SlideShare a Scribd company logo

Extending drupal authentication

Download as PPTX, PDF
Charles Russell
Charles Russell

Slides from Sacramento Drupal camp presentation

Technology
1 of 23
Charles Russell CTSC UC Davis Medical Center Bennubird Media SacProNet
http://web-cms.findthebest.com/compare/2-42/Drupal-vs-Liferay-Portal
• Multi Layered Security System • Account/Role based • SQL table based and internal into the system • OpenID (optional) Great for a stand alone site, but what if • You have to integrate with legacy systems • You have to tie this site to other service providers not using Drupal. • You have to coordinate with other organizations
• Directory Based • May be some type of SQL based system • LDAP (Lightweight Directory Access Protocol) • Central Single Sign On • Kerberose • CAS (Central Access System) • Federated System • OpenID • SAML (Security Assertion Markup Language) • XACML ( eXtensible Access Control Markup Language) • Shibboleth • Oauth
• Identity Providers (IP) • Verify and provide credentials • Service Providers (SP) • Provide the requested services if user authenticates In a Drupal only site Drupal is both IP and SP
• Drupal requires accounts • Drupal needs three pieces of information to establish an account. • User name • Password • Email • Direct Login is possible and plans should be made to handle the case that the IP no longer certifies the user.
There are many SQL implementations are custom so look up is going resist generic a generic solution LDAP is a standard and fortunately is the most common implementation of directory. A good argument could be made that Drupal’s native authentication is of this type
Directory System Agent is contacted by a client which sends a response back to the client. • Requests and Responses are sent in plain text • Every entry has a unique Identifier DN and a set of attributes.
http://drupal.org/project/ldap Drupal 6 use LDAP Integration Module not LDAP Module
Allows users throughout an organization use a single password to access all of the resources of that organization. • Passwords are not shared with the application • Communication between client and server are encrypted and prevents eves dropping and replay attacks • Kerberos and CAS Protocols are the most common implementation.
Developed at MIT as part of Project Athena which was a project a campus wide computing environment
http://drupal.org/project/kerberos_authentication
Developed at Yale University. Currently maintained by Java Architectures Special Interest Group.
http://drupal.org/project/cas
Allows access to users of the system outside of their local environment, sending identity information to the application or site that has already been verified by the IP Allows you to send users to external resources and allows external resources to in a secure way to use your site.. There is a long list of federated protocols some of the more popular open source solutions are OpenID, OAuth, SAML, and Shibboleth.
• Developed in 2005 Originally Called YADIS • Comes with Drupal Out of the box • Because Drupal requires user and password Open id must be assigned to Drupal user • Email still required so legitimacy can be established • Documentation at http://Drupal.org/documentation/modules/openid
• Grew out of Open ID • Commercial use very common • Allows sharing of private information with giving out credentials
http://drupal.org/project/oauth
• Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. • Very common in education and government • Shibboleth home page http://shibboleth.net
http://drupal.org/project/shib_auth
Organization for the Advancement of Structured Information Standards
• XML Based mark up language to assert Identity • Usually assertion sent as web service in soap wrapper <saml:Assertion Version="2.0" IssueInstant="2009-02-04T23:08:00.173Z" ID="el-hJZpkAd5XlBywvK_LxieTaC."> <saml:Issuer>IDFED_E2E_IDP_SP_APP</saml:Issuer> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#el-hJZpkAd5XlBywvK_LxieTaC."> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>A7IVn/YqCJW6ZQT9/PqFBdZzhuY=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> ………. </saml:Assertion >
Extending drupal authentication

Recommended

SPTECHCON - Rev Your Engines - SharePoint 2013 Performance Enhancements
SPTECHCON - Rev Your Engines - SharePoint 2013 Performance EnhancementsSPTECHCON - Rev Your Engines - SharePoint 2013 Performance Enhancements
SPTECHCON - Rev Your Engines - SharePoint 2013 Performance EnhancementsEric Shupps
 
Building better SQL Server Databases
Building better SQL Server DatabasesBuilding better SQL Server Databases
Building better SQL Server DatabasesColdFusionConference
 
Building a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsBuilding a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsJoonas Westlin
 
