SlideShare a Scribd company logo
1 of 18
Download to read offline
CloudStack
Authentication Methods
- Harikrishna
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
About me
– Harikrishna Patnala from Hyderabad, India
– Software Development Engineer at ShapeBlue
– Apache CloudStack committer and PMC member
– Born and brought up in CloudStack
– Previously worked at Accelerite and Citrix
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
Existing
Authentication
Methods
Ø Local passwords
Ø LDAP
Ø SSO / SAML2
Ø OAUTH2
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
Existing
Authentication
Methods
Ø Local passwords (+ 2FA)
Ø LDAP (+ 2FA)
Ø SSO / SAML2 (+ 2FA)
Ø OAUTH2 (+ 2FA)
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
LocalAuthentication
– User’s password stored in DB
– Encrypted
– Can be hack-replaced with another user’s password (reset to a known value)
– Comes as default
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
LocalAuthentication
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
LDAPAuthentication
– Global LDAP config
– Per-domain LDAP config
– 3 different ways of configuration
– Manual import
– Auto import
– Auto sync
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
SAML/SSOAuthentication
– Requires enabling of the SAML 2.0 service provider plugin in CloudStack
– Requires that admin enables each user for the SAML SSO login
– SAML authentication plugin finds user accounts whose username match the
username attribute value returned by the SAML authentication response
– Tested with Shibboleth 2.4, SSOCircle, Microsoft ADFS, OneLogin, Feide OpenIDP,
PingIdentity
– Takes some effort to configure
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
SAML/SSOAuthentication
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
OAuth2Authentication
– Require enabling the OAuth2 plugin in CloudStack
– Currently supports Google and GitHub
– OAuth2 plugin finds user accounts whose email match the email attribute value
returned by the OAuth2 service provider
– Available from CloudStack 4.19.0.0
– Pretty easy to configure
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
OAuth2Authentication
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
OAuth2 configuration
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
– Disabled by default
– Once enabled, new "OAuth configuration" available under the
"Configuration" menu
– Needs configuration on the provider's side (Google or GitHub)
– Provider generates ID, secret – and this is added to CloudStack, under
“Oauth configuration” menu
OAuth2 configuration
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
– Needs a user with matching email created previously inside ACS
– User can still use local authentication
(with password)
– Redirect URL in the form of “http://mycloud.com:8080/?verifyOauth”
2FA
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
Why 2FA ?
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
Ø Additional layer of security
Ø Prevents man-in-the-middle attack
Ø
Ø Prevents attacker access if they have your password
Ø Prevents hijacking an account
2FA configuration
– Introduced in ACS 4.18.0.0
– Disabled by default, needs to be enabled
– Optional (i.e. not mandatory), by default
– Can be set to mandatory, optionally
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
2FA configuration
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
– TOTP or static pin
– TOTP: Google/other Authenticator
– Static PIN – not a real 2FA !
– (stored in ACS database)
– Can be disabled/enabled per domain
– “Issuer” (visible inside theTOTP app) can
be configured per domain
Q &A
#CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad

More Related Content

Similar to CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue

CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0Krishna-Kumar
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 
Raspberry pi and Google Cloud
Raspberry pi and Google CloudRaspberry pi and Google Cloud
Raspberry pi and Google CloudFaisal Mehmood
 
FIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
FIDO2 : vers la fin des mots de passe ? - Par Arnaud JumeletFIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
FIDO2 : vers la fin des mots de passe ? - Par Arnaud JumeletIdentity Days
 
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakHitachi, Ltd. OSS Solution Center.
 
Into the Fluffs: Security Comliance and Audit in the Cloud
Into the Fluffs: Security Comliance and Audit in the CloudInto the Fluffs: Security Comliance and Audit in the Cloud
Into the Fluffs: Security Comliance and Audit in the CloudPouria Ghatrenabi
 
EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020Peter Selch Dahl
 
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughAzure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughVinu Gunasekaran
 
Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Michael Collier
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Security Conference
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
SecureAuth Solution Enhancements in 2017
SecureAuth Solution Enhancements in 2017SecureAuth Solution Enhancements in 2017
SecureAuth Solution Enhancements in 2017SecureAuth
 
The Glass Class - Tutorial 2 - Mirror API
The Glass Class - Tutorial 2 - Mirror APIThe Glass Class - Tutorial 2 - Mirror API
The Glass Class - Tutorial 2 - Mirror APIGun Lee
 
Microsoft Azure News - April 2024 .
Microsoft Azure News - April 2024      .Microsoft Azure News - April 2024      .
Microsoft Azure News - April 2024 .Daniel Toomey
 
Microsoft Azure News - June 2020
Microsoft Azure News - June 2020Microsoft Azure News - June 2020
Microsoft Azure News - June 2020Daniel Toomey
 
Integrating LINE Login with Firebase
Integrating LINE Login with Firebase Integrating LINE Login with Firebase
Integrating LINE Login with Firebase LINE Corporation
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
CloudHub 2.0 + Shared Space Demo | MuleSoft Mysore Meetup #22
CloudHub 2.0 + Shared Space Demo | MuleSoft Mysore Meetup #22CloudHub 2.0 + Shared Space Demo | MuleSoft Mysore Meetup #22
CloudHub 2.0 + Shared Space Demo | MuleSoft Mysore Meetup #22MysoreMuleSoftMeetup
 

Similar to CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue (20)

CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential Management
 
Raspberry pi and Google Cloud
Raspberry pi and Google CloudRaspberry pi and Google Cloud
Raspberry pi and Google Cloud
 
FIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
FIDO2 : vers la fin des mots de passe ? - Par Arnaud JumeletFIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
FIDO2 : vers la fin des mots de passe ? - Par Arnaud Jumelet
 
