Archive for August, 2009

pound, a little example that redirect / to /opensso for a given virtual host

August 9th, 2009 No comments

It’s the first time I’m using pound (a http reverse proxy), and I was a little disappointed about its configuration. My use case is very simple, for a given virtual host ( in my case) I want to redirect from / to /opensso. Since pound seems not very well documented, here my configuration to achieve that:

   Port  80
      HeadRequire "Host:"
      URL "^/$"
      Redirect ""
      HeadRequire "Host:"
         Port 8080

Categories: Sysadmin Tags:

OpenSSO, OpenID and Yubikey, the perfect personal SSO: cheap, and secure

August 3rd, 2009 1 comment

As a new owner of an yubikey, I was looking the best way to integrate it with the web application I already use. While there is already an available OpenID provider which support Yubikey authentication, I prefer to manage my own system, using OpenSSO for sure ūüôā
First, let me introduce the yubikey. This USB key act as an OTP (One Time Password) device, each time you press the button, the key compute a new password. This pasword must be verify, in the case of Yubikey, this is done by query a Webservices on a yubico (the company) server. Yubikey offers a lot of advantages than others classical OTP devices, including:

  • The yubikey is see as an USB keyboard (class HID), no driver required!
  • No battery, more longlife than anothers devices
  • Very cheap, around 20 euros (ordered by 10, from France), transport and taxes included

So, why choose OpenSSO? For few years know, OpenSSO provides an extension to act as an OpenID provider, and an authentication class is available for the Yubikey.

OpenSSO OpenID Yubikey


Categories: IAM, Security, Sysadmin Tags: , ,