SlideShare a Scribd company logo

Single Sign-On with Plone and Active Directory

Matt Hamilton
Matt Hamilton

This document discusses single sign-on authentication for Plone using Kerberos or Windows authentication. It describes how the netsight.windowsauthplugin allows Plone to authenticate users against Microsoft Active Directory without requiring separate username and password. The plugin uses Windows' SSPI API on Windows and MIT Kerberos libraries on other platforms. It then provides an example use case where it allowed users from two separate Active Directory domains to access a single Plone site without reauthenticating.

1 of 18
Download to read offline
Plone and Single-Sign On Active Directory and the Holy Grail Matt Hamilton
Who am I? • Working with Plone/Zope since 1999 • Director at Netsight in the UK • Worked on a number of projects doing authentication over the years Plone Open Garden 2013
What are we trying to do? • Allow uses to be automatically logged in to a website without having to type in their username/password Plone Open Garden 2013
Kerberos • Developed by MIT many many years ago • Used in Unix.... but also used on Windows, OSX, Linux • Based on authentication ‘tickets’ Plone Open Garden 2013
Other approaches • Apache in front of Plone - mod_kerberos - mod_ntlm - mod_authtkt / mod_pubcookie • Plone on IIS - Enfold proxy - IISAPI Plone Open Garden 2013
Why do it in Plone? • Ultimate control over if/when to require authentication from a user • Fallback to other authentication methods • Mix of user sources Plone Open Garden 2013
netsight.windowsauthplugin • Runs on either Windows or Unix/Linux/ OSX • Windows: Uses Windows’ internal SSPI API • Unix: Uses MIT Kerberos libraries Plone Open Garden 2013
[buildout] ... eggs = ... netsight.windowsauthplugin Plone Open Garden 2013
Recent Use-case • Two departments of National Health Service are merging • ...but their IT systems are still separate • Two different Active Directory domains: CFH and IC Plone Open Garden 2013
Recent Use-case • Half the users in one domain, half in the other • Both need to be automatically authenticated to a single, common intranet • Need to allow fallback to manual username/password Plone Open Garden 2013
Plone Open Garden 2013
How does Kerberos work? Plone Open Garden 2013
How does Kerberos work? Plone Open Garden 2013
How does Kerberos work? Plone Open Garden 2013
Demo Plone Open Garden 2013
Complex Setups Plone Open Garden 2013
Member Properties • Get data from Active Directory via LDAP • Use plone.app.ldap • Can use OpenLDAP as a proxy server - Increased reliability - Combine multiple LDAP/AD servers - Caching Plone Open Garden 2013
Questions? • Matt Hamilton • matth@netsight.co.uk • @hammertoe • https://github.com/netsight/ netsight.windowsauthplugin Plone Open Garden 2013

Recommended

Lipstick on a Pig - European Plone Symposium 2009
Lipstick on a Pig - European Plone Symposium 2009Lipstick on a Pig - European Plone Symposium 2009
Lipstick on a Pig - European Plone Symposium 2009Matt Hamilton
 
Open Source, The Natural Fit for Content Management in the Enterprise
Open Source, The Natural Fit for Content Management in the EnterpriseOpen Source, The Natural Fit for Content Management in the Enterprise
Open Source, The Natural Fit for Content Management in the EnterpriseMatt Hamilton
 
Plone and Sharepoint
Plone and SharepointPlone and Sharepoint
Plone and SharepointMatt Hamilton
 
ASP.NET - Introduction to Web Forms and MVC
ASP.NET - Introduction to Web Forms and MVCASP.NET - Introduction to Web Forms and MVC
ASP.NET - Introduction to Web Forms and MVCBilal Amjad
 
Automatic documentation with mule
Automatic documentation with muleAutomatic documentation with mule
Automatic documentation with muleF K
 
Contentful with Netgen Layouts workshop
Contentful with Netgen Layouts workshopContentful with Netgen Layouts workshop
Contentful with Netgen Layouts workshopIvo Lukac
 
Create folder in microsoft office 365 share point using mule esb
Create folder in microsoft office 365 share point using mule esbCreate folder in microsoft office 365 share point using mule esb
Create folder in microsoft office 365 share point using mule esbSanjeet Pandey
 
Merging two big Symfony based applications - PHPCE 2017
Merging two big Symfony based applications - PHPCE 2017Merging two big Symfony based applications - PHPCE 2017
Merging two big Symfony based applications - PHPCE 2017Ivo Lukac
 

