Maciej Pasternacki, profile picture
Uploaded byMaciej Pasternacki
KEY, PDF7,656 views

Odin Authenticator

The document describes the Odin Authenticator, a cookie-based single sign-on system for Apache, aimed at simplifying authentication across multiple web applications. It outlines the shortcomings of existing solutions like HTTP auth, LDAP, and OpenID, and presents Odin as a more user-friendly and efficient alternative. The author provides setup instructions, configuration details, and future enhancements for the system.

Embed presentation

Download to read offline
Odin Authenticator A cookie-based single sign-on system for Apache
Act I The Sad Situation
You are in a maze of twisty little webapps, all alike. • Munin • Rundeck • Icinga • Logstash • Resque-Web • Graphite • Jenkins • … Multiple servers, same users
How to authenticate? • HTTP auth? – Awful UX & UI. Syncing passwords is tricky. • LDAP? – No. Just no. • OpenID? – Dependency on a new third party, frequent callbacks, slow, inconvenient. • FreeIPA? – Overkill.
GodAuth • https://github.com/exflickr/GodAuth • A mod_perl module shared by Flickr • Shared cookie, HMAC-signed with a shared secret • Clunky, manual installation & setup • Badly needed a rewrite
Act II Light in the tunnel
Odin Authenticator The badly needed rewrite of GodAuth http://ginzamarkets.github.com/odin_authenticator/
General setup • Individual services under single domain (something.i.yourdomain.com) • Domain root (i.yourdomain.com) serves the authenticator, which sets the cookie
OdinAuth • ginzamarkets/Apache2-Authen-OdinAuth on GitHub • Apache2::Authen::OdinAuth on CPAN • Apache 2 mod_perl handler • Sane(r) config in YAML • Automated installation
OdinAuth 1. cpan install Apache2::Authen::OdinAuth 2. PerlSetVar odinauth_config /path/to/odin_auth.yml 3. PerlFixupHandler Apache2::Authen::OdinAuth 4. Copy and edit odin_auth.yml config file
Odin Authorizer App • ginzamarkets/App-OdinAuthorizer on GitHub • Perl Dancer webapp that calls out to Google Apps for Domains to authenticate and sets the signed cookie if successful • Simple & basic – no user roles, single configured valid domain
Odin Authorizer App 1. hub clone ginzamarkets/App-OdinAuthorizer 2. perl Build.pl ./Build installdeps 3. ./bin/app.pl Use Apache, mod_perl, and http://plackperl.org/ for real deployment
DEMO TIME
Act III The Bright Future
• Move Apache handler config into httpd.conf • Make authorizer webapp more flexible • Different sources of identity • Multi-factor authentication • RBAC • More eyeballs on the crypto stuff
Have fun! http://ginzamarkets.github.com/odin_authenticator/

