SlideShare a Scribd company logo

Authentication and beyond, Atlassian aplications

Download as PPTX, PDF
Ambientia
Ambientia

JIRA & Confluence Nordic Conference 9.10.2014 Jussi Haaja, Ambientia

Technology
1 of 31
Authentication and beyond, Atlassian applications JIRA and Confluence Nordic Conference 2014 Jussi Haaja Senior Systems Specialist Twitter @jussihaaja
Today’s topics • Main focus on Confluence and JIRA • Basic authentication options • Active Directory –integration • Using Atlassian Crowd • Implementing Single Sign On • Atlassian Crowd • Utilizing operating system tools • Using application plugins • Choosing a SSO implementation strategy • Some real world examples • Other applications (Stash, Bamboo, FishEye)
Me • Senior Systems Specialist • In Ambientia from 2010 onwards • Part of Ambientia’s Data Centre Services team • Concept Owner of Ambientia Cloud • JIRA and Confluence SaaS service • Lots of experience integrating different SSO systems to Atlassian applications • Kerberos and NTLM • Active Directory Federation Services • Shibboleth (HAKA) • Twitter @jussihaaja
The Basics • The enabling technology • Integrating with Active Directory • Using Atlassian Crowd
The Basics: Technological platform • Parts of Atlassian Crowd have been integrated into other Atlassian applications for a few years • Confluence from version 3.5 onwards • JIRA from version 4.1 onwards • The ”embedded Crowd” provides functionality to integrate external user directories • Confluence and JIRA also share the same internal authentication framework, Atlassian Seraph • Seraph can be extended (via custom plugins) to support different authentication methods.
The Basics: Active Directory • The basic Active Directory integration: • Configurable from the admin interface • No editing of files necessary! • Synchronizes users and groups from AD • AD groups can be used to manage access rights (eg. Confluence spaces, JIRA projects) • Or you can use groups local to the application (but do not mix and match!) • Authentication events happen against the AD server (no password data stored in the application) • Note: Active Directory integration by itself does not provide SSO • Note: applies also to JIRA and Stash Confluence server Active Directory server LDAP or LDAPS
The Basics: Atlassian Crowd • Conceptually similar to a plain AD integration • Users can reside either in: • A Crowd Internal directory (in Crowd’s database) • In a external user directory Crowd acts as a proxy for (e.g. AD) • Configurable from applications’ admin interface • Of course, Crowd needs to be installed and configured separately.. Confluence server Atlassian Crowd Crowd (HTTP) Active Directory LDAP or LDAPS JIRA server
The Basics: Atlassian Crowd continued • JIRA can be used as a low end Crowd substitute • User accounts for Confluence, Stash, Bamboo and FishEye can be managed in JIRA without a separate Crowd-installation • This provides only centralized user account management, Single Sign On is not possible Confluence server Atlassian JIRA Crowd (HTTP) Active Directory LDAP or LDAPS Stash server
Should I use Crowd, then? • Pros for using Crowd: • Drastically simplifies configuration in applications (complexity moved to Crowd) • Especially when multiple external directories need to be configured per application • Possibility to implement a Crowd based single-sign on (more on this later) • Crowd can be used to manage authentication for other Web applications as well (via Crowd’s API and CrowdID, an OpenID server implementation) • Cons for using Crowd: • Requires a Crowd installation, license and so on • Somewhat restricts types of SSO that can be done
Where Crowd really shines Crowd SSO domain Confluence server Atlassian Crowd Crowd (HTTP) Active Directory #2 LDAP or LDAPS JIRA server Active Directory #1 Biz app server - Easily create an SSO domain where logging in to a single application logs you into all Crowd-enabled applications at once - Easily federate multiple external user directories to a single logon domain
Single Sign-On • The basic principles • Using Atlassian Crowd • Using operating system’s components • Using authentication plugins • Deciding on a SSO implementation strategy
Single Sign-On basics • Atlassian Seraph (the authentication framework used by Confluence and JIRA, remember?) allows extension of the authentication framework by implementing new authenticators which replace the out-of-the-box method of authenticating the user (user and password supplied by HTTP POST) by some other means • Usually this means either: • Relying on an external authentication source to authenticate the user • For example, Apache mod_auth –modules or similar • Implementing the complete authentication chain within the authenticator plugin
Single Sign-On basics continues • Most SSO implementations do not substitute a user directory integration • This means that you need by some means provide/import/create the user accounts to the application • Usually this is done by integrating the applications to either directly to Active Directory or via Atlassian Crowd • Or you can create the user accounts directly in the application • The SSO only performs the authentication • In most cases the user accounts have to be managed separately
Atlassian Crowd based SSO • Crowd based SSO is a Web-based SSO implementation • It relies on a presence of a HTTP cookie called crowd.token_key (although this can be changed) • Confluence and JIRA both come with an compatible authenticator • As previously noted, Crowd based SSO can be fairly easily extended to other (non-Atlassian) applications as well • The main downside is that Crowd based SSO cannot be integrated to workstation login • This means that user needs to log in to one of the applications in the SSO domain using his/her username and password
Utilizing operating system’s components • Utilizing operating system’s components for Single Sign On is usually accomplished by authenticating the user’s session on a Web frontend server (Apache httpd, IIS) or on the Web container level (Tomcat) and then passing the name of the authenticated user via HttpServletRequest object’s getRemoteUser method • This method can be used with (for example): • Kerberos-based Single Sign On (using Apache httpd and mod_auth_kerb) that is tied to Windows domain login • Shibboleth-based Single Sign On (using Apache httpd and mod_shib) with either Active Directory Federation Services or other SAML 2.0 –compatible identity provider • These approaches require use of a custom authenticator that can utilize the information passed from the frontend Web server • e.g. the Confluence HTTP authenticator
Using application specific plugins • There are also application level plugins (custom authenticators) that perform the complete authentication chain by themselves • Made by AppFusions and resolution among others • These authenticators function independently, without help from operating system’s components