Recommended

Lipstick on a Pig - European Plone Symposium 2009
Lipstick on a Pig - European Plone Symposium 2009Lipstick on a Pig - European Plone Symposium 2009
Lipstick on a Pig - European Plone Symposium 2009Matt Hamilton
 
Open Source, The Natural Fit for Content Management in the Enterprise
Open Source, The Natural Fit for Content Management in the EnterpriseOpen Source, The Natural Fit for Content Management in the Enterprise
Open Source, The Natural Fit for Content Management in the EnterpriseMatt Hamilton
 
Plone and Sharepoint
Plone and SharepointPlone and Sharepoint
Plone and SharepointMatt Hamilton
 
ASP.NET - Introduction to Web Forms and MVC
ASP.NET - Introduction to Web Forms and MVCASP.NET - Introduction to Web Forms and MVC
ASP.NET - Introduction to Web Forms and MVCBilal Amjad
 
Automatic documentation with mule
Automatic documentation with muleAutomatic documentation with mule
Automatic documentation with muleF K
 
Contentful with Netgen Layouts workshop
Contentful with Netgen Layouts workshopContentful with Netgen Layouts workshop
Contentful with Netgen Layouts workshopIvo Lukac
 
Create folder in microsoft office 365 share point using mule esb
Create folder in microsoft office 365 share point using mule esbCreate folder in microsoft office 365 share point using mule esb
Create folder in microsoft office 365 share point using mule esbSanjeet Pandey
 
Merging two big Symfony based applications - PHPCE 2017
Merging two big Symfony based applications - PHPCE 2017Merging two big Symfony based applications - PHPCE 2017
Merging two big Symfony based applications - PHPCE 2017Ivo Lukac
 
BeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruBeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruMichele Orru
 
Enjoying the Move from WCF to the Web API
Enjoying the Move from WCF to the Web APIEnjoying the Move from WCF to the Web API
Enjoying the Move from WCF to the Web APIKevin Hazzard
 
ASP.NET Tutorial - Presentation 1
ASP.NET Tutorial - Presentation 1ASP.NET Tutorial - Presentation 1
ASP.NET Tutorial - Presentation 1Kumar S
 
Mvc 4.0
Mvc 4.0Mvc 4.0
Mvc 4.0Ram Ayyalaraju
 
Web API or WCF - An Architectural Comparison
Web API or WCF - An Architectural ComparisonWeb API or WCF - An Architectural Comparison
Web API or WCF - An Architectural ComparisonAdnan Masood
 
The ASP.NET Web API for Beginners
The ASP.NET Web API for BeginnersThe ASP.NET Web API for Beginners
The ASP.NET Web API for BeginnersKevin Hazzard
 
Introduction to Umbraco
Introduction to UmbracoIntroduction to Umbraco
Introduction to UmbracoRoel
 
Zope and Plone in the DSD
Zope and Plone in the DSDZope and Plone in the DSD
Zope and Plone in the DSDbrighteyes
 
Escaping the yellow bubble - rewriting Domino using MongoDb and Angular
Escaping the yellow bubble - rewriting Domino using MongoDb and AngularEscaping the yellow bubble - rewriting Domino using MongoDb and Angular
Escaping the yellow bubble - rewriting Domino using MongoDb and AngularMark Leusink
 
HTML5 Offline Web Application
HTML5 Offline Web ApplicationHTML5 Offline Web Application
HTML5 Offline Web ApplicationAllan Huang
 
Using html5 to build offline applications
Using html5 to build offline applicationsUsing html5 to build offline applications
Using html5 to build offline applicationsWoody Pewitt
 
Html5 Offline Applications
Html5 Offline Applications Html5 Offline Applications
Html5 Offline Applications Sunny Sharma
 
Basic web application development with Apache Cocoon 2.1
Basic web application development with Apache Cocoon 2.1Basic web application development with Apache Cocoon 2.1
Basic web application development with Apache Cocoon 2.1Jeroen Reijn
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiTiago Knoch
 
Backbonemeetup
BackbonemeetupBackbonemeetup
BackbonemeetupBen McCormick
 
Introduction to PowerShell for SharePoint Admins and Developers
Introduction to PowerShell for SharePoint Admins and DevelopersIntroduction to PowerShell for SharePoint Admins and Developers
Introduction to PowerShell for SharePoint Admins and DevelopersMichael Blumenthal (Microsoft MVP)
 
Internet without internet
Internet without internetInternet without internet
Internet without internetXavier Coureau
 
The future of web development write once, run everywhere with angular js an...
The future of web development write once, run everywhere with angular js an...The future of web development write once, run everywhere with angular js an...
The future of web development write once, run everywhere with angular js an...Mark Leusink
 
