Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Authentication with Indico

Published byGertrude Turner Modified over 6 years ago

Similar presentations

Presentation on theme: "Enterprise Authentication with Indico"— Presentation transcript:

1 Enterprise Authentication with Indico
Indico Workshop 2.0 Enterprise Authentication with Indico Michał Kołodziejski Indico Developer

2 A short glossary

3 Authentication Authentication means verifying that someone is indeed who they claim to be. Fig. 1

4 Fig. 2 https://www.colourbox.com/preview/11986872-authorized.jpg
Authorization Authorization means deciding which resources a certain user should be able to access, and what they should be allowed to do with those resources. Fig. 2

5 Authentication and authorization
Fig. 3

6 Identity management To control information about users on computers. Such information includes information that authenticates the identity of a user, and information that describes information and actions they are authorized to access and/or perform Fig. 4

7 An identity provider offers user authentication as a service.
Fig. 5

8 How can we authenticate users? (Indico as an example)

9 In this case Indico is the Identity Provider
Logon Passwords Fig. 6 In this case Indico is the Identity Provider

10 Problems with passwords
Unique passwords for every account Users have to change passwords frequently Passwords can’t be easy to guess (avoiding dictionary attacks) Fig. 7

11 Flask-Multipass Flask-Multipass is an extension that provides a user authentication system for Flask which can use multiple backends (such as local users, LDAP and OAuth) simultaneously.

12 LDAP as Identity Provider
LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet.

13 OAuth in Indico OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account.

14 Authentication Providers

15 Identity Providers Configuration

16 Fig. 8 https://www. wpmayor. com/wp-content/uploads/wordpress-plugins2
Easy to extend! You can also use Github, Shibboleth and much, much more!

17

18

19 Thanks for your attention! Questions?

Download ppt "Enterprise Authentication with Indico"

Similar presentations

Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Building the Future: Millennium’s Relationship with Campus Systems and Services John Culshaw Faculty Director for Systems University of Colorado at Boulder.

Building the Future: Millennium’s Relationship with Campus Systems and Services John Culshaw Faculty Director for Systems University of Colorado at Boulder.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
First Indico Workshop Authentication Alberto Resco Pérez 29-27 May 2013 CERN.

First Indico Workshop Authentication Alberto Resco Pérez May 2013 CERN.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)

OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Similar presentations

Ads by Google