Deciding on a SSO strategy • Most application level plugins (the ones that implement the complete authentication chain) are commercial and thus incur the cost of a license (up to thousands of dollars) • Despite the costs, if you are not familiar (or do not have access to people with knowledge of) with your operating system’s authentication facilities or otherwise lack access to them, these plugins are a good option. • Using application plugins also make the application more self- contained and easier to relocate.
Deciding on a SSO strategy continued • On the flipside, you can get going without additional license costs when utilizing operating system’s facilities to implement the actual authentication event and just pass the results to the application server • For instance, the Confluence HTTP Authenticator is a freely available authenticator without any licensing fees and can be used with a solution like this • Utilizing operating sytem’s components also makes the code for the custom authenticator (if you cannot use a readily available one) a lot less complex since it only has to worry about being able to read a preauthenticated user name from the HTTP request object. • Using your operating system’s components as parts of the application’s authentication chain make the application more dependent on the underlying operating system. • This may or may not be an issue. It all depends on your environment.
A couple of real world examples • Kerberos • Active Directory Federation Services
Real world examples: Kerberos Kerberos-based authentication is a ”workstation” SSO, which means that an user logged in to a Windows domain is automatically logged in to the SSO-enabled application (Confluence in this example) For the Kerberos based SSO to work, a user account needs to be created in the Active Directory for the Confluence server with proper Service Principal Name mappings in place. The server running httpd also needs to be able to communicate with the Kerberos KDC (usually a domain controller in a Windows domain) mod_auth_kerb also needs a working ”keytab file” to authenticate against Kerberos without supplying a username and password. Note: thesecomponents can reside within a single server Confluence serverService user Authenticated to Windows domain as username HTTP Active Directory Kerberos KDC Web server Apache httpd mod_auth_kerb Kerberos traffic AJP (Apache JServ) REMOTE_USER = username
Real world examples: Active Directory Federation Services Note: thesecomponents can reside within a single server Confluence serverService user Authenticated to Windows domain as username HTTP Web server Apache httpd mod_shib AJP (Apache JServ) REMOTE_USER = username Active Directory Shibboleth service provider shibd ADFS Federation Server (with Active Directory backend) • ADFS-based Single Sign-On utilizes the Active Directory Federation Services SAML 2.0 endpoints to authenticate users • The Confluence server runs a Shibboleth service provider which is configured as a Relying Party to ADFS • Authenticated user is presented to Confluence via REMOTE_USER header • This is conceptually similar to the previous Kerberos example, although trickier to configure • Usually used in environments where policies prohibit application server connections to domain controllers
Quick look on other applications • Stash • Bamboo • FishEye
Other applications: Stash • Unfortunately, Stash does not use Atlassian Seraph as it’s authentication framework • It uses Spring Security instead • Crowd-based SSO is supported out of the box • There is a experimental plugin by Michael Heemskerk (from Atlassian) available in BitBucket which provides a similar authentication mechanism as described in previous examples • ie. one that relies on presence of REMOTE_USER in the HttpServletRequest
Other applications: Bamboo • Bamboo uses Atlassian Seraph and as such it would be possible to implement an authenticator similar to ones that are available for Confluence and JIRA to implement SSO • For whatever reason, even very recent versions of Bamboo do not have the embedded Crowd –functionality present in most of other Atlassian’s applications • Instead, Bamboo still relies on older, so called ”atlassian-user” way of configuring the user directories • The name comes from the configuration file called ”atlassian-user.xml” in which the configuration is stored
Other applications: FishEye • FishEye uses a yet another authentication framework • However, the authentication framework allows extensions and the default authenticator can be replaced by a custom one • Of course, Crowd-based SSO is supported out-of-the-box
Other applications: summary • Stash does have an experimental plug-in to utilize operating system’s components to perform authentication • It still needs more field testing to see if it is a viable solution or not in the long run • Bamboo’s authentication framework is built on Atlassian Seraph but unfortunately there are no freely available custom authenticators • FishEye has its own authentication framework, for which freely available custom authenticators do not exist
Final recap
If you have a lot of Atlassian applications deployed • Atlassian Crowd is supported by all Atlassian applications out-of- the-box • Although some configuration is required • Crowd-based SSO can be extended to other than Atlassian applications by use of either • CrowdID (an OpenID server bundled with Crowd) • Apache httpd module mod_authnz_crowd • Custom code for your application • Atlassian applications use multiple authentication frameworks, which would need separate plugins developed for each application to handle a single SSO solution
If you have an existing Single Sign On solution • If you have an existing, organisation wide SSO-solution deployed, it might be worthwhile to bite the bullet and make Atlassian applications to utilize that solution • If you can get away with it, my recommendation is to utilize operating system’s components to handle most of the authentication related tasks • Keep the applications’ custom authenticator dead simple • Many SSO-solutions offer e.g. Apache httpd modules that can be used to handle the authentication • I’ll admit there are cases where this is not feasible. Then you have to either develop the authenticators in-house or source them elsewhere.
If you are using only JIRA and/or Confluence and no existing SSO-solution exists • As the amount of applications if fairly low, it probably makes sense to go for separate SSO implementations for both applications • e.g. Kerberos-based workstation SSO • Again, keep the custom authenticators simple (or use publicly available ones) and utilize operating system’s components, if at all possible • As usual, using Crowd is also a great option
Thank you!

