Archive

Archive for August, 2009

pound, a little example that redirect / to /opensso for a given virtual host

August 9th, 2009 No comments

It’s the first time I’m using pound (a http reverse proxy), and I was a little disappointed about its configuration. My use case is very simple, for a given virtual host (idp.asyd.net in my case) I want to redirect from / to /opensso. Since pound seems not very well documented, here my configuration to achieve that:

ListenHTTP
   Address  0.0.0.0
   Port  80
   Service
      HeadRequire "Host: idp.asyd.net"
      URL "^/$"
      Redirect "http://idp.asyd.net/opensso"
   End
   Service
      HeadRequire "Host: idp.asyd.net"
      Backend
         Address 127.0.0.1
         Port 8080
      End
   End
End

Categories: Sysadmin Tags:

OpenSSO, OpenID and Yubikey, the perfect personal SSO: cheap, and secure

August 3rd, 2009 1 comment

As a new owner of an yubikey, I was looking the best way to integrate it with the web application I already use. While there is already an available OpenID provider which support Yubikey authentication, I prefer to manage my own system, using OpenSSO for sure 🙂
Yubikey
First, let me introduce the yubikey. This USB key act as an OTP (One Time Password) device, each time you press the button, the key compute a new password. This pasword must be verify, in the case of Yubikey, this is done by query a Webservices on a yubico (the company) server. Yubikey offers a lot of advantages than others classical OTP devices, including:

  • The yubikey is see as an USB keyboard (class HID), no driver required!
  • No battery, more longlife than anothers devices
  • Very cheap, around 20 euros (ordered by 10, from France), transport and taxes included

So, why choose OpenSSO? For few years know, OpenSSO provides an extension to act as an OpenID provider, and an authentication class is available for the Yubikey.

OpenSSO OpenID Yubikey

References:

Categories: IAM, Security, Sysadmin Tags: , ,