagrant For DevOps
Vagrant For DevOpsVagrant For DevOps
Vagrant For DevOps
 
Getting started with automation using ansible
Getting started with automation using ansibleGetting started with automation using ansible
Getting started with automation using ansible
 
CocoaPods Basic Usage
CocoaPods Basic UsageCocoaPods Basic Usage
CocoaPods Basic Usage
 
How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...
 

Similar to Odin Authenticator

Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeWO Community
 
Ci for i-os-codemash-01.2013
Ci for i-os-codemash-01.2013Ci for i-os-codemash-01.2013
Ci for i-os-codemash-01.2013Kevin Munc
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for PentestingMike Felch
 
Kubeflow Development Environment
Kubeflow Development EnvironmentKubeflow Development Environment
Kubeflow Development EnvironmentWeiqiang Zhuang
 
Cocoapods in action
Cocoapods in actionCocoapods in action
Cocoapods in actionHan Qin
 
OpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red HatsOpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red HatsMark Atwood
 
VMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put together
VMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put togetherVMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put together
VMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put togetherEduardo Patrocinio
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
 
External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) Volkan Özçelik
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestCsaba Fitzl
 
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Holehackersuli
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET CoreNETUserGroupBern
 
Gocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous DeploymentGocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous DeploymentLeandro Totino Pereira
 
Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017Mandi Walls
 
Google App Engine: For PHP Developers
Google App Engine: For PHP DevelopersGoogle App Engine: For PHP Developers
Google App Engine: For PHP DevelopersAbu Ashraf Masnun
 
Apache Cordova phonegap plugins for mobile app development
Apache Cordova phonegap plugins for mobile app developmentApache Cordova phonegap plugins for mobile app development
Apache Cordova phonegap plugins for mobile app developmentwebprogr.com
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios
 
Continuous Deployment with Jenkins and Salt
Continuous Deployment with Jenkins and SaltContinuous Deployment with Jenkins and Salt
Continuous Deployment with Jenkins and SaltAnirban Saha
 
Building with Virtual Development Environments
Building with Virtual Development EnvironmentsBuilding with Virtual Development Environments
Building with Virtual Development EnvironmentsOscar Merida
 
Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012Volkan Özçelik
 

Similar to Odin Authenticator (20)

Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
 
Ci for i-os-codemash-01.2013
Ci for i-os-codemash-01.2013Ci for i-os-codemash-01.2013
Ci for i-os-codemash-01.2013
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for Pentesting
 
Kubeflow Development Environment
Kubeflow Development EnvironmentKubeflow Development Environment
Kubeflow Development Environment
 
Cocoapods in action
Cocoapods in actionCocoapods in action
Cocoapods in action
 
OpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red HatsOpenShift Origin: Build a PaaS Just Like Red Hats
OpenShift Origin: Build a PaaS Just Like Red Hats
 
VMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put together
VMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put togetherVMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put together
VMware, SoftLayer, OpenStack, Heat, Cloud Foundry and Docker put together
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 
External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1)
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfest
 
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
Gocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous DeploymentGocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous Deployment
 
Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017
 
Google App Engine: For PHP Developers
Google App Engine: For PHP DevelopersGoogle App Engine: For PHP Developers
Google App Engine: For PHP Developers
 
Apache Cordova phonegap plugins for mobile app development
Apache Cordova phonegap plugins for mobile app developmentApache Cordova phonegap plugins for mobile app development
Apache Cordova phonegap plugins for mobile app development
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
 
Continuous Deployment with Jenkins and Salt
Continuous Deployment with Jenkins and SaltContinuous Deployment with Jenkins and Salt
Continuous Deployment with Jenkins and Salt
 
Building with Virtual Development Environments
Building with Virtual Development EnvironmentsBuilding with Virtual Development Environments
Building with Virtual Development Environments
 
Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012
 

More from Maciej Pasternacki

A Continuous Packaging Pipeline
A Continuous Packaging PipelineA Continuous Packaging Pipeline
A Continuous Packaging PipelineMaciej Pasternacki
 
Why do we fail? (And how do we stop doing that?
Why do we fail? (And how do we stop doing that?Why do we fail? (And how do we stop doing that?
Why do we fail? (And how do we stop doing that?Maciej Pasternacki
 
Test-driven development: a case study
Test-driven development: a case studyTest-driven development: a case study
Test-driven development: a case studyMaciej Pasternacki
 
Amazon Web Services (cloud: is it good for anything?)
Amazon Web Services (cloud: is it good for anything?)Amazon Web Services (cloud: is it good for anything?)
Amazon Web Services (cloud: is it good for anything?)Maciej Pasternacki
 

More from Maciej Pasternacki (6)

A Continuous Packaging Pipeline
A Continuous Packaging PipelineA Continuous Packaging Pipeline
A Continuous Packaging Pipeline
 
Why do we fail? (And how do we stop doing that?
Why do we fail? (And how do we stop doing that?Why do we fail? (And how do we stop doing that?
Why do we fail? (And how do we stop doing that?
 
