SlideShare a Scribd company logo

2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue

ShapeBlue
ShapeBlue

This talk is about authentication and authorization – Two-Factor Authentication (2FA) and OAuth2 explaining their critical roles in enhancing security and user experience within the realm of Apache CloudStack. With Two-Factor Authentication (2FA), we strengthen the authentication process, mitigate password-related or usual login vulnerabilities, and ensure compliance with security standards. On the other side of the authentication spectrum, OAuth2, the industry-standard authorization framework, simplifies the process of granting access to resources. Andrija discusses how this can be used and how it fits in CloudStack. ----------------------------------------- The CloudStack Collaboration Conference 2023 took place on 23-24th November. The conference, arranged by a group of volunteers from the Apache CloudStack Community, took place in the voco hotel, in Porte de Clichy, Paris. It hosted over 350 attendees, with 47 speakers holding technical talks, user stories, new features and integrations presentations and more.

Technology
1 of 23
Download to read offline
2FA and OAuth2 in CloudStack Andrija Panic™ CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
About me, myself and I • Cloud Architect @ ShapeBlue • With “my teeth into” IT, Cloud and virtualization for last 15+ years • Involved with CloudStack since version 4.0.0-incubating • Apache CloudStack project committer and PMC member • Petrol head (dislike Tesla) • Wannabe drummer
CloudStack Authentication Methods  Local passwords  LDAP  SSO/SAML2  OAUTH2 CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
CloudStack Authentication Methods  Local passwords (+ 2FA)  LDAP (+ 2FA)  SSO/SAML2 (+ 2FA)  OAUTH2 (+ 2FA) CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
Local Authentication  User’s password stored in DB  Encrypted  Can be hack-replaced with another user’s password (reset to a known value)  Comes as default CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
LDAP Authentication  Global LDAP config, or  Per-domain LDAP config  3 different ways of configuration  Manual import  Auto import  Auto sync  Takes some effort to configure CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
SAML/SSO Authentication  Require enabling the SAML 2.0 service provider plugin in CloudStack  Requires that admin enables each user for the SAML SSO login  SAML authentication plugin finds user accounts whose username match the username attribute value returned by the SAML authentication response  Tested with Shibboleth 2.4, SSOCircle, Microsoft ADFS, OneLogin, Feide OpenIDP , PingIdentity  Takes some effort to configure CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
OAuth2 Authentication  Require enabling the OAuth2 plugin in CloudStack  Currently supports Google and GitHub  OAuth2 plugin finds user accounts whose email match the email attribute value returned by the OAuth2 service provider  Pretty easy to configure CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
OAuth2 Authentication CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
2FA CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
Why 2FA?  Make end-user’s life more miserable! CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
Why 2FA?  Additional layer of security:  Prevents man-in-the-middle attack  Prevents attacker access if they have your password  Prevents hijacking an account CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
2FA configuration  Introduced in ACS 4.18.0.0  Disabled by default, needs to be enabled  Optional (i.e. not mandatory), by default  Can be set to mandatory, optionally CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
2FA configuration  TOTP or static pin  TOTP: Google/other Authenticator  Static PIN – nor a real 2FA ?  (stored in ACS database)  Can be disabled/enabled per domain  “Issuer” (visible inside the TOTP app) can be configured per domain CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
2FA DB-hacks  Disable 2FA for a user  UPDATE cloud.user SET is_user_2fa_enabled=0, key_for_2fa=NULL, user_2fa_provider=NULL WHERE id=xxxxx;  Set static PIN for a user  UPDATE cloud.user SET is_user_2fa_enabled=1, key_for_2fa=123456, user_2fa_provider='staticpin’ WHERE id=xxxxx;  Disabling 2FA globally, does not remove 2FA that is already set for a user CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
2FA demo  Let’s do it later together with OAuth2 demo! CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
OAuth2 CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
Why OAuth2?  Available from CloudStack 4.19.0.0  Enables users to authenticate against their own organizations  GitHub and Google currently supported  Others can be added easily  Modern, widely used, secure CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
OAuth2 configuration  Disabled by default  Once enabled, new "OAuth configuration" available under the "Configuration" menu  Google and GitHub currently supported  Needs configuration on the provider's side (Google or GitHub) – usually only “Name” and "Authorised redirect URIs" (redirect URL of ACS) need to be specified.  Provider generates ID, secret – and this is added to CloudStack, under “Oauth configuration” menu CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
OAuth2 configuration  Needs a user with matching email created previously inside ACS  User can still use local authentication (with his password)  Redirect ULR in form of “http://mycloud.com:8080/?verifyOau th” CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
DEMO  Let’s configure GitHub-based OAuth2 and enable 2FA for that user! CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
Thanks! Q & A ?

