Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Zaizi Alfresco Solution: Securing Alfresco for Extranet Access

4,472 views

Published on

- To allow to users to evaluate the strength of their password,
- To allow to users to reset their password,
- To add a CAPTCHA system,
- To define password and account expiration dates,
- To disable accounts,
- To define a maximum of login attempts,
- To add an OpenID authentication (based on Google),
- To add a two factor authentication using iPhone App.

Published in: Technology

Zaizi Alfresco Solution: Securing Alfresco for Extranet Access

  1. 1. How to secure Alfresco ?Monday, 24 October 2011
  2. 2. Introduction • The goal of this short slide show is to demonstrate what can be done to reinforce authentication. • To achieve our objectives, we improved the Alfresco authentication system : • To allow to users to evaluate the strength of their password, • To allow to users to reset their password, • To add a CAPTCHA system, • To define password and account expiration dates, • To disable accounts, • To define a maximum of login attempts, • To add an OpenID authentication (based on Google), • To add a 2-Factor authentication. Alfresco ArchitectureMonday, 24 October 2011
  3. 3. Password Strength • We added a new component to allow to users to evaluate their password strength. • Users can improve the global security by themselves. Alfresco ArchitectureMonday, 24 October 2011
  4. 4. Reset password • This feature simplifies the administrator’s task. • This one improves security by generating strong password. • This feature could be called every month to reset all user’s password. Alfresco ArchitectureMonday, 24 October 2011
  5. 5. CAPTCHA Systems • A CAPTCHA is a program that can tell whether its user is a human or a computer. • To decrease the number of login attempts. Use an open-source library called reCAPTCHA (that helps to digitize books). Alfresco ArchitectureMonday, 24 October 2011
  6. 6. Expiration dates • Administrators can define an account and password expiration date for each user. Alfresco ArchitectureMonday, 24 October 2011
  7. 7. Disabled accounts • Administrators can enable/disable account. Alfresco ArchitectureMonday, 24 October 2011
  8. 8. Maximum login attempts • We can define a maximum login attempts (be default 3). • After 3 unsuccessful login attempts, the account is automatically locked. Alfresco ArchitectureMonday, 24 October 2011
  9. 9. OpenID authentication • OpenID is a safe, faster, and easier way to log in to web sites. • OpenID Users Benefits: • Fewer usernames and passwords to remember • Helps protect personal identity information • Globally unique,“Is that the same David?” • Ability to know where youve shared information Alfresco ArchitectureMonday, 24 October 2011
  10. 10. OpenID Authentication OpenID Authentication ? Ask login to google User is logged to Google. Register user as trusted user Confirmation to continue Login as trusted user User logged to Alfresco Alfresco ArchitectureMonday, 24 October 2011
  11. 11. 2-Factor authentication • A 2FA authentication (or strong authentication) is an approach to authentication which requires the presentation of two different kinds of evidence: • Something known, like a password, (e.g. Alfresco password) • Something unique (e.g. OTP or One-time password). • In this example, we used a 2FA authentication called WiKID. Alfresco ArchitectureMonday, 24 October 2011
  12. 12. 2-Factor authentication Authentication Ask a passcode (OTP) for Alfresco ? Create a passcode Passcode valid for 90 seconds The user fills the passcode in Alfresco Share Passcode valid ? Passcode valid for Alfresco ? Disable the passcode Passcode OK Passcode OK Login with username/password User logged Alfresco Platform designMonday, 24 October 2011
  13. 13. 2-Factor authentication Username ? Password ? Alfresco Platform designMonday, 24 October 2011
  14. 14. Thank YouMonday, 24 October 2011

×