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
 
Into the Fluffs: Security Comliance and Audit in the Cloud
Into the Fluffs: Security Comliance and Audit in the CloudInto the Fluffs: Security Comliance and Audit in the Cloud
Into the Fluffs: Security Comliance and Audit in the Cloud
 
EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020
 
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughAzure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
 
Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
 
SecureAuth Solution Enhancements in 2017
SecureAuth Solution Enhancements in 2017SecureAuth Solution Enhancements in 2017
SecureAuth Solution Enhancements in 2017
 
The Glass Class - Tutorial 2 - Mirror API
The Glass Class - Tutorial 2 - Mirror APIThe Glass Class - Tutorial 2 - Mirror API
The Glass Class - Tutorial 2 - Mirror API
 
Microsoft Azure News - April 2024 .
Microsoft Azure News - April 2024      .Microsoft Azure News - April 2024      .
Microsoft Azure News - April 2024 .
 
Microsoft Azure News - June 2020
Microsoft Azure News - June 2020Microsoft Azure News - June 2020
Microsoft Azure News - June 2020
 
Integrating LINE Login with Firebase
Integrating LINE Login with Firebase Integrating LINE Login with Firebase
Integrating LINE Login with Firebase
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
 
CloudHub 2.0 + Shared Space Demo | MuleSoft Mysore Meetup #22
CloudHub 2.0 + Shared Space Demo | MuleSoft Mysore Meetup #22CloudHub 2.0 + Shared Space Demo | MuleSoft Mysore Meetup #22
CloudHub 2.0 + Shared Space Demo | MuleSoft Mysore Meetup #22
 

More from ShapeBlue

CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueCloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueShapeBlue
 
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...ShapeBlue
 
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueVM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueShapeBlue
 
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubHow We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubShapeBlue
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...ShapeBlue
 
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...ShapeBlue
 
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIOHow We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIOShapeBlue
 
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...ShapeBlue
 
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...ShapeBlue
 
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineShapeBlue
 
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...ShapeBlue
 
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...ShapeBlue
 
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...ShapeBlue
 
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...ShapeBlue
 
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...ShapeBlue
 
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueShapeBlue
 
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...ShapeBlue
 
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...ShapeBlue
 
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueShapeBlue
 
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...ShapeBlue
 

More from ShapeBlue (20)

CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueCloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
 
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
 
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueVM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
 
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubHow We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
 
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
 
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIOHow We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
 
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
 
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
 
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
 
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
 
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
 
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
 
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
 
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
 
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
 
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
 
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
 
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
 
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue

  • 1. CloudStack Authentication Methods - Harikrishna #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 2. About me – Harikrishna Patnala from Hyderabad, India – Software Development Engineer at ShapeBlue – Apache CloudStack committer and PMC member – Born and brought up in CloudStack – Previously worked at Accelerite and Citrix #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 3. Existing Authentication Methods Ø Local passwords Ø LDAP Ø SSO / SAML2 Ø OAUTH2 #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 4. Existing Authentication Methods Ø Local passwords (+ 2FA) Ø LDAP (+ 2FA) Ø SSO / SAML2 (+ 2FA) Ø OAUTH2 (+ 2FA) #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 5. LocalAuthentication – User’s password stored in DB – Encrypted – Can be hack-replaced with another user’s password (reset to a known value) – Comes as default #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 6. LocalAuthentication #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 7. LDAPAuthentication – Global LDAP config – Per-domain LDAP config – 3 different ways of configuration – Manual import – Auto import – Auto sync #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 8. SAML/SSOAuthentication – Requires enabling of the SAML 2.0 service provider plugin in CloudStack – Requires that admin enables each user for the SAML SSO login – SAML authentication plugin finds user accounts whose username match the username attribute value returned by the SAML authentication response – Tested with Shibboleth 2.4, SSOCircle, Microsoft ADFS, OneLogin, Feide OpenIDP, PingIdentity – Takes some effort to configure #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 9. SAML/SSOAuthentication #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 10. OAuth2Authentication – Require enabling the OAuth2 plugin in CloudStack – Currently supports Google and GitHub – OAuth2 plugin finds user accounts whose email match the email attribute value returned by the OAuth2 service provider – Available from CloudStack 4.19.0.0 – Pretty easy to configure #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 11. OAuth2Authentication #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 12. OAuth2 configuration #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad – Disabled by default – Once enabled, new "OAuth configuration" available under the "Configuration" menu – Needs configuration on the provider's side (Google or GitHub) – Provider generates ID, secret – and this is added to CloudStack, under “Oauth configuration” menu
  • 13. OAuth2 configuration #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad – Needs a user with matching email created previously inside ACS – User can still use local authentication (with password) – Redirect URL in the form of “http://mycloud.com:8080/?verifyOauth”
  • 14. 2FA #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 15. Why 2FA ? #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad Ø Additional layer of security Ø Prevents man-in-the-middle attack Ø Ø Prevents attacker access if they have your password Ø Prevents hijacking an account
  • 16. 2FA configuration – Introduced in ACS 4.18.0.0 – Disabled by default, needs to be enabled – Optional (i.e. not mandatory), by default – Can be set to mandatory, optionally #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad
  • 17. 2FA configuration #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad – TOTP or static pin – TOTP: Google/other Authenticator – Static PIN – not a real 2FA ! – (stored in ACS database) – Can be disabled/enabled per domain – “Issuer” (visible inside theTOTP app) can be configured per domain
  • 18. Q &A #CSIUG2024 / CloudStack India User Group Meetup / Feb 23rd, 2024 / Hyderabad