Recommended

CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlueCloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlueShapeBlue
 
Microsoft Azure News - August 2019
Microsoft Azure News - August 2019Microsoft Azure News - August 2019
Microsoft Azure News - August 2019Daniel Toomey
 
Microsoft Azure News - Dec 2023
Microsoft Azure News - Dec 2023Microsoft Azure News - Dec 2023
Microsoft Azure News - Dec 2023Daniel Toomey
 
Microsoft Azure News - June 2020
Microsoft Azure News - June 2020Microsoft Azure News - June 2020
Microsoft Azure News - June 2020Daniel Toomey
 
Kubernetes Operability Tooling (GOTO Chicago 2019)
Kubernetes Operability Tooling (GOTO Chicago 2019)Kubernetes Operability Tooling (GOTO Chicago 2019)
Kubernetes Operability Tooling (GOTO Chicago 2019)bridgetkromhout
 
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...ShapeBlue
 
Microsoft Azure News - August 2021
Microsoft Azure News - August 2021Microsoft Azure News - August 2021
Microsoft Azure News - August 2021Daniel Toomey
 
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Identity Days
 

Recommended

CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlueCloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlueShapeBlue
 
Microsoft Azure News - August 2019
Microsoft Azure News - August 2019Microsoft Azure News - August 2019
Microsoft Azure News - August 2019Daniel Toomey
 
Microsoft Azure News - Dec 2023
Microsoft Azure News - Dec 2023Microsoft Azure News - Dec 2023
Microsoft Azure News - Dec 2023Daniel Toomey
 
Microsoft Azure News - June 2020
Microsoft Azure News - June 2020Microsoft Azure News - June 2020
Microsoft Azure News - June 2020Daniel Toomey
 
Kubernetes Operability Tooling (GOTO Chicago 2019)
Kubernetes Operability Tooling (GOTO Chicago 2019)Kubernetes Operability Tooling (GOTO Chicago 2019)
Kubernetes Operability Tooling (GOTO Chicago 2019)bridgetkromhout
 
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...ShapeBlue
 
Microsoft Azure News - August 2021
Microsoft Azure News - August 2021Microsoft Azure News - August 2021
Microsoft Azure News - August 2021Daniel Toomey
 
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Identity Days
 
Microsoft Azure News - July 2020
Microsoft Azure News - July 2020Microsoft Azure News - July 2020
Microsoft Azure News - July 2020Daniel Toomey
 
Welcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack CommunityWelcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack CommunityShapeBlue
 
Community clouds from scratch
Community clouds from scratchCommunity clouds from scratch
Community clouds from scratchJordi Guijarro
 
Corda on Azure Blockchain
Corda on Azure BlockchainCorda on Azure Blockchain
Corda on Azure BlockchainJuarez Junior
 
Community Clouds from Scratch
Community Clouds from ScratchCommunity Clouds from Scratch
Community Clouds from ScratchNETWAYS
 
Microsoft Azure News - June 2021
Microsoft Azure News - June 2021Microsoft Azure News - June 2021
Microsoft Azure News - June 2021Daniel Toomey
 
Curso Microsoft Azure Solutions Arquitect Expert
Curso Microsoft Azure Solutions Arquitect ExpertCurso Microsoft Azure Solutions Arquitect Expert
Curso Microsoft Azure Solutions Arquitect ExpertJose Miguel Fenollosa Sendra
 
Start Automating InfluxDB Deployments at the Edge with balena
Start Automating InfluxDB Deployments at the Edge with balena Start Automating InfluxDB Deployments at the Edge with balena
Start Automating InfluxDB Deployments at the Edge with balena InfluxData
 
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Marc Müller
 
Microsoft Azure News - April 2024 .
Microsoft Azure News - April 2024 .Microsoft Azure News - April 2024 .
Microsoft Azure News - April 2024 .Daniel Toomey
 
