SlideShare a Scribd company logo

SSO using CAS + two-factor authentication (PyGrunn 2014 talk)

Artur Barseghyan
Artur Barseghyan

Modern authentication techniques in Python web applications. PyGrunn talk by Artur Barseghyan. Year 2014.

1 of 38
Downloaded 119 times
Modern authentication techniques in Python web applications Artur Barseghyan Goldmund, Wyldebeast & Wunderliebe http://www.goldmund-wyldebeast-wunderliebe.nl/ artur.barseghyan@gmail.com https://github.com/barseghyanartur
Part 1 Single Sign-on using Central Authentication Service
A single framework/application User base Framework/application Authentication system Other importants parts not related to this talk
Typical framework/application authentication flow User requests content requiring authentication User gets the content requested Is user authenticated? Authenticate user User provides credentials (login page) Are credentials correct? Yes No Yes No
Multiple web frameworks/applications User base 1 Framework/application 1 Authentication system 1 Other importants parts not related to this talk User base 2 Framework/application 2 Authentication system 2 Other importants parts not related to this talk User base N Framework/application N Authentication system N Other importants parts not related to this talk ... Web portal (ex. DMS, intranet, wiki, etc.)
Without Single Sign-on... ● Use a single framework/application and write lots of apps OR ● Use multiple frameworks/applications and: ○ Hack their authentication systems OR ○ Expect users to login into each of them OR ○ Make them communicate via customly built API ● More (bad) ideas?
With Single Sign-on... ● User logs in once and gains access to all systems without being prompted to log in again.
(JaSig) CAS Enterprise Single Sign-on solution ● Open source ● Well documented ● Scalable ● Modular and highly pluggable (MySQL, PostgreSQL, Oracle, LDAP, SPINEGO, RADIUS, etc.) ● Lots of ready-to-use clients and plugins
(JaSig) CAS CAS involves at least three parties: ● A client web browser ● Web application requesting authentication ● The CAS server It also optionally may involve: ● Back-end service, such as a database server
CAS authentication flow
CAS authentication schema User requests content which requires authentication User is asked to provide credentials (login page) Create SSO token and redirect User gets the content requested No Yes No Yes Is user authenticated into app? No Yes Authenticate user (CAS) CAS server Authenticate user (locally) Are credentials correct? Is user authenticated into CAS? CAS client (web application)
Pros of CAS Pros ● Centralised authentication for all frameworks/applications. ● Actively maintained and developed. Large community. ● Modular and highly pluggable (MySQL, PostgreSQL, Oracle, Active Directory, LDAP, SPINEGO, RADIUS, etc.). ● Lots of ready-to-use packages for many frameworks/applications. ● Less passwords to retype, remember and recover. ● More of your own code is reusable. ● Happier end-users. ● REST API.
Cons of CAS Cons ● SSO availability becomes critical. ● SSO security becomes critical.
Our use case Dashboard app ● Django Server A CAS server Server C User base ● Active Directory Server D VPN ● Apache ● Tomcat ● Debian ● Java ● CAS ● OpenVPN ● AJP ● Python ● Django ● Plone More to come Server X DMS ● Plone Server B
Conclusion
CAS alternatives 1 / n JOSSO http://www.josso.org OpenAM (formerly known as OpenSSO) http://openam.forgerock.org Pubcookie http://www.pubcookie.org CoSign http://weblogin.org
Linkodrome 1 / n Software packages JaSig CAS http://www.jasig.org/cas Django CAS client https://github.com/Goldmund-Wyldebeast-Wunderliebe/django-cas-consumer Plone CAS client https://github.com/collective/anz.casclient Detailed installation instructions http://bit.ly/1uuk2BS
Part 2 Two-step verification (Two-factor authentication)
Standard authentication flow User requests content requiring authentication User gets the content requested Is user authenticated? Authenticate user User provides credentials (login page) Are credentials correct? Yes Yes No No
● Knowledge factor ("something only the user knows"): a password or a PIN. ● Possession factor ("something only the user has"): ATM card, smart card, mobile phone. ● Inherence factor ("something only the user is"): Fingerprint or voiceprint. Standard authentication factors
Common advises on remembering many passwords ● Use complex passwords and have them saved in password managers. ● Use complex passwords, write them on paper and carry them in your wallet. Passwords aren’t enough!
Two-factor authentication ● Knowledge factor ("something only the user knows"): a password or a PIN. ● Possession factor ("something only the user has"): ATM card, smart card, mobile phone. ● Inherence factor ("something only the user is"): Fingerprint or voiceprint.
Standard authentication flow User requests content requiring authentication User provides credentials No Yes Is user authenticated ? Authenticate user Yes No Are credentials correct? User gets the content requested
Two-factor authentication flow User requests content requiring authentication User provides credentials No Yes User provides second factor token Is token correct ? Yes No Second factor Is user authenticated ? Authenticate user Yes No Are credentials correct? User gets the content requested
(Common) solutions ● SMS authentication ● Google Authenticator (mobile app) ● Hardware token generators
Google Authenticator
Hardware token generators
Our use cases ● collective.googleauthenticator (uses Google Authenticator app) ● collective.smsauthenticator (login codes sent by SMS)
collective.googleauthenticator
Setup two-step verification
Authenticate
Verify
Conclusion
Alternatives ● Risk-based authentication (based on behavioral biometrics, keystroke dynamics, etc.) ● Strong authentication ● Reliance authentication
Linkodrome Plone ● collective.googleauthenticator (two-factor authentication using Google Authenticator app) https://pypi.python.org/pypi/collective.googleauthenticator ● collective.smsauthenticator (two-factor authentication using login codes sent by SMS) https://pypi.python.org/pypi/collective.smsauthenticator Django ● django-two-factor-auth (two-factor authentication using Google Authenticator or login codes sent by SMS) https://pypi.python.org/pypi/django-two-factor-auth ● django-otp (pluggable framework for adding two-factor authentication using OTP.) https://pypi.python.org/pypi/django-otp
Questions?
Thank you! Artur Barseghyan Goldmund, Wyldebeast & Wunderliebe artur.barseghyan@gmail.com https://github.com/barseghyanartur
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
Ad

