Enterprise Authentication with Indico

Slides:

Advertisements

Similar presentations

Akshat Sharma Samarth Shah

Advertisements

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

MyProxy: A Multi-Purpose Grid Authentication Service

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Building the Future: Millennium’s Relationship with Campus Systems and Services John Culshaw Faculty Director for Systems University of Colorado at Boulder.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Lecture 23 Internet Authentication Applications

Active Directory: Final Solution to Enterprise System Integration

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

First Indico Workshop Authentication Alberto Resco Pérez May 2013 CERN.

Understanding Active Directory

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.

OU Passwords What they all mean. What is a password Webster’s Online Dictionary describes a password as “a sequence of characters required for access.

Session 11: Security with ASP.NET

Ajmer Singh PGT(IP) Software Concepts. Ajmer Singh PGT(IP) Operating System It is a program which acts as an interface between a user and hardware.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.

Survey of Identity Repository Security Models JSR 351, Sep 2012.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Configuring Active Directory Objects and Trusts

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Module 9: Fundamentals of Securing Network Communication.

AIMS’99 Workshop Heidelberg, May 1999 P805: Internet Roaming Giuseppe Sisto - Telecom Italia / CSELT Project participants:

Module 3 Configuring File Access and Printers on Windows ® 7 Clients.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.

Designing Secure SharePoint External Access Ondrej Sevecek | MCM: Directory | MVP: Security |

Module 11: Securing a Microsoft ASP.NET Web Application.

Operating System Security Fundamentals Dr. Gabriel.

Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.

Privilege Management Chapter 22.

Module 10: Identity and Access Services in Windows Server 2008 Active Directory.

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

Networking Network Classification, by there: 3 Security And Communications software.

Review on Active Directory. Aim Enable users to find network resources easily Central and easy administration of users and resources in a domain Improve.

Secure Mobile Development with NetIQ Access Manager

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.

The FederID project The First Identity Management and Federation Free Software.

11 | Managing User Info Jeremy Foster Michael Palermo

Application Authentication using Azure AD

Module 8: Securing Network Traffic by Using IPSec and Certificates

Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.

Introduction to Networking

Cisco Real Exam Dumps IT-Dumps

Office 365 Identity Management

Architecture Competency Group

Matthew Levy Azure AD B2B vs B2C Matthew Levy

AD FS Installation Active Directory Federation Services (AD FS) 7.1

Module 8: Securing Network Traffic by Using IPSec and Certificates

Types of Website Domains

Presentation transcript:

Enterprise Authentication with Indico Indico Workshop 2.0 Enterprise Authentication with Indico Michał Kołodziejski Indico Developer

A short glossary

Authentication Authentication means verifying that someone is indeed who they claim to be. Fig. 1 https://andrewjprokop.files.wordpress.com/2015/01/authentication.jpg

Fig. 2 https://www.colourbox.com/preview/11986872-authorized.jpg Authorization Authorization means deciding which resources a certain user should be able to access, and what they should be allowed to do with those resources. Fig. 2 https://www.colourbox.com/preview/11986872-authorized.jpg

Authentication and authorization Fig. 3 http://mistaguy.com/wp-content/uploads/2014/08/security_authentication_authorization.png

Identity management To control information about users on computers. Such information includes information that authenticates the identity of a user, and information that describes information and actions they are authorized to access and/or perform Fig. 4 https://upload.wikimedia.org/wikipedia/commons/thumb/3/38/Identity-concept.svg/450px-Identity-concept.svg.png

An identity provider offers user authentication as a service. Fig. 5 https://blog.imaginea.com/wp-content/uploads/2013/05/saml1.jpg

How can we authenticate users? (Indico as an example)

In this case Indico is the Identity Provider Logon Passwords Fig. 6 https://www.miracl.com/hs-fs/hub/230906/file-598871743-jpg/images/history-auth-2.jpg In this case Indico is the Identity Provider

Problems with passwords Unique passwords for every account Users have to change passwords frequently Passwords can’t be easy to guess (avoiding dictionary attacks) Fig. 7 https://uploads.skyhighnetworks.com/2015/07/09195038/blog-image-top-passwords-850.png

Flask-Multipass Flask-Multipass is an extension that provides a user authentication system for Flask which can use multiple backends (such as local users, LDAP and OAuth) simultaneously.

LDAP as Identity Provider LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet.

OAuth in Indico OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account.

Authentication Providers

Identity Providers Configuration

Fig. 8 https://www. wpmayor. com/wp-content/uploads/wordpress-plugins2 Easy to extend! You can also use Github, Shibboleth and much, much more!

Thanks for your attention! Questions?