A Complete BI Solution in About an Hour!
A Complete BI Solution in About an Hour!A Complete BI Solution in About an Hour!
A Complete BI Solution in About an Hour!Aaron King
 
SPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST API
SPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST APISPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST API
SPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST APIEric Shupps
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?Liam Cleary [MVP]
 
Rev Your Engines: SharePoint Performance Best Practices
Rev Your Engines: SharePoint Performance Best PracticesRev Your Engines: SharePoint Performance Best Practices
Rev Your Engines: SharePoint Performance Best PracticesSPC Adriatics
 
ECS19 - Ingo Gegenwarth - Running Exchange in large environment
ECS19 - Ingo Gegenwarth - Running Exchange in large environmentECS19 - Ingo Gegenwarth - Running Exchange in large environment
ECS19 - Ingo Gegenwarth - Running Exchange in large environmentEuropean Collaboration Summit
 

Recommended

SPTECHCON - Rev Your Engines - SharePoint 2013 Performance Enhancements
SPTECHCON - Rev Your Engines - SharePoint 2013 Performance EnhancementsSPTECHCON - Rev Your Engines - SharePoint 2013 Performance Enhancements
SPTECHCON - Rev Your Engines - SharePoint 2013 Performance EnhancementsEric Shupps
 
Building better SQL Server Databases
Building better SQL Server DatabasesBuilding better SQL Server Databases
Building better SQL Server DatabasesColdFusionConference
 
Building a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsBuilding a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsJoonas Westlin
 
A Complete BI Solution in About an Hour!
A Complete BI Solution in About an Hour!A Complete BI Solution in About an Hour!
A Complete BI Solution in About an Hour!Aaron King
 
SPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST API
SPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST APISPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST API
SPTECHCON - Get Some REST - Taking Advantage of the SharePoint 2013 REST APIEric Shupps
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?Liam Cleary [MVP]
 
Rev Your Engines: SharePoint Performance Best Practices
Rev Your Engines: SharePoint Performance Best PracticesRev Your Engines: SharePoint Performance Best Practices
Rev Your Engines: SharePoint Performance Best PracticesSPC Adriatics
 
ECS19 - Ingo Gegenwarth - Running Exchange in large environment
ECS19 - Ingo Gegenwarth - Running Exchange in large environmentECS19 - Ingo Gegenwarth - Running Exchange in large environment
ECS19 - Ingo Gegenwarth - Running Exchange in large environmentEuropean Collaboration Summit
 
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...European Collaboration Summit
 
Talking Services with Oracle ADF and Oracle SOA Suite
Talking Services with Oracle ADF and Oracle SOA SuiteTalking Services with Oracle ADF and Oracle SOA Suite
Talking Services with Oracle ADF and Oracle SOA SuiteDataNext Solutions
 
ECS2019 - Managing Content Types in the Modern World
ECS2019 - Managing Content Types in the Modern WorldECS2019 - Managing Content Types in the Modern World
ECS2019 - Managing Content Types in the Modern WorldMarc D Anderson
 
Your first step by step tutorial for oracle SOA
Your first step by step tutorial for oracle SOAYour first step by step tutorial for oracle SOA
Your first step by step tutorial for oracle SOAhalimelnagar
 
Solving Single-Sign-On
Solving Single-Sign-OnSolving Single-Sign-On
Solving Single-Sign-OnAaron King
 
Working with Portlets in ADF and Webcenter
Working with Portlets in ADF and WebcenterWorking with Portlets in ADF and Webcenter
Working with Portlets in ADF and WebcenterDataNext Solutions
 
Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)J V
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Community and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZCommunity and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZMarkus Eisele
 
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...SPTechCon
 
Onion Architecture and the Blog
Onion Architecture and the BlogOnion Architecture and the Blog
Onion Architecture and the Blogbarryosull
 
Databases & Microsoft SQL Server
Databases & Microsoft SQL ServerDatabases & Microsoft SQL Server
Databases & Microsoft SQL ServerMahmoud Abdallah
 
AMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyAMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyJaap Poot
 
SharePoint 2013 - A Real World Help Desk App End to End
SharePoint 2013 - A Real World Help Desk App End to EndSharePoint 2013 - A Real World Help Desk App End to End
SharePoint 2013 - A Real World Help Desk App End to EndEric Shupps
 