Recommended

A Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and PerformanceA Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and Performance
Amin Saqi
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
Aaron Parecki
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
Orest Ivasiv
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
Aaron Parecki
 
OAuth2 + API Security
OAuth2 + API SecurityOAuth2 + API Security
OAuth2 + API Security
Amila Paranawithana
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
Uwe Friedrichsen
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2
axykim00
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
Shiu-Fun Poon
 
Spring Security
Spring SecuritySpring Security
Spring Security
Boy Tech
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
Gyana Ranjana
 
Xss attack
Xss attackXss attack
Xss attack
Manjushree Mashal
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
Dan Brinkmann
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
Mike Schwartz
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
Knoldus Inc.
 
How to Unblock an ePass2003 Token
How to Unblock an ePass2003 TokenHow to Unblock an ePass2003 Token
How to Unblock an ePass2003 Token
Myesign
 
Postman tests in jenkins
Postman tests in jenkinsPostman tests in jenkins
Postman tests in jenkins
Alex Galkin
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
Yuichi Nakamura
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
FIDO Alliance
 
Network Programming
Network ProgrammingNetwork Programming
Network Programming
Vinayak Hegde
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
 
Visio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowVisio Diagram of a user SSO Flow
Visio Diagram of a user SSO Flow
Mike Reams
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
Nat Sakimura
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
Frank Victory
 
Spring security
Spring securitySpring security
Spring security
Saurabh Sharma
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
Marco Morana
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten Minutes
Andrew Petro
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
mmubashirkhan
 
Ad

More Related Content

What's hot (20)

Spring Security
Spring SecuritySpring Security
Spring Security
Boy Tech
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
Gyana Ranjana
 
Xss attack
Xss attackXss attack
Xss attack
Manjushree Mashal
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
Dan Brinkmann
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
Mike Schwartz
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
Knoldus Inc.
 