Recommended

Atlassian meets Kerberos
Atlassian meets KerberosAtlassian meets Kerberos
Atlassian meets KerberosNils Hofmeister
 
HTML5 Server Sent Events/JSF JAX 2011 Conference
HTML5 Server Sent Events/JSF JAX 2011 ConferenceHTML5 Server Sent Events/JSF JAX 2011 Conference
HTML5 Server Sent Events/JSF JAX 2011 ConferenceRoger Kitain
 
Servletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postServletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postvamsi krishna
 
Securing REST APIs
Securing REST APIsSecuring REST APIs
Securing REST APIsClaire Hunsaker
 
HTML5 Refresher
HTML5 RefresherHTML5 Refresher
HTML5 RefresherIvano Malavolta
 
Play + scala + reactive mongo
Play + scala + reactive mongoPlay + scala + reactive mongo
Play + scala + reactive mongoMax Kremer
 
Tips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC ApplicationsTips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC ApplicationsSarvesh Kushwaha
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security EcosystemPrabath Siriwardena
 

Recommended

Atlassian meets Kerberos
Atlassian meets KerberosAtlassian meets Kerberos
Atlassian meets KerberosNils Hofmeister
 
HTML5 Server Sent Events/JSF JAX 2011 Conference
HTML5 Server Sent Events/JSF JAX 2011 ConferenceHTML5 Server Sent Events/JSF JAX 2011 Conference
HTML5 Server Sent Events/JSF JAX 2011 ConferenceRoger Kitain
 
Servletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postServletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postvamsi krishna
 
Securing REST APIs
Securing REST APIsSecuring REST APIs
Securing REST APIsClaire Hunsaker
 
HTML5 Refresher
HTML5 RefresherHTML5 Refresher
HTML5 RefresherIvano Malavolta
 
Play + scala + reactive mongo
Play + scala + reactive mongoPlay + scala + reactive mongo
Play + scala + reactive mongoMax Kremer
 
Tips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC ApplicationsTips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC ApplicationsSarvesh Kushwaha
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security EcosystemPrabath Siriwardena
 
Sherlock Homepage - A detective story about running large web services - NDC ...
Sherlock Homepage - A detective story about running large web services - NDC ...Sherlock Homepage - A detective story about running large web services - NDC ...
Sherlock Homepage - A detective story about running large web services - NDC ...Maarten Balliauw
 
High-Performance Hibernate Devoxx France 2016
High-Performance Hibernate Devoxx France 2016High-Performance Hibernate Devoxx France 2016
High-Performance Hibernate Devoxx France 2016Vlad Mihalcea
 
Web api scalability and performance
Web api scalability and performanceWeb api scalability and performance
Web api scalability and performanceHimanshu Desai
 
10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websites10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websitesoazabir
 
Asynchronous web apps with the Play Framework 2.0
Asynchronous web apps with the Play Framework 2.0Asynchronous web apps with the Play Framework 2.0
Asynchronous web apps with the Play Framework 2.0Oscar Renalias
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debateRestlet
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundDirkjanMollema
 
Get more than a cache back! The Microsoft Azure Redis Cache (NDC Oslo)
Get more than a cache back! The Microsoft Azure Redis Cache (NDC Oslo)Get more than a cache back! The Microsoft Azure Redis Cache (NDC Oslo)
Get more than a cache back! The Microsoft Azure Redis Cache (NDC Oslo)Maarten Balliauw
 
Scaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersScaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersoazabir
 
High Performance Hibernate JavaZone 2016
High Performance Hibernate JavaZone 2016High Performance Hibernate JavaZone 2016
High Performance Hibernate JavaZone 2016Vlad Mihalcea
 
Java Play RESTful ebean
Java Play RESTful ebeanJava Play RESTful ebean
Java Play RESTful ebeanFaren faren
 
Simplify your integrations with Apache Camel
Simplify your integrations with Apache CamelSimplify your integrations with Apache Camel
Simplify your integrations with Apache CamelKenneth Peeples
 
Java Play Restful JPA
Java Play Restful JPAJava Play Restful JPA
Java Play Restful JPAFaren faren
 
Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...Maarten Balliauw
 
40+ tips to use Postman more efficiently
40+ tips to use Postman more efficiently40+ tips to use Postman more efficiently
40+ tips to use Postman more efficientlypostmanclient
 
ASP.NET Core 1.0
ASP.NET Core 1.0ASP.NET Core 1.0
ASP.NET Core 1.0Ido Flatow
 
Building Scalable .NET Web Applications
Building Scalable .NET Web ApplicationsBuilding Scalable .NET Web Applications
Building Scalable .NET Web ApplicationsBuu Nguyen
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
TriHUG 2/14: Apache Sentry
TriHUG 2/14: Apache SentryTriHUG 2/14: Apache Sentry
TriHUG 2/14: Apache Sentrytrihug
 
Plugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGemsPlugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGemsSadayuki Furuhashi
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CJoonas Westlin
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentFelipe Prado
 

More Related Content

What's hot

Sherlock Homepage - A detective story about running large web services - NDC ...
Sherlock Homepage - A detective story about running large web services - NDC ...Sherlock Homepage - A detective story about running large web services - NDC ...
Sherlock Homepage - A detective story about running large web services - NDC ...Maarten Balliauw
 