OWASP WebGoat and PANTERA Web Assessment Studio Project.
OWASP WebGoat and PANTERA Web Assessment Studio Project.OWASP WebGoat and PANTERA Web Assessment Studio Project.
OWASP WebGoat and PANTERA Web Assessment Studio Project.Philippe Bogaerts
 
Wcf remaining
Wcf remainingWcf remaining
Wcf remainingshamsher ali
 
Supercharge Your Career with Open Source
Supercharge Your Career with Open SourceSupercharge Your Career with Open Source
Supercharge Your Career with Open SourceMatt Hamilton
 
LDAP and Active Directory Authentication in Plone
LDAP and Active Directory Authentication in PloneLDAP and Active Directory Authentication in Plone
LDAP and Active Directory Authentication in PloneClayton Parker
 

More Related Content

What's hot

BeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruBeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruMichele Orru
 
Enjoying the Move from WCF to the Web API
Enjoying the Move from WCF to the Web APIEnjoying the Move from WCF to the Web API
Enjoying the Move from WCF to the Web APIKevin Hazzard
 
ASP.NET Tutorial - Presentation 1
ASP.NET Tutorial - Presentation 1ASP.NET Tutorial - Presentation 1
ASP.NET Tutorial - Presentation 1Kumar S
 
Web API or WCF - An Architectural Comparison
Web API or WCF - An Architectural ComparisonWeb API or WCF - An Architectural Comparison
Web API or WCF - An Architectural ComparisonAdnan Masood
 
The ASP.NET Web API for Beginners
The ASP.NET Web API for BeginnersThe ASP.NET Web API for Beginners
The ASP.NET Web API for BeginnersKevin Hazzard
 
Introduction to Umbraco
Introduction to UmbracoIntroduction to Umbraco
Introduction to UmbracoRoel
 
Zope and Plone in the DSD
Zope and Plone in the DSDZope and Plone in the DSD
Zope and Plone in the DSDbrighteyes
 
Escaping the yellow bubble - rewriting Domino using MongoDb and Angular
Escaping the yellow bubble - rewriting Domino using MongoDb and AngularEscaping the yellow bubble - rewriting Domino using MongoDb and Angular
Escaping the yellow bubble - rewriting Domino using MongoDb and AngularMark Leusink
 
HTML5 Offline Web Application
HTML5 Offline Web ApplicationHTML5 Offline Web Application
HTML5 Offline Web ApplicationAllan Huang
 
Using html5 to build offline applications
Using html5 to build offline applicationsUsing html5 to build offline applications
Using html5 to build offline applicationsWoody Pewitt
 
Html5 Offline Applications
Html5 Offline Applications Html5 Offline Applications
Html5 Offline Applications Sunny Sharma
 
Basic web application development with Apache Cocoon 2.1
Basic web application development with Apache Cocoon 2.1Basic web application development with Apache Cocoon 2.1
Basic web application development with Apache Cocoon 2.1Jeroen Reijn
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiTiago Knoch
 
Introduction to PowerShell for SharePoint Admins and Developers
Introduction to PowerShell for SharePoint Admins and DevelopersIntroduction to PowerShell for SharePoint Admins and Developers
Introduction to PowerShell for SharePoint Admins and DevelopersMichael Blumenthal (Microsoft MVP)
 
Internet without internet
Internet without internetInternet without internet
Internet without internetXavier Coureau
 
The future of web development write once, run everywhere with angular js an...
The future of web development write once, run everywhere with angular js an...The future of web development write once, run everywhere with angular js an...
The future of web development write once, run everywhere with angular js an...Mark Leusink
 
OWASP WebGoat and PANTERA Web Assessment Studio Project.
OWASP WebGoat and PANTERA Web Assessment Studio Project.OWASP WebGoat and PANTERA Web Assessment Studio Project.
OWASP WebGoat and PANTERA Web Assessment Studio Project.Philippe Bogaerts
 

What's hot (20)

BeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruBeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-Orru
 
Enjoying the Move from WCF to the Web API
Enjoying the Move from WCF to the Web APIEnjoying the Move from WCF to the Web API
Enjoying the Move from WCF to the Web API
 
ASP.NET Tutorial - Presentation 1
ASP.NET Tutorial - Presentation 1ASP.NET Tutorial - Presentation 1
ASP.NET Tutorial - Presentation 1
 
Mvc 4.0
Mvc 4.0Mvc 4.0
Mvc 4.0
 
Web API or WCF - An Architectural Comparison
Web API or WCF - An Architectural ComparisonWeb API or WCF - An Architectural Comparison
Web API or WCF - An Architectural Comparison
 