How to Unblock an ePass2003 Token
How to Unblock an ePass2003 TokenHow to Unblock an ePass2003 Token
How to Unblock an ePass2003 Token
Myesign
 
Postman tests in jenkins
Postman tests in jenkinsPostman tests in jenkins
Postman tests in jenkins
Alex Galkin
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
Yuichi Nakamura
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
FIDO Alliance
 
Network Programming
Network ProgrammingNetwork Programming
Network Programming
Vinayak Hegde
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
 
Visio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowVisio Diagram of a user SSO Flow
Visio Diagram of a user SSO Flow
Mike Reams
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
Nat Sakimura
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
Frank Victory
 
Spring security
Spring securitySpring security
Spring security
Saurabh Sharma
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
Marco Morana
 
Spring Security
Spring SecuritySpring Security
Spring Security
Boy Tech
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
Gyana Ranjana
 
Xss attack
Xss attackXss attack
Xss attack
Manjushree Mashal
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
Dan Brinkmann
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
Mike Schwartz
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
Knoldus Inc.
 
How to Unblock an ePass2003 Token
How to Unblock an ePass2003 TokenHow to Unblock an ePass2003 Token
How to Unblock an ePass2003 Token
Myesign
 
Postman tests in jenkins
Postman tests in jenkinsPostman tests in jenkins
Postman tests in jenkins
Alex Galkin
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
Yuichi Nakamura
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
FIDO Alliance
 
Network Programming
Network ProgrammingNetwork Programming
Network Programming
Vinayak Hegde
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
 
Visio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowVisio Diagram of a user SSO Flow
Visio Diagram of a user SSO Flow
Mike Reams
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
Nat Sakimura
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
Frank Victory
 
Spring security
Spring securitySpring security
Spring security
Saurabh Sharma
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
Marco Morana
 

Viewers also liked (20)

Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten Minutes
Andrew Petro
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
mmubashirkhan
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive Threats
Apigee | Google Cloud
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
Guo Albert
 
Web Sign-On with CAS
Web Sign-On with CASWeb Sign-On with CAS
Web Sign-On with CAS
amiable_indian
 
Authentication with zend framework
Authentication with zend frameworkAuthentication with zend framework
Authentication with zend framework
George Mihailov
 
Central Authentication Service (CAS) SSO for EMC Documentum Rest Services
Central Authentication Service (CAS) SSO for EMC Documentum Rest ServicesCentral Authentication Service (CAS) SSO for EMC Documentum Rest Services
Central Authentication Service (CAS) SSO for EMC Documentum Rest Services
EMC
 
Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011
Sylvain Maret
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication
Fortytwo
 
Google Authenticator, possible attacks and prevention
Google Authenticator, possible attacks and preventionGoogle Authenticator, possible attacks and prevention
Google Authenticator, possible attacks and prevention
Boštjan Cigan
 
"2Fac: Facebook's internal multi-factor authentication". Tim Tickel, Chad Gre...
"2Fac: Facebook's internal multi-factor authentication". Tim Tickel, Chad Gre..."2Fac: Facebook's internal multi-factor authentication". Tim Tickel, Chad Gre...
"2Fac: Facebook's internal multi-factor authentication". Tim Tickel, Chad Gre...
Yandex
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi
Rafik HARABI
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
Nick Owen
 
Two Factor Authentication and You
Two Factor Authentication and YouTwo Factor Authentication and You
Two Factor Authentication and You
Chris Stone
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
Dilip Kr. Jangir
 
Simple Two Factor Authentication
Simple Two Factor AuthenticationSimple Two Factor Authentication
Simple Two Factor Authentication
John Congdon
 