High-Performance Hibernate Devoxx France 2016
High-Performance Hibernate Devoxx France 2016High-Performance Hibernate Devoxx France 2016
High-Performance Hibernate Devoxx France 2016Vlad Mihalcea
 
Web api scalability and performance
Web api scalability and performanceWeb api scalability and performance
Web api scalability and performanceHimanshu Desai
 
10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websites10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websitesoazabir
 
Asynchronous web apps with the Play Framework 2.0
Asynchronous web apps with the Play Framework 2.0Asynchronous web apps with the Play Framework 2.0
Asynchronous web apps with the Play Framework 2.0Oscar Renalias
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debateRestlet
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundDirkjanMollema
 
Get more than a cache back! The Microsoft Azure Redis Cache (NDC Oslo)
Get more than a cache back! The Microsoft Azure Redis Cache (NDC Oslo)Get more than a cache back! The Microsoft Azure Redis Cache (NDC Oslo)
Get more than a cache back! The Microsoft Azure Redis Cache (NDC Oslo)Maarten Balliauw
 
Scaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersScaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersoazabir
 
High Performance Hibernate JavaZone 2016
High Performance Hibernate JavaZone 2016High Performance Hibernate JavaZone 2016
High Performance Hibernate JavaZone 2016Vlad Mihalcea
 
Java Play RESTful ebean
Java Play RESTful ebeanJava Play RESTful ebean
Java Play RESTful ebeanFaren faren
 
Simplify your integrations with Apache Camel
Simplify your integrations with Apache CamelSimplify your integrations with Apache Camel
Simplify your integrations with Apache CamelKenneth Peeples
 
Java Play Restful JPA
Java Play Restful JPAJava Play Restful JPA
Java Play Restful JPAFaren faren
 
Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...Maarten Balliauw
 
40+ tips to use Postman more efficiently
40+ tips to use Postman more efficiently40+ tips to use Postman more efficiently
40+ tips to use Postman more efficientlypostmanclient
 
ASP.NET Core 1.0
ASP.NET Core 1.0ASP.NET Core 1.0
ASP.NET Core 1.0Ido Flatow
 
Building Scalable .NET Web Applications
Building Scalable .NET Web ApplicationsBuilding Scalable .NET Web Applications
Building Scalable .NET Web ApplicationsBuu Nguyen
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
TriHUG 2/14: Apache Sentry
TriHUG 2/14: Apache SentryTriHUG 2/14: Apache Sentry
TriHUG 2/14: Apache Sentrytrihug
 
Plugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGemsPlugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGemsSadayuki Furuhashi
 

What's hot (20)

Sherlock Homepage - A detective story about running large web services - NDC ...
Sherlock Homepage - A detective story about running large web services - NDC ...Sherlock Homepage - A detective story about running large web services - NDC ...
Sherlock Homepage - A detective story about running large web services - NDC ...
 
High-Performance Hibernate Devoxx France 2016
High-Performance Hibernate Devoxx France 2016High-Performance Hibernate Devoxx France 2016
High-Performance Hibernate Devoxx France 2016
 
Web api scalability and performance
Web api scalability and performanceWeb api scalability and performance
Web api scalability and performance
 
10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websites10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websites
 
Asynchronous web apps with the Play Framework 2.0
Asynchronous web apps with the Play Framework 2.0Asynchronous web apps with the Play Framework 2.0
Asynchronous web apps with the Play Framework 2.0
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debate
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHound
 
Get more than a cache back! The Microsoft Azure Redis Cache (NDC Oslo)
Get more than a cache back! The Microsoft Azure Redis Cache (NDC Oslo)Get more than a cache back! The Microsoft Azure Redis Cache (NDC Oslo)
Get more than a cache back! The Microsoft Azure Redis Cache (NDC Oslo)
 
Scaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersScaling asp.net websites to millions of users
Scaling asp.net websites to millions of users
 
High Performance Hibernate JavaZone 2016
High Performance Hibernate JavaZone 2016High Performance Hibernate JavaZone 2016
High Performance Hibernate JavaZone 2016
 
Java Play RESTful ebean
Java Play RESTful ebeanJava Play RESTful ebean
Java Play RESTful ebean
 
Simplify your integrations with Apache Camel
Simplify your integrations with Apache CamelSimplify your integrations with Apache Camel
Simplify your integrations with Apache Camel
 
Java Play Restful JPA
Java Play Restful JPAJava Play Restful JPA
Java Play Restful JPA
 
Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...Sherlock Homepage - A detective story about running large web services - WebN...
Sherlock Homepage - A detective story about running large web services - WebN...
 