The ASP.NET Web API for Beginners
The ASP.NET Web API for BeginnersThe ASP.NET Web API for Beginners
The ASP.NET Web API for Beginners
 
Introduction to Umbraco
Introduction to UmbracoIntroduction to Umbraco
Introduction to Umbraco
 
Zope and Plone in the DSD
Zope and Plone in the DSDZope and Plone in the DSD
Zope and Plone in the DSD
 
Escaping the yellow bubble - rewriting Domino using MongoDb and Angular
Escaping the yellow bubble - rewriting Domino using MongoDb and AngularEscaping the yellow bubble - rewriting Domino using MongoDb and Angular
Escaping the yellow bubble - rewriting Domino using MongoDb and Angular
 
HTML5 Offline Web Application
HTML5 Offline Web ApplicationHTML5 Offline Web Application
HTML5 Offline Web Application
 
Using html5 to build offline applications
Using html5 to build offline applicationsUsing html5 to build offline applications
Using html5 to build offline applications
 
Html5 Offline Applications
Html5 Offline Applications Html5 Offline Applications
Html5 Offline Applications
 
Basic web application development with Apache Cocoon 2.1
Basic web application development with Apache Cocoon 2.1Basic web application development with Apache Cocoon 2.1
Basic web application development with Apache Cocoon 2.1
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
 
Backbonemeetup
BackbonemeetupBackbonemeetup
Backbonemeetup
 
Introduction to PowerShell for SharePoint Admins and Developers
Introduction to PowerShell for SharePoint Admins and DevelopersIntroduction to PowerShell for SharePoint Admins and Developers
Introduction to PowerShell for SharePoint Admins and Developers
 
Internet without internet
Internet without internetInternet without internet
Internet without internet
 
The future of web development write once, run everywhere with angular js an...
The future of web development write once, run everywhere with angular js an...The future of web development write once, run everywhere with angular js an...
The future of web development write once, run everywhere with angular js an...
 
OWASP WebGoat and PANTERA Web Assessment Studio Project.
OWASP WebGoat and PANTERA Web Assessment Studio Project.OWASP WebGoat and PANTERA Web Assessment Studio Project.
OWASP WebGoat and PANTERA Web Assessment Studio Project.
 
Wcf remaining
Wcf remainingWcf remaining
Wcf remaining
 

Viewers also liked

Supercharge Your Career with Open Source
Supercharge Your Career with Open SourceSupercharge Your Career with Open Source
Supercharge Your Career with Open SourceMatt Hamilton
 
LDAP and Active Directory Authentication in Plone
LDAP and Active Directory Authentication in PloneLDAP and Active Directory Authentication in Plone
LDAP and Active Directory Authentication in PloneClayton Parker
 
How to get started with the Pluggable Authentication System
How to get started with the Pluggable Authentication SystemHow to get started with the Pluggable Authentication System
How to get started with the Pluggable Authentication SystemMatt Hamilton
 
Plone Intranet talk at Plone Open Garden 2014, Sorrento
Plone Intranet talk at Plone Open Garden 2014, SorrentoPlone Intranet talk at Plone Open Garden 2014, Sorrento
Plone Intranet talk at Plone Open Garden 2014, SorrentoMatt Hamilton
 
A Journey Through Open Source
A Journey Through Open SourceA Journey Through Open Source
A Journey Through Open SourceMatt Hamilton
 
Adventures in Wonderland - A Plone Developer's Year in iOS
Adventures in Wonderland - A Plone Developer's Year in iOSAdventures in Wonderland - A Plone Developer's Year in iOS
Adventures in Wonderland - A Plone Developer's Year in iOSMatt Hamilton
 
BathCamp #32 - CMS Smackdown! - Plone
BathCamp #32 - CMS Smackdown! - PloneBathCamp #32 - CMS Smackdown! - Plone
BathCamp #32 - CMS Smackdown! - PloneMatt Hamilton
 
Contextual - Intranet Shoot-out: Plone vs. SharePoint
Contextual - Intranet Shoot-out: Plone vs. SharePointContextual - Intranet Shoot-out: Plone vs. SharePoint
Contextual - Intranet Shoot-out: Plone vs. SharePointKen Wasetis
 
A Small Group of Thoughtful, Committed [plone] People
A Small Group of Thoughtful, Committed [plone] PeopleA Small Group of Thoughtful, Committed [plone] People
A Small Group of Thoughtful, Committed [plone] PeopleElizabeth Leddy
 