Spca2014 keynote johnson
Spca2014 keynote johnsonSpca2014 keynote johnson
Spca2014 keynote johnsonNCCOMMS
 
Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People SPC Adriatics
 
Building Software Backend (Web API)
Building Software Backend (Web API)Building Software Backend (Web API)
Building Software Backend (Web API)Alexander Goida
 
SharePoint 2013 APIs
SharePoint 2013 APIsSharePoint 2013 APIs
SharePoint 2013 APIsJohn Calvert
 
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...European Collaboration Summit
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2
 
Drupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsDrupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsAlex S
 
How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudLDAPCon
 

More Related Content

What's hot

ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...European Collaboration Summit
 
Talking Services with Oracle ADF and Oracle SOA Suite
Talking Services with Oracle ADF and Oracle SOA SuiteTalking Services with Oracle ADF and Oracle SOA Suite
Talking Services with Oracle ADF and Oracle SOA SuiteDataNext Solutions
 
ECS2019 - Managing Content Types in the Modern World
ECS2019 - Managing Content Types in the Modern WorldECS2019 - Managing Content Types in the Modern World
ECS2019 - Managing Content Types in the Modern WorldMarc D Anderson
 
Your first step by step tutorial for oracle SOA
Your first step by step tutorial for oracle SOAYour first step by step tutorial for oracle SOA
Your first step by step tutorial for oracle SOAhalimelnagar
 
Solving Single-Sign-On
Solving Single-Sign-OnSolving Single-Sign-On
Solving Single-Sign-OnAaron King
 
Working with Portlets in ADF and Webcenter
Working with Portlets in ADF and WebcenterWorking with Portlets in ADF and Webcenter
Working with Portlets in ADF and WebcenterDataNext Solutions
 
Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)J V
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Community and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZCommunity and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZMarkus Eisele
 
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...SPTechCon
 
Onion Architecture and the Blog
Onion Architecture and the BlogOnion Architecture and the Blog
Onion Architecture and the Blogbarryosull
 
Databases & Microsoft SQL Server
Databases & Microsoft SQL ServerDatabases & Microsoft SQL Server
Databases & Microsoft SQL ServerMahmoud Abdallah
 
AMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyAMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyJaap Poot
 
SharePoint 2013 - A Real World Help Desk App End to End
SharePoint 2013 - A Real World Help Desk App End to EndSharePoint 2013 - A Real World Help Desk App End to End
SharePoint 2013 - A Real World Help Desk App End to EndEric Shupps
 
Spca2014 keynote johnson
Spca2014 keynote johnsonSpca2014 keynote johnson
Spca2014 keynote johnsonNCCOMMS
 
Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People SPC Adriatics
 
Building Software Backend (Web API)
Building Software Backend (Web API)Building Software Backend (Web API)
Building Software Backend (Web API)Alexander Goida
 
SharePoint 2013 APIs
SharePoint 2013 APIsSharePoint 2013 APIs
SharePoint 2013 APIsJohn Calvert
 
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...European Collaboration Summit
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2
 

What's hot (20)

ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
ECS19 - Thomas Vochten - ESSENTIAL DATABASE ADMINISTRATION SKILLS FOR SHAREPO...
 
Talking Services with Oracle ADF and Oracle SOA Suite
Talking Services with Oracle ADF and Oracle SOA SuiteTalking Services with Oracle ADF and Oracle SOA Suite
Talking Services with Oracle ADF and Oracle SOA Suite
 
ECS2019 - Managing Content Types in the Modern World
ECS2019 - Managing Content Types in the Modern WorldECS2019 - Managing Content Types in the Modern World
ECS2019 - Managing Content Types in the Modern World
 
Your first step by step tutorial for oracle SOA
Your first step by step tutorial for oracle SOAYour first step by step tutorial for oracle SOA
Your first step by step tutorial for oracle SOA
 
Solving Single-Sign-On
Solving Single-Sign-OnSolving Single-Sign-On
Solving Single-Sign-On
 
Working with Portlets in ADF and Webcenter
Working with Portlets in ADF and WebcenterWorking with Portlets in ADF and Webcenter
Working with Portlets in ADF and Webcenter
 
Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)Integrating Alfresco @ Scale (via event-driven micro-services)
Integrating Alfresco @ Scale (via event-driven micro-services)
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
Community and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZCommunity and Java EE @ DevConf.CZ
Community and Java EE @ DevConf.CZ
 
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
 
Onion Architecture and the Blog
Onion Architecture and the BlogOnion Architecture and the Blog
Onion Architecture and the Blog
 
Databases & Microsoft SQL Server
Databases & Microsoft SQL ServerDatabases & Microsoft SQL Server
Databases & Microsoft SQL Server
 
AMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyAMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancy
 
SharePoint 2013 - A Real World Help Desk App End to End
SharePoint 2013 - A Real World Help Desk App End to EndSharePoint 2013 - A Real World Help Desk App End to End
SharePoint 2013 - A Real World Help Desk App End to End
 
Spca2014 keynote johnson
Spca2014 keynote johnsonSpca2014 keynote johnson
Spca2014 keynote johnson
 
Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People
 
Building Software Backend (Web API)
Building Software Backend (Web API)Building Software Backend (Web API)
Building Software Backend (Web API)
 
SharePoint 2013 APIs
SharePoint 2013 APIsSharePoint 2013 APIs
SharePoint 2013 APIs
 
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
ECS19 - Laura Kokkarinen - Everything you need to know about SharePoint site ...
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure Enterprise
 

Similar to Extending drupal authentication

Drupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsDrupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsAlex S
 
How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudLDAPCon
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directoryrwgorrel
 
SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesVagif Abilov
 
Drupal security
Drupal securityDrupal security
Drupal securityJozef Toth
 
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidpasalapudi
 
Drupal security
Drupal securityDrupal security
Drupal securityTechday7
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active DirectoryJalpesh Vadgama
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Doing Drupal security right
Doing Drupal security rightDoing Drupal security right
Doing Drupal security rightGábor Hojtsy
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersTobias Koprowski
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debuggingMaarten Smeets
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentFelipe Prado
 
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by ClouderaBig Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by ClouderaCaserta
 
drupal 7 amfserver presentation: integrating flash and drupal
drupal 7 amfserver presentation: integrating flash and drupaldrupal 7 amfserver presentation: integrating flash and drupal
drupal 7 amfserver presentation: integrating flash and drupalrolf vreijdenberger
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseScott Sutherland
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and SecurityBlueinfy Solutions
 
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCloudIDSummit
 

Similar to Extending drupal authentication (20)

Drupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systemsDrupal and diversity of Single sign-on systems
Drupal and diversity of Single sign-on systems
 
How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloud
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
 
SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class Libraries
 
Drupal security
Drupal securityDrupal security
Drupal security
 
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oid
 
Drupal security
Drupal securityDrupal security
Drupal security
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Doing Drupal security right
Doing Drupal security rightDoing Drupal security right
Doing Drupal security right
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginners
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debugging
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
 
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by ClouderaBig Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
 
drupal 7 amfserver presentation: integrating flash and drupal
drupal 7 amfserver presentation: integrating flash and drupaldrupal 7 amfserver presentation: integrating flash and drupal
drupal 7 amfserver presentation: integrating flash and drupal
 
Solr Recipes
Solr RecipesSolr Recipes
Solr Recipes
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and Security
 
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding Edge
 

More from Charles Russell

JavaScript Introductin to Functions
JavaScript Introductin to FunctionsJavaScript Introductin to Functions
JavaScript Introductin to FunctionsCharles Russell
 
JavaScript Tools and Implementation
JavaScript Tools and ImplementationJavaScript Tools and Implementation
JavaScript Tools and ImplementationCharles Russell
 
JavaScript Comments and Conditionals
JavaScript Comments and ConditionalsJavaScript Comments and Conditionals
JavaScript Comments and ConditionalsCharles Russell
 

More from Charles Russell (10)

Js objects
Js objectsJs objects
Js objects
 
JavaScript Introductin to Functions
JavaScript Introductin to FunctionsJavaScript Introductin to Functions
JavaScript Introductin to Functions
 
JavaScript iteration
JavaScript iterationJavaScript iteration
JavaScript iteration
 
Open Source Software
Open Source SoftwareOpen Source Software
Open Source Software
 