40+ tips to use Postman more efficiently
40+ tips to use Postman more efficiently40+ tips to use Postman more efficiently
40+ tips to use Postman more efficiently
 
ASP.NET Core 1.0
ASP.NET Core 1.0ASP.NET Core 1.0
ASP.NET Core 1.0
 
Building Scalable .NET Web Applications
Building Scalable .NET Web ApplicationsBuilding Scalable .NET Web Applications
Building Scalable .NET Web Applications
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
TriHUG 2/14: Apache Sentry
TriHUG 2/14: Apache SentryTriHUG 2/14: Apache Sentry
TriHUG 2/14: Apache Sentry
 
Plugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGemsPlugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGems
 

Similar to Authentication and beyond, Atlassian aplications

Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CJoonas Westlin
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentFelipe Prado
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOCoLaboraDK
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAnthony Clendenen
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Tech Talk on Cloud Computing
Tech Talk on Cloud ComputingTech Talk on Cloud Computing
Tech Talk on Cloud ComputingITviec
 
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016Amazon Web Services
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Security Conference
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenO365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenNCCOMMS
 
Developing Apps for SharePoint 2013
Developing Apps for SharePoint 2013Developing Apps for SharePoint 2013
Developing Apps for SharePoint 2013SPC Adriatics
 
IBM Social Business Toolkit
IBM Social Business ToolkitIBM Social Business Toolkit
IBM Social Business ToolkitVan Staub, MBA
 
Drupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsDrupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsAlex S
 
Microservices and Serverless for Mega Startups - DevOps IL Meetup
Microservices and Serverless for Mega Startups - DevOps IL MeetupMicroservices and Serverless for Mega Startups - DevOps IL Meetup
Microservices and Serverless for Mega Startups - DevOps IL MeetupBoaz Ziniman
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Max Fritz
 
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the EnterpriseAdobe Flash Platform for the Enterprise
Adobe Flash Platform for the EnterpriseMike Slinn
 
Microsoft Azure Kimlik Yönetimi
Microsoft Azure Kimlik YönetimiMicrosoft Azure Kimlik Yönetimi
Microsoft Azure Kimlik YönetimiÖnder Değer
 

Similar to Authentication and beyond, Atlassian aplications (20)

Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
 
Azure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSOAzure PTA vs ADFS vs Desktop SSO
Azure PTA vs ADFS vs Desktop SSO
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD Deployment
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
 
Tech Talk on Cloud Computing
Tech Talk on Cloud ComputingTech Talk on Cloud Computing
Tech Talk on Cloud Computing
 
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
 
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenO365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
 
Developing Apps for SharePoint 2013
Developing Apps for SharePoint 2013Developing Apps for SharePoint 2013
Developing Apps for SharePoint 2013
 
IBM Social Business Toolkit
IBM Social Business ToolkitIBM Social Business Toolkit
IBM Social Business Toolkit
 
Drupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsDrupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systems
 
Microservices and Serverless for Mega Startups - DevOps IL Meetup
Microservices and Serverless for Mega Startups - DevOps IL MeetupMicroservices and Serverless for Mega Startups - DevOps IL Meetup
Microservices and Serverless for Mega Startups - DevOps IL Meetup
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
 
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the EnterpriseAdobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
 
Microsoft Azure Kimlik Yönetimi
Microsoft Azure Kimlik YönetimiMicrosoft Azure Kimlik Yönetimi
Microsoft Azure Kimlik Yönetimi
 

More from Ambientia

Itms atlassian way-final-2017-10
Itms atlassian way-final-2017-10Itms atlassian way-final-2017-10
Itms atlassian way-final-2017-10Ambientia
 
Dev ops atlassianway-final-2017-10
Dev ops atlassianway-final-2017-10Dev ops atlassianway-final-2017-10
Dev ops atlassianway-final-2017-10Ambientia
 
Insight Asset Management for JIRA Service Desk
Insight Asset Management for JIRA Service DeskInsight Asset Management for JIRA Service Desk
Insight Asset Management for JIRA Service DeskAmbientia
 
APIen hallinnalla uutta liiketoimintaa
APIen hallinnalla uutta liiketoimintaaAPIen hallinnalla uutta liiketoimintaa
APIen hallinnalla uutta liiketoimintaaAmbientia
 
Miten API management toimii
Miten API management toimiiMiten API management toimii
Miten API management toimiiAmbientia
 
Tunnistamalla asiakaspolut tehostat asiakaspalvelusi toimintaa
Tunnistamalla asiakaspolut tehostat asiakaspalvelusi toimintaaTunnistamalla asiakaspolut tehostat asiakaspalvelusi toimintaa
Tunnistamalla asiakaspolut tehostat asiakaspalvelusi toimintaaAmbientia
 
OpenShift-webinaari 31.1. / Ambientian esitykset
OpenShift-webinaari 31.1. / Ambientian esityksetOpenShift-webinaari 31.1. / Ambientian esitykset
OpenShift-webinaari 31.1. / Ambientian esityksetAmbientia
 
ITSM & JIRA Service Desk
ITSM & JIRA Service DeskITSM & JIRA Service Desk
ITSM & JIRA Service DeskAmbientia
 
Ambientia Service Design -työpaja SYTYKE
Ambientia Service Design -työpaja SYTYKEAmbientia Service Design -työpaja SYTYKE
Ambientia Service Design -työpaja SYTYKEAmbientia
 
Liferayn rooli Valtorin palveluvalikoimassa
Liferayn rooli Valtorin palveluvalikoimassaLiferayn rooli Valtorin palveluvalikoimassa
Liferayn rooli Valtorin palveluvalikoimassaAmbientia
 
Digitaalinen asiakaskokemus ja palvelumuotoilu
Digitaalinen asiakaskokemus ja palvelumuotoiluDigitaalinen asiakaskokemus ja palvelumuotoilu
Digitaalinen asiakaskokemus ja palvelumuotoiluAmbientia
 
Liferay Audience Targeting
Liferay Audience TargetingLiferay Audience Targeting
Liferay Audience TargetingAmbientia
 
Case Procountor: Zephyr test tool deployment
Case Procountor: Zephyr test tool deploymentCase Procountor: Zephyr test tool deployment
Case Procountor: Zephyr test tool deploymentAmbientia
 