Memorial Sloan Kettering: Adventures in Drupal 8
Memorial Sloan Kettering: Adventures in Drupal 8Memorial Sloan Kettering: Adventures in Drupal 8
Memorial Sloan Kettering: Adventures in Drupal 8Phase2
 
An introduction to Zope Page Templates and their use outside of Zope (+Audio)
An introduction to Zope Page Templates and their use outside of Zope (+Audio)An introduction to Zope Page Templates and their use outside of Zope (+Audio)
An introduction to Zope Page Templates and their use outside of Zope (+Audio)Matt Hamilton
 
Plone: Event Driven Programming
Plone: Event Driven ProgrammingPlone: Event Driven Programming
Plone: Event Driven ProgrammingMatt Hamilton
 
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)Matt Hamilton
 
Redhat.com: An Architectural Case Study
Redhat.com: An Architectural Case StudyRedhat.com: An Architectural Case Study
Redhat.com: An Architectural Case StudyPhase2
 
The New Design Workflow
The New Design WorkflowThe New Design Workflow
The New Design WorkflowPhase2
 
dotCSS 2016: Hacking HTML Emails with CSS
dotCSS 2016: Hacking HTML Emails with CSSdotCSS 2016: Hacking HTML Emails with CSS
dotCSS 2016: Hacking HTML Emails with CSSLitmus
 
SAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 OverviewSAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 OverviewSAP Technology
 

Viewers also liked (20)

Supercharge Your Career with Open Source
Supercharge Your Career with Open SourceSupercharge Your Career with Open Source
Supercharge Your Career with Open Source
 
LDAP and Active Directory Authentication in Plone
LDAP and Active Directory Authentication in PloneLDAP and Active Directory Authentication in Plone
LDAP and Active Directory Authentication in Plone
 
How to get started with the Pluggable Authentication System
How to get started with the Pluggable Authentication SystemHow to get started with the Pluggable Authentication System
How to get started with the Pluggable Authentication System
 
Plone Intranet talk at Plone Open Garden 2014, Sorrento
Plone Intranet talk at Plone Open Garden 2014, SorrentoPlone Intranet talk at Plone Open Garden 2014, Sorrento
Plone Intranet talk at Plone Open Garden 2014, Sorrento
 
A Journey Through Open Source
A Journey Through Open SourceA Journey Through Open Source
A Journey Through Open Source
 
Adventures in Wonderland - A Plone Developer's Year in iOS
Adventures in Wonderland - A Plone Developer's Year in iOSAdventures in Wonderland - A Plone Developer's Year in iOS
Adventures in Wonderland - A Plone Developer's Year in iOS
 
BathCamp #32 - CMS Smackdown! - Plone
BathCamp #32 - CMS Smackdown! - PloneBathCamp #32 - CMS Smackdown! - Plone
BathCamp #32 - CMS Smackdown! - Plone
 
Contextual - Intranet Shoot-out: Plone vs. SharePoint
Contextual - Intranet Shoot-out: Plone vs. SharePointContextual - Intranet Shoot-out: Plone vs. SharePoint
Contextual - Intranet Shoot-out: Plone vs. SharePoint
 
A Small Group of Thoughtful, Committed [plone] People
A Small Group of Thoughtful, Committed [plone] PeopleA Small Group of Thoughtful, Committed [plone] People
A Small Group of Thoughtful, Committed [plone] People
 
Memorial Sloan Kettering: Adventures in Drupal 8
Memorial Sloan Kettering: Adventures in Drupal 8Memorial Sloan Kettering: Adventures in Drupal 8
Memorial Sloan Kettering: Adventures in Drupal 8
 
An introduction to Zope Page Templates and their use outside of Zope (+Audio)
An introduction to Zope Page Templates and their use outside of Zope (+Audio)An introduction to Zope Page Templates and their use outside of Zope (+Audio)
An introduction to Zope Page Templates and their use outside of Zope (+Audio)
 
Plone: Event Driven Programming
Plone: Event Driven ProgrammingPlone: Event Driven Programming
Plone: Event Driven Programming
 
Vagrant and CentOS 7
Vagrant and CentOS 7Vagrant and CentOS 7
Vagrant and CentOS 7
 
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)
 
Deep Dive In To Kerberos
Deep Dive In To KerberosDeep Dive In To Kerberos
Deep Dive In To Kerberos
 
Redhat.com: An Architectural Case Study
Redhat.com: An Architectural Case StudyRedhat.com: An Architectural Case Study
Redhat.com: An Architectural Case Study
 
The New Design Workflow
The New Design WorkflowThe New Design Workflow
The New Design Workflow
 