Monitoringsucks
MonitoringsucksMonitoringsucks
Monitoringsucks
 
Test-driven development: a case study
Test-driven development: a case studyTest-driven development: a case study
Test-driven development: a case study
 
Amazon Web Services (cloud: is it good for anything?)
Amazon Web Services (cloud: is it good for anything?)Amazon Web Services (cloud: is it good for anything?)
Amazon Web Services (cloud: is it good for anything?)
 
Devops lightning talk
Devops lightning talkDevops lightning talk
Devops lightning talk
 

Recently uploaded

Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Bitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactiveBitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactivestartupro
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Introduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxIntroduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxmprakaash5
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Deliver Latency Free Customer Experience
Deliver Latency Free Customer ExperienceDeliver Latency Free Customer Experience
Deliver Latency Free Customer ExperienceOpsTree solutions
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfROWELL MARQUINA
 
Automation Ops Series: Session 3 - Solutions management
Automation Ops Series: Session 3 - Solutions managementAutomation Ops Series: Session 3 - Solutions management
Automation Ops Series: Session 3 - Solutions managementDianaGray10
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Transport in Open Pits______SM_MI10415MI
Transport in Open Pits______SM_MI10415MITransport in Open Pits______SM_MI10415MI
Transport in Open Pits______SM_MI10415MIRomil Mishra
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 

Recently uploaded (20)

Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Bitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactiveBitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactive
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Introduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxIntroduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptx
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Deliver Latency Free Customer Experience
Deliver Latency Free Customer ExperienceDeliver Latency Free Customer Experience
Deliver Latency Free Customer Experience
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdf
 
Automation Ops Series: Session 3 - Solutions management
Automation Ops Series: Session 3 - Solutions managementAutomation Ops Series: Session 3 - Solutions management
Automation Ops Series: Session 3 - Solutions management
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Transport in Open Pits______SM_MI10415MI
Transport in Open Pits______SM_MI10415MITransport in Open Pits______SM_MI10415MI
Transport in Open Pits______SM_MI10415MI
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 

Odin Authenticator

  • 1.
  • 2. Odin Authenticator A cookie-based single sign-on system for Apache
  • 3. Act I The Sad Situation
  • 4. You are in a maze of twisty little webapps, all alike. • Munin • Rundeck • Icinga • Logstash • Resque-Web • Graphite • Jenkins • … Multiple servers, same users
  • 5. How to authenticate? • HTTP auth? – Awful UX & UI. Syncing passwords is tricky. • LDAP? – No. Just no. • OpenID? – Dependency on a new third party, frequent callbacks, slow, inconvenient. • FreeIPA? – Overkill.
  • 6. GodAuth • https://github.com/exflickr/GodAuth • A mod_perl module shared by Flickr • Shared cookie, HMAC-signed with a shared secret • Clunky, manual installation & setup • Badly needed a rewrite
  • 7. Act II Light in the tunnel
  • 8. Odin Authenticator The badly needed rewrite of GodAuth http://ginzamarkets.github.com/odin_authenticator/
  • 9. General setup • Individual services under single domain (something.i.yourdomain.com) • Domain root (i.yourdomain.com) serves the authenticator, which sets the cookie
  • 10. OdinAuth • ginzamarkets/Apache2-Authen-OdinAuth on GitHub • Apache2::Authen::OdinAuth on CPAN • Apache 2 mod_perl handler • Sane(r) config in YAML • Automated installation
  • 11. OdinAuth 1. cpan install Apache2::Authen::OdinAuth 2. PerlSetVar odinauth_config /path/to/odin_auth.yml 3. PerlFixupHandler Apache2::Authen::OdinAuth 4. Copy and edit odin_auth.yml config file
  • 12. Odin Authorizer App • ginzamarkets/App-OdinAuthorizer on GitHub • Perl Dancer webapp that calls out to Google Apps for Domains to authenticate and sets the signed cookie if successful • Simple & basic – no user roles, single configured valid domain
  • 13. Odin Authorizer App 1. hub clone ginzamarkets/App-OdinAuthorizer 2. perl Build.pl ./Build installdeps 3. ./bin/app.pl Use Apache, mod_perl, and http://plackperl.org/ for real deployment
  • 16. • Move Apache handler config into httpd.conf • Make authorizer webapp more flexible • Different sources of identity • Multi-factor authentication • RBAC • More eyeballs on the crypto stuff

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n