VanillaJS & the Web Platform, a match made in heaven?
VanillaJS & the Web Platform, a match made in heaven?VanillaJS & the Web Platform, a match made in heaven?
VanillaJS & the Web Platform, a match made in heaven?Bertrand Delacretaz
 
Decide for Dummies
Decide for DummiesDecide for Dummies
Decide for Dummiespruizclaudia
 
DECIDE for Dummies
DECIDE for Dummies DECIDE for Dummies
DECIDE for Dummies DECIDEH2020
 
Bye bye Identity Server
Bye bye Identity ServerBye bye Identity Server
Bye bye Identity ServerSergio Navarro Pino
 
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptx
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptxFIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptx
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptxFIWARE
 
David Campro - FromData2ML (1).pptx
David Campro - FromData2ML (1).pptxDavid Campro - FromData2ML (1).pptx
David Campro - FromData2ML (1).pptxFIWARE
 
Citrix Octoblu Architecture Breakdown
Citrix Octoblu Architecture BreakdownCitrix Octoblu Architecture Breakdown
Citrix Octoblu Architecture BreakdownJohn Moody
 
Meet the Committers Webinar_ Lab Preparation
Meet the Committers Webinar_ Lab PreparationMeet the Committers Webinar_ Lab Preparation
Meet the Committers Webinar_ Lab PreparationTimothy Spann
 
Microsoft Azure News - 2019 January
Microsoft Azure News - 2019 JanuaryMicrosoft Azure News - 2019 January
Microsoft Azure News - 2019 JanuaryDaniel Toomey
 
Serverless PostGIS
Serverless PostGISServerless PostGIS
Serverless PostGISAddresscloud
 
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueCloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueShapeBlue
 
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...ShapeBlue
 

More Related Content

Similar to 2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue

Microsoft Azure News - July 2020
Microsoft Azure News - July 2020Microsoft Azure News - July 2020
Microsoft Azure News - July 2020Daniel Toomey
 
Welcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack CommunityWelcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack CommunityShapeBlue
 
Community clouds from scratch
Community clouds from scratchCommunity clouds from scratch
Community clouds from scratchJordi Guijarro
 
Corda on Azure Blockchain
Corda on Azure BlockchainCorda on Azure Blockchain
Corda on Azure BlockchainJuarez Junior
 
Community Clouds from Scratch
Community Clouds from ScratchCommunity Clouds from Scratch
Community Clouds from ScratchNETWAYS
 
Microsoft Azure News - June 2021
Microsoft Azure News - June 2021Microsoft Azure News - June 2021
Microsoft Azure News - June 2021Daniel Toomey
 
Start Automating InfluxDB Deployments at the Edge with balena
Start Automating InfluxDB Deployments at the Edge with balena Start Automating InfluxDB Deployments at the Edge with balena
Start Automating InfluxDB Deployments at the Edge with balena InfluxData
 
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Marc Müller
 
Microsoft Azure News - April 2024 .
Microsoft Azure News - April 2024 .Microsoft Azure News - April 2024 .
Microsoft Azure News - April 2024 .Daniel Toomey
 
VanillaJS & the Web Platform, a match made in heaven?
VanillaJS & the Web Platform, a match made in heaven?VanillaJS & the Web Platform, a match made in heaven?
VanillaJS & the Web Platform, a match made in heaven?Bertrand Delacretaz
 
Decide for Dummies
Decide for DummiesDecide for Dummies
Decide for Dummiespruizclaudia
 
DECIDE for Dummies
DECIDE for Dummies DECIDE for Dummies
DECIDE for Dummies DECIDEH2020
 
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptx
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptxFIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptx
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptxFIWARE
 
David Campro - FromData2ML (1).pptx
David Campro - FromData2ML (1).pptxDavid Campro - FromData2ML (1).pptx
David Campro - FromData2ML (1).pptxFIWARE
 
Citrix Octoblu Architecture Breakdown
Citrix Octoblu Architecture BreakdownCitrix Octoblu Architecture Breakdown
Citrix Octoblu Architecture BreakdownJohn Moody
 