SSO with kerberos
SSO with kerberosSSO with kerberos
SSO with kerberos
 
dotCSS 2016: Hacking HTML Emails with CSS
dotCSS 2016: Hacking HTML Emails with CSSdotCSS 2016: Hacking HTML Emails with CSS
dotCSS 2016: Hacking HTML Emails with CSS
 
SAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 OverviewSAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 Overview
 

Similar to Single Sign-On with Plone and Active Directory

Don't Roll Your Own, Integrate
Don't Roll Your Own, IntegrateDon't Roll Your Own, Integrate
Don't Roll Your Own, IntegrateKathy Brown
 
No need to leave Connections. Bring your Domino applications into the Activit...
No need to leave Connections. Bring your Domino applications into the Activit...No need to leave Connections. Bring your Domino applications into the Activit...
No need to leave Connections. Bring your Domino applications into the Activit...LetsConnect
 
how to connect your app to the activity stream with x-pages
how to connect your app to the activity stream with x-pageshow to connect your app to the activity stream with x-pages
how to connect your app to the activity stream with x-pagesFrank van der Linden
 
Big bluebutton moodle integration 2013b
Big bluebutton moodle integration 2013bBig bluebutton moodle integration 2013b
Big bluebutton moodle integration 2013bbigbluebutton
 
Connect the Dots: Logging and Custom Connectors
Connect the Dots: Logging and Custom ConnectorsConnect the Dots: Logging and Custom Connectors
Connect the Dots: Logging and Custom ConnectorsAaronLieberman5
 
One year solving infrastructure management with FusionDirectory and OpenLDAP,...
One year solving infrastructure management with FusionDirectory and OpenLDAP,...One year solving infrastructure management with FusionDirectory and OpenLDAP,...
One year solving infrastructure management with FusionDirectory and OpenLDAP,...OW2
 
PloneSocial Roadmap PLOG2013
PloneSocial Roadmap PLOG2013PloneSocial Roadmap PLOG2013
PloneSocial Roadmap PLOG2013Guido Stevens
 
Getting started with Alfresco in the cloud
Getting started with Alfresco in the cloudGetting started with Alfresco in the cloud
Getting started with Alfresco in the cloudPaul Hampton
 
Going Live: Live@EDU AT UGA
Going Live: Live@EDU AT UGAGoing Live: Live@EDU AT UGA
Going Live: Live@EDU AT UGALewis Noles
 
xlwings for Google Sheets
xlwings for Google Sheetsxlwings for Google Sheets
xlwings for Google Sheetsxlwings
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
TuleapCon 2018. Eclipse Foundation Success Story
TuleapCon 2018. Eclipse Foundation Success StoryTuleapCon 2018. Eclipse Foundation Success Story
TuleapCon 2018. Eclipse Foundation Success StoryTuleap
 
Dd13.2013.milano.open ntf
Dd13.2013.milano.open ntfDd13.2013.milano.open ntf
Dd13.2013.milano.open ntfUlrich Krause
 
WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015Pavel Bucek
 

Similar to Single Sign-On with Plone and Active Directory (20)

Don't Roll Your Own, Integrate
Don't Roll Your Own, IntegrateDon't Roll Your Own, Integrate
Don't Roll Your Own, Integrate
 
No need to leave Connections. Bring your Domino applications into the Activit...
No need to leave Connections. Bring your Domino applications into the Activit...No need to leave Connections. Bring your Domino applications into the Activit...
No need to leave Connections. Bring your Domino applications into the Activit...
 
how to connect your app to the activity stream with x-pages
how to connect your app to the activity stream with x-pageshow to connect your app to the activity stream with x-pages
how to connect your app to the activity stream with x-pages
 
Syncitall
SyncitallSyncitall
Syncitall
 
Dnug2012 yellow and blue stream
Dnug2012 yellow and blue streamDnug2012 yellow and blue stream
Dnug2012 yellow and blue stream
 
Uklug2012 yellow and blue stream
Uklug2012 yellow and blue streamUklug2012 yellow and blue stream
Uklug2012 yellow and blue stream
 
Big bluebutton moodle integration 2013b
Big bluebutton moodle integration 2013bBig bluebutton moodle integration 2013b
Big bluebutton moodle integration 2013b
 
Connect the Dots: Logging and Custom Connectors
Connect the Dots: Logging and Custom ConnectorsConnect the Dots: Logging and Custom Connectors
Connect the Dots: Logging and Custom Connectors
 
One year solving infrastructure management with FusionDirectory and OpenLDAP,...
One year solving infrastructure management with FusionDirectory and OpenLDAP,...One year solving infrastructure management with FusionDirectory and OpenLDAP,...
One year solving infrastructure management with FusionDirectory and OpenLDAP,...
 