More Related Content

PDF
How Ansible Makes Automation Easy
byPeter Sankauskas
 
PDF
Taking Spinnaker for a spin @ London DevOps Meetup 36
byaleonhardt
 
PPTX
Server deployment
bybsadd
 
PPTX
Sexy, Powerful, Exciting
byRobert Senktas
 
PPTX
Use case 1 - for Sitecore Automation Module
byRobert Senktas
 
PPTX
Hashicorp Products Overview
byUchit Vyas ☁
 
PPTX
Monitor-Driven Development Using Ansible
byItamar Hassin
 
PPTX
Hashicorp-Terraform_Packer_Vault-by Sushil
bySushil Kumar
 
How Ansible Makes Automation Easy
byPeter Sankauskas
 
Taking Spinnaker for a spin @ London DevOps Meetup 36
byaleonhardt
 
Server deployment
bybsadd
 
Sexy, Powerful, Exciting
byRobert Senktas
 
Use case 1 - for Sitecore Automation Module
byRobert Senktas
 
Hashicorp Products Overview
byUchit Vyas ☁
 
Monitor-Driven Development Using Ansible
byItamar Hassin
 
Hashicorp-Terraform_Packer_Vault-by Sushil
bySushil Kumar
 

What's hot

PDF
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
byRick G. Garibay
 
PPTX
Package Management on Windows with Chocolatey
byPuppet
 
PDF
Ansible Case Studies
byGreg DeKoenigsberg
 
ZIP
Rubyで簡単にremote access apiを実行する
byMaki Toshio
 
PPT
Drupal and Elasticsearch
byNikolay Ignatov
 
PDF
Ansible Introduction
byRobert Reiz
 
PDF
Ansible
byRahul Bajaj
 
PDF
Continuous Updating with VersionEye at code.talks 2014
byRobert Reiz
 
PDF
Testing Ansible with Jenkins and Docker
byDennis Rowe
 
PPTX
Infrastructure Automation with Chef & Ansible
bywajrcs
 
PDF
Delivery Pipeline for Windows Machines
byDmitry Buzdin
 
PDF
My Top 5 Favorite Gems
byJimmy Ngu
 
PDF
Ansible introduction - XX Betabeers Galicia
byJuan Diego Pereiro Arean
 
PPTX
London Community Summit - Habitat 2016
bySarah Richards
 
PDF
Gigigo Workshop - Create an iOS Framework, document it and not die trying
byAlex Rupérez
 
PDF
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
byrmcleay
 
PDF
Vagrant For DevOps
byLalatendu Mohanty
 
PPTX
Getting started with automation using ansible
byKelvin Charles
 
PDF
CocoaPods Basic Usage
byRyan Wang
 
PPTX
How HashiCorp platform tools can make the difference in development and deplo...
byDmytro Mykhailov
 
Visual Studio 2013, Xamarin and Microsoft Azure Mobile Services: A Match Made...
byRick G. Garibay
 
Package Management on Windows with Chocolatey
byPuppet
 
Ansible Case Studies
byGreg DeKoenigsberg
 
Rubyで簡単にremote access apiを実行する
byMaki Toshio
 
Drupal and Elasticsearch
byNikolay Ignatov
 
Ansible Introduction
byRobert Reiz
 
Ansible
byRahul Bajaj
 
Continuous Updating with VersionEye at code.talks 2014
byRobert Reiz
 
Testing Ansible with Jenkins and Docker
byDennis Rowe
 
Infrastructure Automation with Chef & Ansible
bywajrcs
 
Delivery Pipeline for Windows Machines
byDmitry Buzdin
 
My Top 5 Favorite Gems
byJimmy Ngu
 
Ansible introduction - XX Betabeers Galicia
byJuan Diego Pereiro Arean
 
London Community Summit - Habitat 2016
bySarah Richards
 
Gigigo Workshop - Create an iOS Framework, document it and not die trying
byAlex Rupérez
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
byrmcleay
 
Vagrant For DevOps
byLalatendu Mohanty
 
Getting started with automation using ansible
byKelvin Charles
 
CocoaPods Basic Usage
byRyan Wang
 
How HashiCorp platform tools can make the difference in development and deplo...
byDmytro Mykhailov
 

Similar to Odin Authenticator

PPTX
Gluu oscon submission
byGluu
 
PDF
Open ID Explained
byKarthik Ethirajan
 
PDF
OpenID Connect "101" Introduction -- October 23, 2018
byOpenIDFoundation
 
PDF
OpenID Tutorials
byNao Haida
 
PPTX
Creating a Sign On with Open id connect
byDerek Binkley
 
PDF
OAuth with OAuth.io : solving the OAuth Fragmentation for Identity Management...
byMehdi Medjaoui
 
PPTX
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
byOpenIDFoundation
 
PPTX
Lecture 20101124
byAnderson Liang
 
PDF
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
byMikeLeszcz
 
PDF
OSMC 2024 | IcingaWeb2 Modules 2.0 – OpenID Connect – Enrollment – Selenium b...
byNETWAYS
 
PDF
How to 2FA-enable Open Source Applications
byAll Things Open
 
PDF
JDD2015: Security in the era of modern applications and services - Bolesław D...
byPROIDEA
 
KEY
OpenID - An in depth look at what it is, and how you can use it
byBill Shupp
 
Gluu oscon submission
byGluu
 
Open ID Explained
byKarthik Ethirajan
 
OpenID Connect "101" Introduction -- October 23, 2018
byOpenIDFoundation
 
OpenID Tutorials
byNao Haida
 
Creating a Sign On with Open id connect
byDerek Binkley
 
OAuth with OAuth.io : solving the OAuth Fragmentation for Identity Management...
byMehdi Medjaoui
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
byOpenIDFoundation
 
Lecture 20101124
byAnderson Liang
 
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
byMikeLeszcz
 
OSMC 2024 | IcingaWeb2 Modules 2.0 – OpenID Connect – Enrollment – Selenium b...
byNETWAYS
 
How to 2FA-enable Open Source Applications
byAll Things Open
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
byPROIDEA
 