JavaScript Variables
JavaScript VariablesJavaScript Variables
JavaScript Variables
 
JavaScript Tools and Implementation
JavaScript Tools and ImplementationJavaScript Tools and Implementation
JavaScript Tools and Implementation
 
JavaScript Operators
JavaScript OperatorsJavaScript Operators
JavaScript Operators
 
JavaScript Comments and Conditionals
JavaScript Comments and ConditionalsJavaScript Comments and Conditionals
JavaScript Comments and Conditionals
 
JavaScript Introduction
JavaScript IntroductionJavaScript Introduction
JavaScript Introduction
 
JavaScript Data Types
JavaScript Data TypesJavaScript Data Types
JavaScript Data Types
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Extending drupal authentication

  • 1. Charles Russell CTSC UC Davis Medical Center Bennubird Media SacProNet
  • 3. Multi Layered Security System • Account/Role based • SQL table based and internal into the system • OpenID (optional) Great for a stand alone site, but what if • You have to integrate with legacy systems • You have to tie this site to other service providers not using Drupal. • You have to coordinate with other organizations
  • 4. • Directory Based • May be some type of SQL based system • LDAP (Lightweight Directory Access Protocol) • Central Single Sign On • Kerberose • CAS (Central Access System) • Federated System • OpenID • SAML (Security Assertion Markup Language) • XACML ( eXtensible Access Control Markup Language) • Shibboleth • Oauth
  • 5. • Identity Providers (IP) • Verify and provide credentials • Service Providers (SP) • Provide the requested services if user authenticates In a Drupal only site Drupal is both IP and SP
  • 6. • Drupal requires accounts • Drupal needs three pieces of information to establish an account. • User name • Password • Email • Direct Login is possible and plans should be made to handle the case that the IP no longer certifies the user.
  • 7. There are many SQL implementations are custom so look up is going resist generic a generic solution LDAP is a standard and fortunately is the most common implementation of directory. A good argument could be made that Drupal’s native authentication is of this type
  • 8. Directory System Agent is contacted by a client which sends a response back to the client. • Requests and Responses are sent in plain text • Every entry has a unique Identifier DN and a set of attributes.
  • 9. http://drupal.org/project/ldap Drupal 6 use LDAP Integration Module not LDAP Module
  • 10. Allows users throughout an organization use a single password to access all of the resources of that organization. • Passwords are not shared with the application • Communication between client and server are encrypted and prevents eves dropping and replay attacks • Kerberos and CAS Protocols are the most common implementation.
  • 11. Developed at MIT as part of Project Athena which was a project a campus wide computing environment
  • 13. Developed at Yale University. Currently maintained by Java Architectures Special Interest Group.
  • 15. Allows access to users of the system outside of their local environment, sending identity information to the application or site that has already been verified by the IP Allows you to send users to external resources and allows external resources to in a secure way to use your site.. There is a long list of federated protocols some of the more popular open source solutions are OpenID, OAuth, SAML, and Shibboleth.
  • 16. • Developed in 2005 Originally Called YADIS • Comes with Drupal Out of the box • Because Drupal requires user and password Open id must be assigned to Drupal user • Email still required so legitimacy can be established • Documentation at http://Drupal.org/documentation/modules/openid
  • 17. • Grew out of Open ID • Commercial use very common • Allows sharing of private information with giving out credentials
  • 19. • Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. • Very common in education and government • Shibboleth home page http://shibboleth.net
  • 21. Organization for the Advancement of Structured Information Standards
  • 22. • XML Based mark up language to assert Identity • Usually assertion sent as web service in soap wrapper <saml:Assertion Version="2.0" IssueInstant="2009-02-04T23:08:00.173Z" ID="el-hJZpkAd5XlBywvK_LxieTaC."> <saml:Issuer>IDFED_E2E_IDP_SP_APP</saml:Issuer> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#el-hJZpkAd5XlBywvK_LxieTaC."> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>A7IVn/YqCJW6ZQT9/PqFBdZzhuY=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> ………. </saml:Assertion >

Editor's Notes

  1. 30/60 me
  2. As of Drupal 7 we now can use PDO and with DBTNG we are now database neutral. Bigger issue is on the right where they are discussing authentication type. And that is the subject of this d