JIRA Portfolio
JIRA PortfolioJIRA Portfolio
JIRA PortfolioAmbientia
 
Case Containerships JIRA Service Desk
Case Containerships JIRA Service DeskCase Containerships JIRA Service Desk
Case Containerships JIRA Service DeskAmbientia
 
Liferay Road Show Sosiaali- ja terveysministeriö
Liferay Road Show Sosiaali- ja terveysministeriöLiferay Road Show Sosiaali- ja terveysministeriö
Liferay Road Show Sosiaali- ja terveysministeriöAmbientia
 
Liferay Road Show Responsiivinen suunnittelu
Liferay Road Show Responsiivinen suunnitteluLiferay Road Show Responsiivinen suunnittelu
Liferay Road Show Responsiivinen suunnitteluAmbientia
 
Liferay Road Show Linnunmaa LEX
Liferay Road Show Linnunmaa LEX Liferay Road Show Linnunmaa LEX
Liferay Road Show Linnunmaa LEXAmbientia
 
Liferay Road Show Rolf van der Steen
Liferay Road Show Rolf van der SteenLiferay Road Show Rolf van der Steen
Liferay Road Show Rolf van der SteenAmbientia
 

More from Ambientia (20)

Itms atlassian way-final-2017-10
Itms atlassian way-final-2017-10Itms atlassian way-final-2017-10
Itms atlassian way-final-2017-10
 
Dev ops atlassianway-final-2017-10
Dev ops atlassianway-final-2017-10Dev ops atlassianway-final-2017-10
Dev ops atlassianway-final-2017-10
 
Insight Asset Management for JIRA Service Desk
Insight Asset Management for JIRA Service DeskInsight Asset Management for JIRA Service Desk
Insight Asset Management for JIRA Service Desk
 
APIen hallinnalla uutta liiketoimintaa
APIen hallinnalla uutta liiketoimintaaAPIen hallinnalla uutta liiketoimintaa
APIen hallinnalla uutta liiketoimintaa
 
Miten API management toimii
Miten API management toimiiMiten API management toimii
Miten API management toimii
 
Tunnistamalla asiakaspolut tehostat asiakaspalvelusi toimintaa
Tunnistamalla asiakaspolut tehostat asiakaspalvelusi toimintaaTunnistamalla asiakaspolut tehostat asiakaspalvelusi toimintaa
Tunnistamalla asiakaspolut tehostat asiakaspalvelusi toimintaa
 
OpenShift-webinaari 31.1. / Ambientian esitykset
OpenShift-webinaari 31.1. / Ambientian esityksetOpenShift-webinaari 31.1. / Ambientian esitykset
OpenShift-webinaari 31.1. / Ambientian esitykset
 
ITSM & JIRA Service Desk
ITSM & JIRA Service DeskITSM & JIRA Service Desk
ITSM & JIRA Service Desk
 
Ambientia Service Design -työpaja SYTYKE
Ambientia Service Design -työpaja SYTYKEAmbientia Service Design -työpaja SYTYKE
Ambientia Service Design -työpaja SYTYKE
 
Liferayn rooli Valtorin palveluvalikoimassa
Liferayn rooli Valtorin palveluvalikoimassaLiferayn rooli Valtorin palveluvalikoimassa
Liferayn rooli Valtorin palveluvalikoimassa
 
Digitaalinen asiakaskokemus ja palvelumuotoilu
Digitaalinen asiakaskokemus ja palvelumuotoiluDigitaalinen asiakaskokemus ja palvelumuotoilu
Digitaalinen asiakaskokemus ja palvelumuotoilu
 
Liferay Audience Targeting
Liferay Audience TargetingLiferay Audience Targeting
Liferay Audience Targeting
 
Case Procountor: Zephyr test tool deployment
Case Procountor: Zephyr test tool deploymentCase Procountor: Zephyr test tool deployment
Case Procountor: Zephyr test tool deployment
 
JIRA Portfolio
JIRA PortfolioJIRA Portfolio
JIRA Portfolio
 
Case Containerships JIRA Service Desk
Case Containerships JIRA Service DeskCase Containerships JIRA Service Desk
Case Containerships JIRA Service Desk
 
Jira 7
Jira 7Jira 7
Jira 7
 
Liferay Road Show Sosiaali- ja terveysministeriö
Liferay Road Show Sosiaali- ja terveysministeriöLiferay Road Show Sosiaali- ja terveysministeriö
Liferay Road Show Sosiaali- ja terveysministeriö
 
Liferay Road Show Responsiivinen suunnittelu
Liferay Road Show Responsiivinen suunnitteluLiferay Road Show Responsiivinen suunnittelu
Liferay Road Show Responsiivinen suunnittelu
 
Liferay Road Show Linnunmaa LEX
Liferay Road Show Linnunmaa LEX Liferay Road Show Linnunmaa LEX
Liferay Road Show Linnunmaa LEX
 
Liferay Road Show Rolf van der Steen
Liferay Road Show Rolf van der SteenLiferay Road Show Rolf van der Steen
Liferay Road Show Rolf van der Steen
 

Recently uploaded

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Authentication and beyond, Atlassian aplications