Securing Your Salesforce Deployment with Two Factor Authentication
Securing Your Salesforce Deployment with Two Factor AuthenticationSecuring Your Salesforce Deployment with Two Factor Authentication
Securing Your Salesforce Deployment with Two Factor Authentication
Salesforce Developers
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]
Hai Nguyen
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
IBM Security
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten Minutes
Andrew Petro
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
mmubashirkhan
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive Threats
Apigee | Google Cloud
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
Guo Albert
 
Web Sign-On with CAS
Web Sign-On with CASWeb Sign-On with CAS
Web Sign-On with CAS
amiable_indian
 
Authentication with zend framework
Authentication with zend frameworkAuthentication with zend framework
Authentication with zend framework
George Mihailov
 
Central Authentication Service (CAS) SSO for EMC Documentum Rest Services
Central Authentication Service (CAS) SSO for EMC Documentum Rest ServicesCentral Authentication Service (CAS) SSO for EMC Documentum Rest Services
Central Authentication Service (CAS) SSO for EMC Documentum Rest Services
EMC
 
Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011
Sylvain Maret
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication
Fortytwo
 
Google Authenticator, possible attacks and prevention
Google Authenticator, possible attacks and preventionGoogle Authenticator, possible attacks and prevention
Google Authenticator, possible attacks and prevention
Boštjan Cigan
 
"2Fac: Facebook's internal multi-factor authentication". Tim Tickel, Chad Gre...
"2Fac: Facebook's internal multi-factor authentication". Tim Tickel, Chad Gre..."2Fac: Facebook's internal multi-factor authentication". Tim Tickel, Chad Gre...
"2Fac: Facebook's internal multi-factor authentication". Tim Tickel, Chad Gre...
Yandex
 
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi
Rafik HARABI
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
Nick Owen
 
Two Factor Authentication and You
Two Factor Authentication and YouTwo Factor Authentication and You
Two Factor Authentication and You
Chris Stone
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
Dilip Kr. Jangir
 
Simple Two Factor Authentication
Simple Two Factor AuthenticationSimple Two Factor Authentication
Simple Two Factor Authentication
John Congdon
 
Securing Your Salesforce Deployment with Two Factor Authentication
Securing Your Salesforce Deployment with Two Factor AuthenticationSecuring Your Salesforce Deployment with Two Factor Authentication
Securing Your Salesforce Deployment with Two Factor Authentication
Salesforce Developers
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]
Hai Nguyen
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
IBM Security
 
Ad

Similar to SSO using CAS + two-factor authentication (PyGrunn 2014 talk) (20)

Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
Authentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaAuthentication without Authentication - AppSec California
Authentication without Authentication - AppSec California
Soluto
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
Manish Harsh
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptx
Channa Ly
 
Serverless Meetup - Getting started with AWS Cognito [Jul 2020]
Serverless Meetup - Getting started with AWS Cognito [Jul 2020]Serverless Meetup - Getting started with AWS Cognito [Jul 2020]
Serverless Meetup - Getting started with AWS Cognito [Jul 2020]
Dhaval Nagar
 
Usability vs. Security: Find the Right Balance in Mobile Apps
Usability vs. Security: Find the Right Balance in Mobile AppsUsability vs. Security: Find the Right Balance in Mobile Apps
Usability vs. Security: Find the Right Balance in Mobile Apps
Josiah Renaudin
 
validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...
izzatisholehah
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
WSO2
 
Integration_Architect_-_Study_Group_Part_1.pptx
Integration_Architect_-_Study_Group_Part_1.pptxIntegration_Architect_-_Study_Group_Part_1.pptx
Integration_Architect_-_Study_Group_Part_1.pptx
kathleenwaterworth
 
kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...
Sagara Gunathunga
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
Nugroho Gito
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2
Donald Malloy
 
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
WSO2
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
Information Security Services SA
 
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
WSO2
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
Nordic APIs
 