PloneSocial Roadmap PLOG2013
PloneSocial Roadmap PLOG2013PloneSocial Roadmap PLOG2013
PloneSocial Roadmap PLOG2013
 
Getting started with Alfresco in the cloud
Getting started with Alfresco in the cloudGetting started with Alfresco in the cloud
Getting started with Alfresco in the cloud
 
Jitesh Agrawal plone
Jitesh Agrawal ploneJitesh Agrawal plone
Jitesh Agrawal plone
 
Jitesh agrawal Resume
Jitesh agrawal ResumeJitesh agrawal Resume
Jitesh agrawal Resume
 
Going Live: Live@EDU AT UGA
Going Live: Live@EDU AT UGAGoing Live: Live@EDU AT UGA
Going Live: Live@EDU AT UGA
 
xlwings for Google Sheets
xlwings for Google Sheetsxlwings for Google Sheets
xlwings for Google Sheets
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
TuleapCon 2018. Eclipse Foundation Success Story
TuleapCon 2018. Eclipse Foundation Success StoryTuleapCon 2018. Eclipse Foundation Success Story
TuleapCon 2018. Eclipse Foundation Success Story
 
Stackato v6
Stackato v6Stackato v6
Stackato v6
 
Dd13.2013.milano.open ntf
Dd13.2013.milano.open ntfDd13.2013.milano.open ntf
Dd13.2013.milano.open ntf
 
WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015
 

More from Matt Hamilton

Ceci n’est pas un canard - Machine Learning and Generative Adversarial Networks
Ceci n’est pas un canard - Machine Learning and Generative Adversarial NetworksCeci n’est pas un canard - Machine Learning and Generative Adversarial Networks
Ceci n’est pas un canard - Machine Learning and Generative Adversarial NetworksMatt Hamilton
 
Ceci N'est Pas Un Canard – and Other Machine Learning Stories
Ceci N'est Pas Un Canard – and Other Machine Learning StoriesCeci N'est Pas Un Canard – and Other Machine Learning Stories
Ceci N'est Pas Un Canard – and Other Machine Learning StoriesMatt Hamilton
 
Intro to Machine Learning and AI
Intro to Machine Learning and AIIntro to Machine Learning and AI
Intro to Machine Learning and AIMatt Hamilton
 
Mistakes Made and Lessons Learnt Scaling Plone post-Launch
Mistakes Made and Lessons Learnt Scaling Plone post-LaunchMistakes Made and Lessons Learnt Scaling Plone post-Launch
Mistakes Made and Lessons Learnt Scaling Plone post-LaunchMatt Hamilton
 
Plone Symposium East 2011 Keynote: Plone, A Solution not a Product
Plone Symposium East 2011 Keynote: Plone, A Solution not a ProductPlone Symposium East 2011 Keynote: Plone, A Solution not a Product
Plone Symposium East 2011 Keynote: Plone, A Solution not a ProductMatt Hamilton
 
The Flexibility of Open Source - Plone in the Public Sector
The Flexibility of Open Source - Plone in the Public SectorThe Flexibility of Open Source - Plone in the Public Sector
The Flexibility of Open Source - Plone in the Public SectorMatt Hamilton
 
The Flexibility of Open Source: A Case Study of a large Corporate Intranet
The Flexibility of Open Source: A Case Study of a large Corporate IntranetThe Flexibility of Open Source: A Case Study of a large Corporate Intranet
The Flexibility of Open Source: A Case Study of a large Corporate IntranetMatt Hamilton
 
Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)
Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)
Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)Matt Hamilton
 
Lipstick On a Pig (+Audio)
Lipstick On a Pig (+Audio)Lipstick On a Pig (+Audio)
Lipstick On a Pig (+Audio)Matt Hamilton
 
Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...
Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...
Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...Matt Hamilton
 
NextGen Roadshow Bmex Case Study
NextGen Roadshow Bmex Case StudyNextGen Roadshow Bmex Case Study
NextGen Roadshow Bmex Case StudyMatt Hamilton
 
Open Source and Content Management (+audio)
Open Source and Content Management (+audio)Open Source and Content Management (+audio)
Open Source and Content Management (+audio)Matt Hamilton
 

More from Matt Hamilton (12)

Ceci n’est pas un canard - Machine Learning and Generative Adversarial Networks
Ceci n’est pas un canard - Machine Learning and Generative Adversarial NetworksCeci n’est pas un canard - Machine Learning and Generative Adversarial Networks
Ceci n’est pas un canard - Machine Learning and Generative Adversarial Networks
 
