It’s the first time I’m using pound (a http reverse proxy), and I was a little disappointed about its configuration. My use case is very simple, for a given virtual host (idp.asyd.net in my case) I want to redirect from / to /opensso. Since pound seems not very well documented, here my configuration to achieve that:
ListenHTTP
Address 0.0.0.0
Port 80
Service
HeadRequire "Host: idp.asyd.net"
URL "^/$"
Redirect "http://idp.asyd.net/opensso"
End
Service
HeadRequire "Host: idp.asyd.net"
Backend
Address 127.0.0.1
Port 8080
End
End
End
As a new owner of an yubikey, I was looking the best way to integrate it with the web application I already use. While there is already an available OpenID provider which support Yubikey authentication, I prefer to manage my own system, using OpenSSO for sure 🙂
First, let me introduce the yubikey. This USB key act as an OTP (One Time Password) device, each time you press the button, the key compute a new password. This pasword must be verify, in the case of Yubikey, this is done by query a Webservices on a yubico (the company) server. Yubikey offers a lot of advantages than others classical OTP devices, including:
The yubikey is see as an USB keyboard (class HID), no driver required!
No battery, more longlife than anothers devices
Very cheap, around 20 euros (ordered by 10, from France), transport and taxes included
So, why choose OpenSSO? For few years know, OpenSSO provides an extension to act as an OpenID provider, and an authentication class is available for the Yubikey.