Presentation is loading. Please wait.

Presentation is loading. Please wait.

First Indico Workshop Authentication Alberto Resco Pérez 29-27 May 2013 CERN.

Published byTracey Norman Modified over 8 years ago

Similar presentations

Presentation on theme: "First Indico Workshop Authentication Alberto Resco Pérez 29-27 May 2013 CERN."— Presentation transcript:

1 First Indico Workshop Authentication Alberto Resco Pérez 29-27 May 2013 CERN

2 authentication What is it: Authentication is the act of confirming the truth of an attribute of a datum or entity. Users needs to authenticate to access private resources Support for different types of authentications

3 authenticators Currently we support 3 authenticators Local NICE  CERN specific LDAP (developed by Martin Kuba)

4 Local Authenticator Basic authentication Bases in a pair username/password Capability to create accounts Stored locally

5 administration

6 Local Manager Sign up Active

7 Local Login

8 Local Create an account

9 Local Email confirmation

10 Local Activation confirmation

11 Local Account moderation

12 Local Activate account

13 Nice CERN Specific Web services to lookup for users and groups Single Sign On to login Sometimes very slow

14 Nice Authentication Workflow SS O Log in Redire ct Logge d in

15 ldap LDAP is an application protocol for accessing and maintaining distributed directory information services Developed by Martin Kuba Benefit from a centralized directory you may have in your institution Indico@CERN: We can get rid of the webservices

16 oauth Introduced in v1.1. Support for Oauth v1.0 OAuth is an open standard for authorization. OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (

17 Oauth Workflow

18 Indico mobile workflow Authentication Workflow Log in Authoriz e Authoriz ed Indico mobile

19 Oauth: Administration List of consumers

20 Oauth: user applications List of applications authorized

21 New auth system

22 New system To be released in v1.2* Refactor of the code Get rid of NICE Authenticator Easy to add new authenticators Faster, cache SSO capabilities: it would only be a matter of configuration

23 Basic config # etc/indico.conf AuthenticatorList = [(’Local’, {})]

24 Configure ldap # etc/indico.conf AuthenticatorList = [(’LDAP', { 'host': 'cerndc.cern.ch', 'useTLS': False, 'peopleDNQuery': ('cn={0}’,'OU=Users,OU=Organic Units,DC=cern,DC=ch'), 'groupDNQuery': ('cn={0}', 'OU=Workgroups,DC=cern,DC=ch'), 'groupStyle': 'SLAPD’, 'accessCredentials': ('CN=indico,OU=Users,OU=Organic Units,DC=cern,DC=ch',’XXXXXXX’)})]

25 Enable sso AuthenticatorList = [('MyAuthSystem', { 'SSOActive': True, 'LogoutCallbackURL': 'https://example.com/wsignout’, 'SSOMapping' = {'email': 'ADFS_EMAIL', 'login': 'ADFS_LOGIN', 'personId': 'ADFS_PERSONID’, 'phone': 'ADFS_PHONENUMBER’, 'fax': 'ADFS_FAXNUMBER', 'lastname': 'ADFS_LASTNAME’, 'firstname': 'ADFS_FIRSTNAME’, 'institute': 'ADFS_HOMEINSTITUTE’} })]

26 Demo login ldap

27 Alberto resco Questions? http://github.com/arescope @arescope arescope@cern.ch

Download ppt "First Indico Workshop Authentication Alberto Resco Pérez 29-27 May 2013 CERN."

Similar presentations

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
SearchSearch User Profiles SearchSearchExcelExcelUserProfilesUserProfiles Managed Metadata.

SearchSearch User Profiles SearchSearchExcelExcelUserProfilesUserProfiles Managed Metadata.
Hands-on: install Mobile

Hands-on: install Mobile
Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,

Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,
© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,

© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Inter-Institutional Registration UNC Cause December 4, 2007.

Inter-Institutional Registration UNC Cause December 4, 2007.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.

© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee.

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Similar presentations

Ads by Google