Ceci N'est Pas Un Canard – and Other Machine Learning Stories
Ceci N'est Pas Un Canard – and Other Machine Learning StoriesCeci N'est Pas Un Canard – and Other Machine Learning Stories
Ceci N'est Pas Un Canard – and Other Machine Learning Stories
 
Intro to Machine Learning and AI
Intro to Machine Learning and AIIntro to Machine Learning and AI
Intro to Machine Learning and AI
 
Mistakes Made and Lessons Learnt Scaling Plone post-Launch
Mistakes Made and Lessons Learnt Scaling Plone post-LaunchMistakes Made and Lessons Learnt Scaling Plone post-Launch
Mistakes Made and Lessons Learnt Scaling Plone post-Launch
 
Plone Symposium East 2011 Keynote: Plone, A Solution not a Product
Plone Symposium East 2011 Keynote: Plone, A Solution not a ProductPlone Symposium East 2011 Keynote: Plone, A Solution not a Product
Plone Symposium East 2011 Keynote: Plone, A Solution not a Product
 
The Flexibility of Open Source - Plone in the Public Sector
The Flexibility of Open Source - Plone in the Public SectorThe Flexibility of Open Source - Plone in the Public Sector
The Flexibility of Open Source - Plone in the Public Sector
 
The Flexibility of Open Source: A Case Study of a large Corporate Intranet
The Flexibility of Open Source: A Case Study of a large Corporate IntranetThe Flexibility of Open Source: A Case Study of a large Corporate Intranet
The Flexibility of Open Source: A Case Study of a large Corporate Intranet
 
Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)
Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)
Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)
 
Lipstick On a Pig (+Audio)
Lipstick On a Pig (+Audio)Lipstick On a Pig (+Audio)
Lipstick On a Pig (+Audio)
 
Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...
Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...
Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...
 
NextGen Roadshow Bmex Case Study
NextGen Roadshow Bmex Case StudyNextGen Roadshow Bmex Case Study
NextGen Roadshow Bmex Case Study
 
Open Source and Content Management (+audio)
Open Source and Content Management (+audio)Open Source and Content Management (+audio)
Open Source and Content Management (+audio)
 

Single Sign-On with Plone and Active Directory

  • 1. Plone and Single-Sign On Active Directory and the Holy Grail Matt Hamilton
  • 2. Who am I? • Working with Plone/Zope since 1999 • Director at Netsight in the UK • Worked on a number of projects doing authentication over the years Plone Open Garden 2013
  • 3. What are we trying to do? • Allow uses to be automatically logged in to a website without having to type in their username/password Plone Open Garden 2013
  • 4. Kerberos • Developed by MIT many many years ago • Used in Unix.... but also used on Windows, OSX, Linux • Based on authentication ‘tickets’ Plone Open Garden 2013
  • 5. Other approaches • Apache in front of Plone - mod_kerberos - mod_ntlm - mod_authtkt / mod_pubcookie • Plone on IIS - Enfold proxy - IISAPI Plone Open Garden 2013
  • 6. Why do it in Plone? • Ultimate control over if/when to require authentication from a user • Fallback to other authentication methods • Mix of user sources Plone Open Garden 2013
  • 7. netsight.windowsauthplugin • Runs on either Windows or Unix/Linux/ OSX • Windows: Uses Windows’ internal SSPI API • Unix: Uses MIT Kerberos libraries Plone Open Garden 2013
  • 8. [buildout] ... eggs = ... netsight.windowsauthplugin Plone Open Garden 2013
  • 9. Recent Use-case • Two departments of National Health Service are merging • ...but their IT systems are still separate • Two different Active Directory domains: CFH and IC Plone Open Garden 2013
  • 10. Recent Use-case • Half the users in one domain, half in the other • Both need to be automatically authenticated to a single, common intranet • Need to allow fallback to manual username/password Plone Open Garden 2013
  • 12. How does Kerberos work? Plone Open Garden 2013
  • 13. How does Kerberos work? Plone Open Garden 2013
  • 14. How does Kerberos work? Plone Open Garden 2013
  • 15. Demo Plone Open Garden 2013
  • 16. Complex Setups Plone Open Garden 2013
  • 17. Member Properties • Get data from Active Directory via LDAP • Use plone.app.ldap • Can use OpenLDAP as a proxy server - Increased reliability - Combine multiple LDAP/AD servers - Caching Plone Open Garden 2013
  • 18. Questions? • Matt Hamilton • matth@netsight.co.uk • @hammertoe • https://github.com/netsight/ netsight.windowsauthplugin Plone Open Garden 2013