single sign on in ruby - enterprise ready!
TRANSCRIPT
![Page 1: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/1.jpg)
Single Sign OnEnterprizzzey ready!
Nikos Dimitrakopoulos | @nikosd
![Page 2: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/2.jpg)
Single Sign On (really)
● Centralized (almost) authentication● Login once - be logged-in in multiple
services● More than just "no password required"● Single Log Out● Actual "authenticator" can be an outsider
(Facebook, Twitter, or whatever...)
![Page 3: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/3.jpg)
shamelessy stolen from http://merbist.com/2012/04/04/building-and-implementing-a-single-sign-on-solution/
![Page 4: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/4.jpg)
Additional specs
● KISS (reaaaaally simple)● DRY● Modular● Extensible● Ruby!
![Page 5: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/5.jpg)
Components
● Standard● Ruby implementation for standard● An actual *abstract* server
![Page 6: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/6.jpg)
Standards
● OpenID● OAuth● CAS● Shibboleth● SAML● Custom
![Page 7: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/7.jpg)
OpenID
● Decentralization of authentication● Not about Single Sign On
![Page 8: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/8.jpg)
Standards
● OpenID● OAuth● CAS● Shibboleth● SAML● Custom
![Page 9: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/9.jpg)
OAuth
● Authorization ● NOT authentication
![Page 10: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/10.jpg)
Standards
● OpenID● OAuth● CAS● Shibboleth● SAML● Custom
![Page 11: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/11.jpg)
CAS
● Not bad...● With a lot of free implementations :
○ RubyCAS-Server○ Jasig CAS (Java)○ ...○
![Page 12: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/12.jpg)
Standards
● OpenID● OAuth● CAS● Shibboleth● SAML● Custom
![Page 13: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/13.jpg)
Shibboleth
● Actually got integrated in SAML 2.0...
![Page 14: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/14.jpg)
Standards
● OpenID● OAuth● CAS● Shibboleth● SAML 2.0● Custom
![Page 15: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/15.jpg)
SAML (2.0)
● Complex● XML based● (Unhappy face here...)
![Page 16: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/16.jpg)
SAML (2.0)
● Complex● XML based● (Unhappy face here...) But :● Really the only de-facto standard● Implemented / supported by :
○ Google○ Microsoft○ Oracle○ ...
![Page 17: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/17.jpg)
Standards
● OpenID● OAuth● CAS● Shibboleth● SAML 2.0● Custom
![Page 18: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/18.jpg)
Custom
● http://merbist.com/2012/04/04/building-and-implementing-a-single-sign-on-solution/
● http://blog.joshsoftware.com/2010/12/16/multiple-applications-with-devise-omniauth-and-single-sign-on/
No thanks...
![Page 19: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/19.jpg)
Standards
● OpenID● OAuth● CAS● Shibboleth● SAML 2.0● Custom
![Page 20: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/20.jpg)
CAS vs SAML 2.0
● Let's go for the interoperability....● And yes, I suck at XML
![Page 21: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/21.jpg)
Standards
● OpenID● OAuth● CAS● Shibboleth● SAML 2.0● Custom
![Page 22: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/22.jpg)
RSAML
● Wrapper library around SAML 2.0● Pure ruby● Most of the functionality required● Untouched for 2 years● Now maintained at github.com:rsaml/rsaml● Missing some functionality...
![Page 23: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/23.jpg)
Server (codename "russo")
● The actual "server" thing● WIP (unreleased code yet)
![Page 24: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/24.jpg)
Russo
● Rails 3 engine● Reeeeeaaally KISS● Actually HTTP to SAML 2.0 library● SAML 2.0 logic in RSAML● No actual auth logic inside :
○ Do it on the mounted app○ Use OmniAuth!!!
![Page 25: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/25.jpg)
Russo
● Status : Core functionality should be there during this week
● Use cases : Pretty open since most of the functionality is done on the mounted app
● Learning curve : Pretty high - understanding SAML is required
![Page 26: Single Sign On in Ruby - Enterprise Ready!](https://reader035.vdocuments.mx/reader035/viewer/2022081404/558cd1a6d8b42ac4438b46b1/html5/thumbnails/26.jpg)
Why this presentation???
Please help!!! :) ● Finish up RSAML
○ XML Signing○ Unimplemented features
● Complete Russo
○ Single Log Out○ Support for other use cases○ Documentation