Dhiva@es.net & helm@es.net TAGPMA Twiki http://tagpma.es.net dhiva@es.net & helm@es.net.

Slides:



Advertisements
Similar presentations
InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team (Nanjing)
Advertisements

Implementing Tableau Server in an Enterprise Environment
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
TAGPMA Twiki &
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration.
Excel Services II: Requirements, recommendations, and permissions What you need for Excel Services As explained in the first course in the series, “Excel.
Course 201 – Administration, Content Inspection and SSL VPN
SQL SETUP FILE SELECTION
Chapter 7: Using Windows Servers to Share Information.
Copyright 2000 eMation SECURITY - Controlling Data Access with
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess AFNOG 11 Kigali, Rwanda May 2010 Dorcas Muthoni Courtesy: Hervey Allen.
TAGPMA Twiki ESnet Web hosting environment Certificate based authentication Enrollment Automation Problems&/Solutions Suggestions&/Contribution.
Module 6: Configuring User Environments Using Group Policy.
Module 7 Configure User and Computer Environments By Using Group Policy.
Web Site Access Control with Apache Fort Collins, CO Copyright © XTR Systems, LLC Web Site Access Control Using the Apache Web Server Instructor: Joseph.
Microsoft ® Office SharePoint ® Server 2007 Training Excel Services II: Requirements, recommendations, and permissions [Your company name] presents:
CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
Views Lesson 7.
Apache Web Server Quick and Dirty for AfNOG 2015 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Java server pages. A JSP file basically contains HTML, but with embedded JSP tags with snippets of Java code inside them. A JSP file basically contains.
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
Apache Web Server Quick and Dirty Kevin G. Chege for AfNOG 2013 (Originally by Joel Jaeggli for AfNOG 2007) ‏
How To Configure Thunderbird For Your Webspace Account.
IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
CMap Version 0.16 Ben Faga. CMap CMap Version 0.16 Bug fixes and code optimizations More intuitive menu system Asynchronous loading of comparative map.
ICM – API Server & Forms Gary Ratcliffe.
Security Issues With Web Based Systems. Security Issues Web Based Systems  Security can not be considered an add-on or afterthought  Security must be.
SQL SERVER 2008 Installation Guide A Step by Step Guide Prepared by Hassan Tariq.
Your current Moodle 1.9 Minimum Requirements Ability to do a TEST RUN! Upgrading Moodle to Version 2 By Ramzan Jabbar Doncaster College for the Deaf By.
Installing and Configuring Moodle. Download Download latest Windows Install package from Moodle.orgMoodle.org.
Upgrade on Windows 7. DownloadSoftware Download Software from link provided in Webliography: e/
 Hi friends now I am going to show you a next part of this article. This is the 3 rd part of the Centre Point of Magento development guide line. Pre-
Patricia App How to Get Started
WebInspect Enterprise Installation process
Managing User Desktops with Group Policy
SharePoint 101 – An Overview of SharePoint 2010, 2013 and Office 365
Chapter 7: Using Windows Servers
Core ELN Training: Office Web Apps (OWA)
Jean-Philippe Baud, IT-GD, CERN November 2007
Contents Software components All users in one location:
Portals: Background, Development & Conversion
Apache web server Quick overview.
Authentication & .htaccess
CARA 3.10 Major New Features
Data Virtualization Community Edition
Data Virtualization Tutorial… CORS and CIS
Chapter 2: System Structures
Unix System Administration
FMAnywhere: Getting Started.
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
Top 5 Issues of Mozilla Firefox Browser in Problem 1: Firefox Not Responding, Slow  Feb 2018 Firefox is not working properly. It is slow to load,
Dynamic DNS support for EGI Federated cloud
DHCP, DNS, Client Connection, Assignment 1 1.3
IIS.
Building Web Applications
Webscarab, an introduction.
Configuring Internet-related services
A Programmer’s Guide to Secure Connections
Features - Benefits Major Release January 2019
APACHE WEB SERVER.
ACCOUNT AND SITE SETUP: SETUP FOR SUCCESS!
The new EDAMIS and its security
Module 2 - Xtrata Pro Product Overview Module 2 – Product Overview
Presentation transcript:

dhiva@es.net & helm@es.net TAGPMA Twiki http://tagpma.es.net dhiva@es.net & helm@es.net