Meet the Committers Webinar_ Lab Preparation
Meet the Committers Webinar_ Lab PreparationMeet the Committers Webinar_ Lab Preparation
Meet the Committers Webinar_ Lab PreparationTimothy Spann
 
Microsoft Azure News - 2019 January
Microsoft Azure News - 2019 JanuaryMicrosoft Azure News - 2019 January
Microsoft Azure News - 2019 JanuaryDaniel Toomey
 
Serverless PostGIS
Serverless PostGISServerless PostGIS
Serverless PostGISAddresscloud
 

Similar to 2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue (20)

Microsoft Azure News - July 2020
Microsoft Azure News - July 2020Microsoft Azure News - July 2020
Microsoft Azure News - July 2020
 
Welcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack CommunityWelcome and State of Apache CloudStack Community
Welcome and State of Apache CloudStack Community
 
Community clouds from scratch
Community clouds from scratchCommunity clouds from scratch
Community clouds from scratch
 
Corda on Azure Blockchain
Corda on Azure BlockchainCorda on Azure Blockchain
Corda on Azure Blockchain
 
Community Clouds from Scratch
Community Clouds from ScratchCommunity Clouds from Scratch
Community Clouds from Scratch
 
Microsoft Azure News - June 2021
Microsoft Azure News - June 2021Microsoft Azure News - June 2021
Microsoft Azure News - June 2021
 
Curso Microsoft Azure Solutions Arquitect Expert
Curso Microsoft Azure Solutions Arquitect ExpertCurso Microsoft Azure Solutions Arquitect Expert
Curso Microsoft Azure Solutions Arquitect Expert
 
Start Automating InfluxDB Deployments at the Edge with balena
Start Automating InfluxDB Deployments at the Edge with balena Start Automating InfluxDB Deployments at the Edge with balena
Start Automating InfluxDB Deployments at the Edge with balena
 
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
 
Microsoft Azure News - April 2024 .
Microsoft Azure News - April 2024 .Microsoft Azure News - April 2024 .
Microsoft Azure News - April 2024 .
 
VanillaJS & the Web Platform, a match made in heaven?
VanillaJS & the Web Platform, a match made in heaven?VanillaJS & the Web Platform, a match made in heaven?
VanillaJS & the Web Platform, a match made in heaven?
 
Decide for Dummies
Decide for DummiesDecide for Dummies
Decide for Dummies
 
DECIDE for Dummies
DECIDE for Dummies DECIDE for Dummies
DECIDE for Dummies
 
Bye bye Identity Server
Bye bye Identity ServerBye bye Identity Server
Bye bye Identity Server
 
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptx
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptxFIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptx
FIWARE for OPC UA Robots (The i4Q Use Case) - Gabriele De Luca.pptx
 
David Campro - FromData2ML (1).pptx
David Campro - FromData2ML (1).pptxDavid Campro - FromData2ML (1).pptx
David Campro - FromData2ML (1).pptx
 
Citrix Octoblu Architecture Breakdown
Citrix Octoblu Architecture BreakdownCitrix Octoblu Architecture Breakdown
Citrix Octoblu Architecture Breakdown
 
Meet the Committers Webinar_ Lab Preparation
Meet the Committers Webinar_ Lab PreparationMeet the Committers Webinar_ Lab Preparation
Meet the Committers Webinar_ Lab Preparation
 
Microsoft Azure News - 2019 January
Microsoft Azure News - 2019 JanuaryMicrosoft Azure News - 2019 January
Microsoft Azure News - 2019 January
 
Serverless PostGIS
Serverless PostGISServerless PostGIS
Serverless PostGIS
 

More from ShapeBlue

CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueCloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueShapeBlue
 
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...ShapeBlue
 
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueVM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueShapeBlue
 
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubHow We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubShapeBlue
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...ShapeBlue
 
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...ShapeBlue
 
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIOHow We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIOShapeBlue
 
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...ShapeBlue
 
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineShapeBlue
 
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...ShapeBlue
 
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...ShapeBlue
 
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...ShapeBlue
 
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...ShapeBlue
 
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...ShapeBlue
 
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueShapeBlue
 
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...ShapeBlue
 
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...ShapeBlue
 
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueShapeBlue
 
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...ShapeBlue
 
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueShapeBlue
 

More from ShapeBlue (20)

CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueCloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
 
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
 
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueVM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
 
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubHow We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
 
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
 
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIOHow We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
 
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
 
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
 
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
 
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
 
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
 
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
 
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
 
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
 
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
 
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
 
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
 
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
 
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue

  • 1. 2FA and OAuth2 in CloudStack Andrija Panic™ CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 2. About me, myself and I • Cloud Architect @ ShapeBlue • With “my teeth into” IT, Cloud and virtualization for last 15+ years • Involved with CloudStack since version 4.0.0-incubating • Apache CloudStack project committer and PMC member • Petrol head (dislike Tesla) • Wannabe drummer
  • 3. CloudStack Authentication Methods  Local passwords  LDAP  SSO/SAML2  OAUTH2 CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 4. CloudStack Authentication Methods  Local passwords (+ 2FA)  LDAP (+ 2FA)  SSO/SAML2 (+ 2FA)  OAUTH2 (+ 2FA) CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 5. Local Authentication  User’s password stored in DB  Encrypted  Can be hack-replaced with another user’s password (reset to a known value)  Comes as default CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 6. LDAP Authentication  Global LDAP config, or  Per-domain LDAP config  3 different ways of configuration  Manual import  Auto import  Auto sync  Takes some effort to configure CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 7. SAML/SSO Authentication  Require enabling the SAML 2.0 service provider plugin in CloudStack  Requires that admin enables each user for the SAML SSO login  SAML authentication plugin finds user accounts whose username match the username attribute value returned by the SAML authentication response  Tested with Shibboleth 2.4, SSOCircle, Microsoft ADFS, OneLogin, Feide OpenIDP , PingIdentity  Takes some effort to configure CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 8. OAuth2 Authentication  Require enabling the OAuth2 plugin in CloudStack  Currently supports Google and GitHub  OAuth2 plugin finds user accounts whose email match the email attribute value returned by the OAuth2 service provider  Pretty easy to configure CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 9. OAuth2 Authentication CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 10. 2FA CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 11. Why 2FA?  Make end-user’s life more miserable! CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 12. Why 2FA?  Additional layer of security:  Prevents man-in-the-middle attack  Prevents attacker access if they have your password  Prevents hijacking an account CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 13. 2FA configuration  Introduced in ACS 4.18.0.0  Disabled by default, needs to be enabled  Optional (i.e. not mandatory), by default  Can be set to mandatory, optionally CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 14. 2FA configuration  TOTP or static pin  TOTP: Google/other Authenticator  Static PIN – nor a real 2FA ?  (stored in ACS database)  Can be disabled/enabled per domain  “Issuer” (visible inside the TOTP app) can be configured per domain CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 15. 2FA DB-hacks  Disable 2FA for a user  UPDATE cloud.user SET is_user_2fa_enabled=0, key_for_2fa=NULL, user_2fa_provider=NULL WHERE id=xxxxx;  Set static PIN for a user  UPDATE cloud.user SET is_user_2fa_enabled=1, key_for_2fa=123456, user_2fa_provider='staticpin’ WHERE id=xxxxx;  Disabling 2FA globally, does not remove 2FA that is already set for a user CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 16. 2FA demo  Let’s do it later together with OAuth2 demo! CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 17. OAuth2 CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 18. Why OAuth2?  Available from CloudStack 4.19.0.0  Enables users to authenticate against their own organizations  GitHub and Google currently supported  Others can be added easily  Modern, widely used, secure CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 19. OAuth2 configuration  Disabled by default  Once enabled, new "OAuth configuration" available under the "Configuration" menu  Google and GitHub currently supported  Needs configuration on the provider's side (Google or GitHub) – usually only “Name” and "Authorised redirect URIs" (redirect URL of ACS) need to be specified.  Provider generates ID, secret – and this is added to CloudStack, under “Oauth configuration” menu CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 20. OAuth2 configuration  Needs a user with matching email created previously inside ACS  User can still use local authentication (with his password)  Redirect ULR in form of “http://mycloud.com:8080/?verifyOau th” CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 21. DEMO  Let’s configure GitHub-based OAuth2 and enable 2FA for that user! CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France
  • 22. CloudStack Collaboration Conference 2023 / #CSCollab2023 / 23-24 Nov 2023 / Paris, France