What is Full Stack with Django and how to start learning It.docx
What is Full Stack with Django and how to start learning It.docxWhat is Full Stack with Django and how to start learning It.docx
What is Full Stack with Django and how to start learning It.docx
Technogeeks
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
Jim Fenton
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
Authentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaAuthentication without Authentication - AppSec California
Authentication without Authentication - AppSec California
Soluto
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
Manish Harsh
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptx
Channa Ly
 
Serverless Meetup - Getting started with AWS Cognito [Jul 2020]
Serverless Meetup - Getting started with AWS Cognito [Jul 2020]Serverless Meetup - Getting started with AWS Cognito [Jul 2020]
Serverless Meetup - Getting started with AWS Cognito [Jul 2020]
Dhaval Nagar
 
Usability vs. Security: Find the Right Balance in Mobile Apps
Usability vs. Security: Find the Right Balance in Mobile AppsUsability vs. Security: Find the Right Balance in Mobile Apps
Usability vs. Security: Find the Right Balance in Mobile Apps
Josiah Renaudin
 
validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...
izzatisholehah
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
WSO2
 
Integration_Architect_-_Study_Group_Part_1.pptx
Integration_Architect_-_Study_Group_Part_1.pptxIntegration_Architect_-_Study_Group_Part_1.pptx
Integration_Architect_-_Study_Group_Part_1.pptx
kathleenwaterworth
 
kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...
Sagara Gunathunga
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
Nugroho Gito
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2
Donald Malloy
 
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
WSO2
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
PROIDEA
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
Information Security Services SA
 
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for ...
WSO2
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
Nordic APIs
 
What is Full Stack with Django and how to start learning It.docx
What is Full Stack with Django and how to start learning It.docxWhat is Full Stack with Django and how to start learning It.docx
What is Full Stack with Django and how to start learning It.docx
Technogeeks
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
Jim Fenton
 
Ad

Recently uploaded (20)

Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 

SSO using CAS + two-factor authentication (PyGrunn 2014 talk)