Agenda ESnet Web hosting environment Certificate based authentication Registration Automation Problems&/Solutions Suggestions&/Contribution

Virtual Web Server ESnet webmaster been doing the Twiki hosting for other internal/external services ESnet uses a particular version of Twiki & template to produce new Twikis 04 Sep 2004 $Rev: 1742 $ Wants to maintain 1 version across the Enterprise TAGPMA is one of them Same set of Security features imposed on all the TWikis ESnet Web master told that its time upgrade all the TWikis.

Architecture http://tagpma.es.net readonly mode Open for anyone Variables in use & Modified TWiki modules SSL Client Authentication “%Remote User” $WikiName, WikiUsername TWikiRegistration.txt ~/lib/TWiki.cfg ~/lib/TWiki.pm https://tagpma.es.net Edit & Add IGTF Accredited CAs Open to IGTF community Pre-Registration script, which populates the .htpasswd file for Apache %RemoteUser %Certificate

Certificate Based Authentication RCS(Revision Control System) check-in problem $SubjectDN is not the same as the $username Spaces in SubjectDN caused problem So modified ~/lib/Twiki/Store/RcsWrap.pm Side effects SubjectDN is not in compliance with WikiName format, so dead link for that SubjectDN. The original SubjectDN also not in compliance with WikiName Every page will have Main.DC=org, DC=doegrids, OU=People,CN=FirstName_LastName_98765 instead of Main.FirstnameLN There are actually 2 problems here. 1.The RCS requires the USERNAME to be without any space. fix: That was fixed by changing the RcsWrap.pm module to replace ‘space’ with’_’. 2. The subjectDN itself is not a wikname.

Certificate Based Authentication Fixes DN in reverse order Show only the CN for.eg Main.CN=FirstName_LastName_98765 Preferably WikiName instead for RCS checkin in Showing page owner or modified by …..these are still in progress. Because we have already seen a TWiki plug-in not working. For Eg. Table creation.

Registration Automation Pre-Registration and Twiki Registration certificates for Pre-Registration then Twiki registration We couldn’t extract the SubjectDN, if we simply accept the the certificate based on the trust anchors, without Pre-Registration We need to have a .htpasswd at apache level to extract the SubjectDN for Twiki Registration Initially we had a separate web server just to do the SSL Client authentication to generate the .htpasswd file (Pre-Registration)

Registration Automation Then we were able to extract the SubjectDN and pre-fill the Twiki registration We were able to combine the Pre-Registration Script with Twiki (in a single web server)

Problems&/Solutions The trust anchors created few problems Apache doesn’t throw error messages, if there is a problem with the config; it just skip the the config and continue to load the rest. What if the user wants to use a certificate, which was issued by untrusted CA?. The error message wasn’t helpful. Pre-registration and Twiki registration is not complete The SubjectDN can have special characters which causes the pre-registration to fail Still needs filter special characters at the Twiki registration Still needs to map the SubjectDN to WikiName

Problems&/Solutions Any error in apache configuration for Certificate authentication causes a pop-up window for the end user asking for userid/password. The error message are not configurable for certificate based authN. Strange behavior in using +OptRenegotiate with SSLOptions (in apache config). This flag was used to stop the certificate re-authentication pop-up with Mozilla/Firefox family browser. undesired behavior for the clients those who uses external token like aladdin’s eToken. Those users often get ‘permission denied’ error, and they have to refresh, every page they go-to. One can also fix this problem by selecting ‘Select One automatically’ option with the browser in the Certificate Options. We have also noticed the same behavior with few other users who don’t use external tokens. Twiki shows a ‘?’ and a dead link for any name which is not in compliance with defined Regular Expression for all the names (~/lib/Twiki.pm)

Suggestion&/Solutions May be we need a different technology to map the SubjectDN to WikiUserName; something like openid???

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.