OpenID - An in depth look at what it is, and how you can use it
byBill Shupp
 

More from Maciej Pasternacki

PDF
A Continuous Packaging Pipeline
byMaciej Pasternacki
 
KEY
Why do we fail? (And how do we stop doing that?
byMaciej Pasternacki
 
KEY
Monitoringsucks
byMaciej Pasternacki
 
KEY
Test-driven development: a case study
byMaciej Pasternacki
 
KEY
Amazon Web Services (cloud: is it good for anything?)
byMaciej Pasternacki
 
PDF
Devops lightning talk
byMaciej Pasternacki
 
A Continuous Packaging Pipeline
byMaciej Pasternacki
 
Why do we fail? (And how do we stop doing that?
byMaciej Pasternacki
 
Monitoringsucks
byMaciej Pasternacki
 
Test-driven development: a case study
byMaciej Pasternacki
 
Amazon Web Services (cloud: is it good for anything?)
byMaciej Pasternacki
 
Devops lightning talk
byMaciej Pasternacki
 

Recently uploaded

PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
PDF
AI in the Real World: From University to Industry
byDarvan Shvan
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
AI Vector Search Best Practices Multicloud Feb 2026
bySandesh Rao
 
PDF
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PPTX
Exploring-AI-Basics in Artificial Intelligence
bysharmilas219546
 
PPTX
Real-Time KPI Dashboard Playbook: What to Track Live and What Not To
byvictorworkvebo
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
final.pdf
byomarbishtawi04
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
AI in the Real World: From University to Industry
byDarvan Shvan
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Workflow and decision Automation with Flowable
bychakib ch
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
AI Vector Search Best Practices Multicloud Feb 2026
bySandesh Rao
 
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Exploring-AI-Basics in Artificial Intelligence
bysharmilas219546
 
Real-Time KPI Dashboard Playbook: What to Track Live and What Not To
byvictorworkvebo
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
final.pdf
byomarbishtawi04
 

Odin Authenticator

  • 2.
    Odin Authenticator A cookie-basedsingle sign-on system for Apache
  • 3.
    Act I The SadSituation
  • 4.
    You are ina maze of twisty little webapps, all alike. • Munin • Rundeck • Icinga • Logstash • Resque-Web • Graphite • Jenkins • … Multiple servers, same users
  • 5.
    How to authenticate? •HTTP auth? – Awful UX & UI. Syncing passwords is tricky. • LDAP? – No. Just no. • OpenID? – Dependency on a new third party, frequent callbacks, slow, inconvenient. • FreeIPA? – Overkill.
  • 6.
    GodAuth • https://github.com/exflickr/GodAuth • Amod_perl module shared by Flickr • Shared cookie, HMAC-signed with a shared secret • Clunky, manual installation & setup • Badly needed a rewrite
  • 7.
    Act II Light inthe tunnel
  • 8.
    Odin Authenticator The badly needed rewrite of GodAuth http://ginzamarkets.github.com/odin_authenticator/
  • 9.
    General setup • Individualservices under single domain (something.i.yourdomain.com) • Domain root (i.yourdomain.com) serves the authenticator, which sets the cookie
  • 10.
    OdinAuth • ginzamarkets/Apache2-Authen-OdinAuth on GitHub • Apache2::Authen::OdinAuth on CPAN • Apache 2 mod_perl handler • Sane(r) config in YAML • Automated installation
  • 11.
    OdinAuth 1. cpan installApache2::Authen::OdinAuth 2. PerlSetVar odinauth_config /path/to/odin_auth.yml 3. PerlFixupHandler Apache2::Authen::OdinAuth 4. Copy and edit odin_auth.yml config file
  • 12.
    Odin Authorizer App •ginzamarkets/App-OdinAuthorizer on GitHub • Perl Dancer webapp that calls out to Google Apps for Domains to authenticate and sets the signed cookie if successful • Simple & basic – no user roles, single configured valid domain
  • 13.
    Odin Authorizer App 1. hub clone ginzamarkets/App-OdinAuthorizer 2. perl Build.pl ./Build installdeps 3. ./bin/app.pl Use Apache, mod_perl, and http://plackperl.org/ for real deployment
  • 14.
  • 15.
  • 16.
    • Move Apachehandler config into httpd.conf • Make authorizer webapp more flexible • Different sources of identity • Multi-factor authentication • RBAC • More eyeballs on the crypto stuff
  • 17.

Editor's Notes