  • 1. Modern authentication techniques in Python web applications Artur Barseghyan Goldmund, Wyldebeast & Wunderliebe http://www.goldmund-wyldebeast-wunderliebe.nl/ [email protected] https://github.com/barseghyanartur
  • 2. Part 1 Single Sign-on using Central Authentication Service
  • 3. A single framework/application User base Framework/application Authentication system Other importants parts not related to this talk
  • 4. Typical framework/application authentication flow User requests content requiring authentication User gets the content requested Is user authenticated? Authenticate user User provides credentials (login page) Are credentials correct? Yes No Yes No
  • 5. Multiple web frameworks/applications User base 1 Framework/application 1 Authentication system 1 Other importants parts not related to this talk User base 2 Framework/application 2 Authentication system 2 Other importants parts not related to this talk User base N Framework/application N Authentication system N Other importants parts not related to this talk ... Web portal (ex. DMS, intranet, wiki, etc.)
  • 6. Without Single Sign-on... ● Use a single framework/application and write lots of apps OR ● Use multiple frameworks/applications and: ○ Hack their authentication systems OR ○ Expect users to login into each of them OR ○ Make them communicate via customly built API ● More (bad) ideas?
  • 7. With Single Sign-on... ● User logs in once and gains access to all systems without being prompted to log in again.
  • 8. (JaSig) CAS Enterprise Single Sign-on solution ● Open source ● Well documented ● Scalable ● Modular and highly pluggable (MySQL, PostgreSQL, Oracle, LDAP, SPINEGO, RADIUS, etc.) ● Lots of ready-to-use clients and plugins
  • 9. (JaSig) CAS CAS involves at least three parties: ● A client web browser ● Web application requesting authentication ● The CAS server It also optionally may involve: ● Back-end service, such as a database server
  • 11. CAS authentication schema User requests content which requires authentication User is asked to provide credentials (login page) Create SSO token and redirect User gets the content requested No Yes No Yes Is user authenticated into app? No Yes Authenticate user (CAS) CAS server Authenticate user (locally) Are credentials correct? Is user authenticated into CAS? CAS client (web application)
  • 12. Pros of CAS Pros ● Centralised authentication for all frameworks/applications. ● Actively maintained and developed. Large community. ● Modular and highly pluggable (MySQL, PostgreSQL, Oracle, Active Directory, LDAP, SPINEGO, RADIUS, etc.). ● Lots of ready-to-use packages for many frameworks/applications. ● Less passwords to retype, remember and recover. ● More of your own code is reusable. ● Happier end-users. ● REST API.
  • 13. Cons of CAS Cons ● SSO availability becomes critical. ● SSO security becomes critical.
  • 14. Our use case Dashboard app ● Django Server A CAS server Server C User base ● Active Directory Server D VPN ● Apache ● Tomcat ● Debian ● Java ● CAS ● OpenVPN ● AJP ● Python ● Django ● Plone More to come Server X DMS ● Plone Server B
  • 16. CAS alternatives 1 / n JOSSO http://www.josso.org OpenAM (formerly known as OpenSSO) http://openam.forgerock.org Pubcookie http://www.pubcookie.org CoSign http://weblogin.org
  • 17. Linkodrome 1 / n Software packages JaSig CAS http://www.jasig.org/cas Django CAS client https://github.com/Goldmund-Wyldebeast-Wunderliebe/django-cas-consumer Plone CAS client https://github.com/collective/anz.casclient Detailed installation instructions http://bit.ly/1uuk2BS
  • 19. Standard authentication flow User requests content requiring authentication User gets the content requested Is user authenticated? Authenticate user User provides credentials (login page) Are credentials correct? Yes Yes No No
  • 20. ● Knowledge factor ("something only the user knows"): a password or a PIN. ● Possession factor ("something only the user has"): ATM card, smart card, mobile phone. ● Inherence factor ("something only the user is"): Fingerprint or voiceprint. Standard authentication factors
  • 21. Common advises on remembering many passwords ● Use complex passwords and have them saved in password managers. ● Use complex passwords, write them on paper and carry them in your wallet. Passwords aren’t enough!
  • 22. Two-factor authentication ● Knowledge factor ("something only the user knows"): a password or a PIN. ● Possession factor ("something only the user has"): ATM card, smart card, mobile phone. ● Inherence factor ("something only the user is"): Fingerprint or voiceprint.
  • 23. Standard authentication flow User requests content requiring authentication User provides credentials No Yes Is user authenticated ? Authenticate user Yes No Are credentials correct? User gets the content requested
  • 24. Two-factor authentication flow User requests content requiring authentication User provides credentials No Yes User provides second factor token Is token correct ? Yes No Second factor Is user authenticated ? Authenticate user Yes No Are credentials correct? User gets the content requested
  • 25. (Common) solutions ● SMS authentication ● Google Authenticator (mobile app) ● Hardware token generators
  • 28. Our use cases ● collective.googleauthenticator (uses Google Authenticator app) ● collective.smsauthenticator (login codes sent by SMS)
  • 34. Alternatives ● Risk-based authentication (based on behavioral biometrics, keystroke dynamics, etc.) ● Strong authentication ● Reliance authentication
  • 35. Linkodrome Plone ● collective.googleauthenticator (two-factor authentication using Google Authenticator app) https://pypi.python.org/pypi/collective.googleauthenticator ● collective.smsauthenticator (two-factor authentication using login codes sent by SMS) https://pypi.python.org/pypi/collective.smsauthenticator Django ● django-two-factor-auth (two-factor authentication using Google Authenticator or login codes sent by SMS) https://pypi.python.org/pypi/django-two-factor-auth ● django-otp (pluggable framework for adding two-factor authentication using OTP.) https://pypi.python.org/pypi/django-otp
  • 37. Thank you! Artur Barseghyan Goldmund, Wyldebeast & Wunderliebe [email protected] https://github.com/barseghyanartur