First Indico Workshop Authentication Alberto Resco Pérez 29-27 May 2013 CERN.

Slides:

Advertisements

Similar presentations

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Advertisements

SearchSearch User Profiles SearchSearchExcelExcelUserProfilesUserProfiles Managed Metadata.

Hands-on: install Mobile

Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,

© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,

MyProxy: A Multi-Purpose Grid Authentication Service

Inter-Institutional Registration UNC Cause December 4, 2007.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

WSO2 Identity Server Road Map

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Public Key Infrastructure from the Most Trusted Name in e-Security.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Demos!. Demo 1: Dropbox-like Behavior Syndicate producerconsumer.

Survey of Identity Repository Security Models JSR 351, Sep 2012.

The Directory A distributed database Distributed maintenance.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,

CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

10/25/20151 Single Sign-On Web Service Supervisors: Viktor Kulikov Alexander Sherman Liana Lipstov Pavel Bilenko.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.

First Indico Workshop Registration Form Alberto Resco Pérez May 2013 CERN.

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Adxstudio Portals Training

Esri UC 2014 | Demo Theater | Using ArcGIS Online App Logins in Node.js James Tedrick.

First Indico Workshop Room Booking Alberto Resco Pérez May 2013 CERN.

Adxstudio Portals Training

API Auth By Kyle Bradley. Role Definitions  User (Resource Owner)  The resource owner is the person who is giving access to some portion of their account.

Personalizing Web Sites Nasrullah. Understanding Profile The ASP.NET application service that enables you to store and retrieve information about users.

JN0-561 Juniper Juniper Networks Certified Internet Associate, J-series Visit:

1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.

CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,

1 (c) 2013 FabSoft. MOST Cloud Service What is a Cloud Service? A cloud service is internet-based, meaning that MOST is hosted on a server farm on the.

Education Solution.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries

Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,

The FederID project The First Identity Management and Federation Free Software.

Chapter 1 Introduction to Networking

562: Power of Single Sign-On in OpenEdge

Build your own Gateway PEARC17, July 10th 2017

Beyond the BDC\BCS Model

Jean-François Perrin (ILL) - Umbrella Annual Meeting 2015

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Welcome to the 20th Anniversary of the IUG

Radius, LDAP, Radius used in Authenticating Users

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Enterprise Authentication with Indico

Implementation and configuration of LDAP

Multifactor Authentication & First Time Login

Matthew Levy Azure AD B2B vs B2C Matthew Levy

AD FS Installation Active Directory Federation Services (AD FS) 7.1

IST346: Namespaces, Identity Management

Device Registration and Multi-Factor Authentication

Management Application for all segments

Security for Science Gateways Initial Design Discussions

Presentation transcript:

First Indico Workshop Authentication Alberto Resco Pérez May 2013 CERN

authentication What is it: Authentication is the act of confirming the truth of an attribute of a datum or entity. Users needs to authenticate to access private resources Support for different types of authentications

authenticators Currently we support 3 authenticators Local NICE  CERN specific LDAP (developed by Martin Kuba)

Local Authenticator Basic authentication Bases in a pair username/password Capability to create accounts Stored locally

administration

Local Manager Sign up Active

Local Login

Local Create an account

Local confirmation

Local Activation confirmation

Local Account moderation

Local Activate account

Nice CERN Specific Web services to lookup for users and groups Single Sign On to login Sometimes very slow

Nice Authentication Workflow SS O Log in Redire ct Logge d in

ldap LDAP is an application protocol for accessing and maintaining distributed directory information services Developed by Martin Kuba Benefit from a centralized directory you may have in your institution We can get rid of the webservices

oauth Introduced in v1.1. Support for Oauth v1.0 OAuth is an open standard for authorization. OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (

Oauth Workflow

Indico mobile workflow Authentication Workflow Log in Authoriz e Authoriz ed Indico mobile

Oauth: Administration List of consumers

Oauth: user applications List of applications authorized

New auth system

New system To be released in v1.2* Refactor of the code Get rid of NICE Authenticator Easy to add new authenticators Faster, cache SSO capabilities: it would only be a matter of configuration

Basic config # etc/indico.conf AuthenticatorList = [(’Local’, {})]

Configure ldap # etc/indico.conf AuthenticatorList = [(’LDAP', { 'host': 'cerndc.cern.ch', 'useTLS': False, 'peopleDNQuery': ('cn={0}’,'OU=Users,OU=Organic Units,DC=cern,DC=ch'), 'groupDNQuery': ('cn={0}', 'OU=Workgroups,DC=cern,DC=ch'), 'groupStyle': 'SLAPD’, 'accessCredentials': ('CN=indico,OU=Users,OU=Organic Units,DC=cern,DC=ch',’XXXXXXX’)})]

Enable sso AuthenticatorList = [('MyAuthSystem', { 'SSOActive': True, 'LogoutCallbackURL': ' 'SSOMapping' = {' ': 'ADFS_ ', 'login': 'ADFS_LOGIN', 'personId': 'ADFS_PERSONID’, 'phone': 'ADFS_PHONENUMBER’, 'fax': 'ADFS_FAXNUMBER', 'lastname': 'ADFS_LASTNAME’, 'firstname': 'ADFS_FIRSTNAME’, 'institute': 'ADFS_HOMEINSTITUTE’} })]

Demo login ldap

Alberto resco Questions?