New code source out: Authentication HMAC

post thumb
Jeci
by Lucie Lesage/ on 25 Aug 2022

New code source out: Authentication HMAC

HMAC

is an acronym for hash-based message authentication code

Find our source code on GitHub

This code has been developed thanks to the funding of the Haute-Vienne department.

It is available under the license LGPLv3, on our GitHub, in the "authentication-hmac" directory.

With this code, you can set up an authentication delegation to Alfresco.

For example, the Zimbra application connects to Alfresco "as" the user Lucy. It prevents the application – in this case Zimbra – from "storing" a user’s password in memory.

Questions regarding its usage

+—————————+—————————+ | When to use it? | When not to use it? | +—————————+—————————+ | Use it to authenticate to | This mechanism is dependent on | | Alfresco from another application | sharing a secret (key), which is | | when it is not possible to set up | held by both applications. | | a single sign-on (SSO). | Therefore, HMAC should not be | | | used by an application that | | This is used, for example, to | cannot protect this secret. | | access Alfresco documents from | | | Zimbra, when Kerberos or OAuth | For example, JavaScript | | solution cannot be used. | applications, which are loaded on | | | the user’s browser. | | | | | | Thats why, this mechanism should | | | be used if and only if the | | | two applications are on the same | | | secure network. | +—————————+—————————+

+—————————+—————————+ | What are its benefits? | What are its limitations? | +—————————+—————————+ | It is a very easy solution to | The authentication key needs to | | implement. | be very secure, and regular key | | | renewal must be planned. | +—————————+—————————+

+—————————+—————————+ | How secure is it? | When to use it? | +—————————+—————————+ | It is a secure solution, but it | It is a solution to be preferred | | carries a very high risk if the | for the integration of old | | key is compromised. It is a | software that does not yet offer | | solution to be used as a last | modern solutions, such as | | resort and in a well-controlled | Kerberos or OAuth. | | environment. | | +—————————+—————————+

What is free and open-source software? See our dedicated page on the subject at Pristy.fr.

You can participate in the development of this code: use GitHub, in the "authentication-hmac" directory if you have corrections, suggestions, questions, etc. This is the spirit of free and open-source software!