  • 1. Authentication and beyond, Atlassian applications JIRA and Confluence Nordic Conference 2014 Jussi Haaja Senior Systems Specialist Twitter @jussihaaja
  • 2. Today’s topics • Main focus on Confluence and JIRA • Basic authentication options • Active Directory –integration • Using Atlassian Crowd • Implementing Single Sign On • Atlassian Crowd • Utilizing operating system tools • Using application plugins • Choosing a SSO implementation strategy • Some real world examples • Other applications (Stash, Bamboo, FishEye)
  • 3. Me • Senior Systems Specialist • In Ambientia from 2010 onwards • Part of Ambientia’s Data Centre Services team • Concept Owner of Ambientia Cloud • JIRA and Confluence SaaS service • Lots of experience integrating different SSO systems to Atlassian applications • Kerberos and NTLM • Active Directory Federation Services • Shibboleth (HAKA) • Twitter @jussihaaja
  • 4. The Basics • The enabling technology • Integrating with Active Directory • Using Atlassian Crowd
  • 5. The Basics: Technological platform • Parts of Atlassian Crowd have been integrated into other Atlassian applications for a few years • Confluence from version 3.5 onwards • JIRA from version 4.1 onwards • The ”embedded Crowd” provides functionality to integrate external user directories • Confluence and JIRA also share the same internal authentication framework, Atlassian Seraph • Seraph can be extended (via custom plugins) to support different authentication methods.
  • 6. The Basics: Active Directory • The basic Active Directory integration: • Configurable from the admin interface • No editing of files necessary! • Synchronizes users and groups from AD • AD groups can be used to manage access rights (eg. Confluence spaces, JIRA projects) • Or you can use groups local to the application (but do not mix and match!) • Authentication events happen against the AD server (no password data stored in the application) • Note: Active Directory integration by itself does not provide SSO • Note: applies also to JIRA and Stash Confluence server Active Directory server LDAP or LDAPS
  • 7. The Basics: Atlassian Crowd • Conceptually similar to a plain AD integration • Users can reside either in: • A Crowd Internal directory (in Crowd’s database) • In a external user directory Crowd acts as a proxy for (e.g. AD) • Configurable from applications’ admin interface • Of course, Crowd needs to be installed and configured separately.. Confluence server Atlassian Crowd Crowd (HTTP) Active Directory LDAP or LDAPS JIRA server
  • 8. The Basics: Atlassian Crowd continued • JIRA can be used as a low end Crowd substitute • User accounts for Confluence, Stash, Bamboo and FishEye can be managed in JIRA without a separate Crowd-installation • This provides only centralized user account management, Single Sign On is not possible Confluence server Atlassian JIRA Crowd (HTTP) Active Directory LDAP or LDAPS Stash server
  • 9. Should I use Crowd, then? • Pros for using Crowd: • Drastically simplifies configuration in applications (complexity moved to Crowd) • Especially when multiple external directories need to be configured per application • Possibility to implement a Crowd based single-sign on (more on this later) • Crowd can be used to manage authentication for other Web applications as well (via Crowd’s API and CrowdID, an OpenID server implementation) • Cons for using Crowd: • Requires a Crowd installation, license and so on • Somewhat restricts types of SSO that can be done
  • 10. Where Crowd really shines Crowd SSO domain Confluence server Atlassian Crowd Crowd (HTTP) Active Directory #2 LDAP or LDAPS JIRA server Active Directory #1 Biz app server - Easily create an SSO domain where logging in to a single application logs you into all Crowd-enabled applications at once - Easily federate multiple external user directories to a single logon domain
  • 11. Single Sign-On • The basic principles • Using Atlassian Crowd • Using operating system’s components • Using authentication plugins • Deciding on a SSO implementation strategy
  • 12. Single Sign-On basics • Atlassian Seraph (the authentication framework used by Confluence and JIRA, remember?) allows extension of the authentication framework by implementing new authenticators which replace the out-of-the-box method of authenticating the user (user and password supplied by HTTP POST) by some other means • Usually this means either: • Relying on an external authentication source to authenticate the user • For example, Apache mod_auth –modules or similar • Implementing the complete authentication chain within the authenticator plugin
  • 13. Single Sign-On basics continues • Most SSO implementations do not substitute a user directory integration • This means that you need by some means provide/import/create the user accounts to the application • Usually this is done by integrating the applications to either directly to Active Directory or via Atlassian Crowd • Or you can create the user accounts directly in the application • The SSO only performs the authentication • In most cases the user accounts have to be managed separately
  • 14. Atlassian Crowd based SSO • Crowd based SSO is a Web-based SSO implementation • It relies on a presence of a HTTP cookie called crowd.token_key (although this can be changed) • Confluence and JIRA both come with an compatible authenticator • As previously noted, Crowd based SSO can be fairly easily extended to other (non-Atlassian) applications as well • The main downside is that Crowd based SSO cannot be integrated to workstation login • This means that user needs to log in to one of the applications in the SSO domain using his/her username and password
  • 15. Utilizing operating system’s components • Utilizing operating system’s components for Single Sign On is usually accomplished by authenticating the user’s session on a Web frontend server (Apache httpd, IIS) or on the Web container level (Tomcat) and then passing the name of the authenticated user via HttpServletRequest object’s getRemoteUser method • This method can be used with (for example): • Kerberos-based Single Sign On (using Apache httpd and mod_auth_kerb) that is tied to Windows domain login • Shibboleth-based Single Sign On (using Apache httpd and mod_shib) with either Active Directory Federation Services or other SAML 2.0 –compatible identity provider • These approaches require use of a custom authenticator that can utilize the information passed from the frontend Web server • e.g. the Confluence HTTP authenticator
  • 16. Using application specific plugins • There are also application level plugins (custom authenticators) that perform the complete authentication chain by themselves • Made by AppFusions and resolution among others • These authenticators function independently, without help from operating system’s components
  • 17. Deciding on a SSO strategy • Most application level plugins (the ones that implement the complete authentication chain) are commercial and thus incur the cost of a license (up to thousands of dollars) • Despite the costs, if you are not familiar (or do not have access to people with knowledge of) with your operating system’s authentication facilities or otherwise lack access to them, these plugins are a good option. • Using application plugins also make the application more self- contained and easier to relocate.
  • 18. Deciding on a SSO strategy continued • On the flipside, you can get going without additional license costs when utilizing operating system’s facilities to implement the actual authentication event and just pass the results to the application server • For instance, the Confluence HTTP Authenticator is a freely available authenticator without any licensing fees and can be used with a solution like this • Utilizing operating sytem’s components also makes the code for the custom authenticator (if you cannot use a readily available one) a lot less complex since it only has to worry about being able to read a preauthenticated user name from the HTTP request object. • Using your operating system’s components as parts of the application’s authentication chain make the application more dependent on the underlying operating system. • This may or may not be an issue. It all depends on your environment.
  • 19. A couple of real world examples • Kerberos • Active Directory Federation Services
  • 20. Real world examples: Kerberos Kerberos-based authentication is a ”workstation” SSO, which means that an user logged in to a Windows domain is automatically logged in to the SSO-enabled application (Confluence in this example) For the Kerberos based SSO to work, a user account needs to be created in the Active Directory for the Confluence server with proper Service Principal Name mappings in place. The server running httpd also needs to be able to communicate with the Kerberos KDC (usually a domain controller in a Windows domain) mod_auth_kerb also needs a working ”keytab file” to authenticate against Kerberos without supplying a username and password. Note: thesecomponents can reside within a single server Confluence serverService user Authenticated to Windows domain as username HTTP Active Directory Kerberos KDC Web server Apache httpd mod_auth_kerb Kerberos traffic AJP (Apache JServ) REMOTE_USER = username
  • 21. Real world examples: Active Directory Federation Services Note: thesecomponents can reside within a single server Confluence serverService user Authenticated to Windows domain as username HTTP Web server Apache httpd mod_shib AJP (Apache JServ) REMOTE_USER = username Active Directory Shibboleth service provider shibd ADFS Federation Server (with Active Directory backend) • ADFS-based Single Sign-On utilizes the Active Directory Federation Services SAML 2.0 endpoints to authenticate users • The Confluence server runs a Shibboleth service provider which is configured as a Relying Party to ADFS • Authenticated user is presented to Confluence via REMOTE_USER header • This is conceptually similar to the previous Kerberos example, although trickier to configure • Usually used in environments where policies prohibit application server connections to domain controllers
  • 22. Quick look on other applications • Stash • Bamboo • FishEye
  • 23. Other applications: Stash • Unfortunately, Stash does not use Atlassian Seraph as it’s authentication framework • It uses Spring Security instead • Crowd-based SSO is supported out of the box • There is a experimental plugin by Michael Heemskerk (from Atlassian) available in BitBucket which provides a similar authentication mechanism as described in previous examples • ie. one that relies on presence of REMOTE_USER in the HttpServletRequest
  • 24. Other applications: Bamboo • Bamboo uses Atlassian Seraph and as such it would be possible to implement an authenticator similar to ones that are available for Confluence and JIRA to implement SSO • For whatever reason, even very recent versions of Bamboo do not have the embedded Crowd –functionality present in most of other Atlassian’s applications • Instead, Bamboo still relies on older, so called ”atlassian-user” way of configuring the user directories • The name comes from the configuration file called ”atlassian-user.xml” in which the configuration is stored
  • 25. Other applications: FishEye • FishEye uses a yet another authentication framework • However, the authentication framework allows extensions and the default authenticator can be replaced by a custom one • Of course, Crowd-based SSO is supported out-of-the-box
  • 26. Other applications: summary • Stash does have an experimental plug-in to utilize operating system’s components to perform authentication • It still needs more field testing to see if it is a viable solution or not in the long run • Bamboo’s authentication framework is built on Atlassian Seraph but unfortunately there are no freely available custom authenticators • FishEye has its own authentication framework, for which freely available custom authenticators do not exist
  • 28. If you have a lot of Atlassian applications deployed • Atlassian Crowd is supported by all Atlassian applications out-of- the-box • Although some configuration is required • Crowd-based SSO can be extended to other than Atlassian applications by use of either • CrowdID (an OpenID server bundled with Crowd) • Apache httpd module mod_authnz_crowd • Custom code for your application • Atlassian applications use multiple authentication frameworks, which would need separate plugins developed for each application to handle a single SSO solution
  • 29. If you have an existing Single Sign On solution • If you have an existing, organisation wide SSO-solution deployed, it might be worthwhile to bite the bullet and make Atlassian applications to utilize that solution • If you can get away with it, my recommendation is to utilize operating system’s components to handle most of the authentication related tasks • Keep the applications’ custom authenticator dead simple • Many SSO-solutions offer e.g. Apache httpd modules that can be used to handle the authentication • I’ll admit there are cases where this is not feasible. Then you have to either develop the authenticators in-house or source them elsewhere.
  • 30. If you are using only JIRA and/or Confluence and no existing SSO-solution exists • As the amount of applications if fairly low, it probably makes sense to go for separate SSO implementations for both applications • e.g. Kerberos-based workstation SSO • Again, keep the custom authenticators simple (or use publicly available ones) and utilize operating system’s components, if at all possible • As usual, using Crowd is also a great option