All Projects → YunoHost → Ssowat

YunoHost / Ssowat

Licence: agpl-3.0
A simple SSO for NGINX, written in Lua

Programming Languages

6591 projects

Projects that are alternatives of or similar to Ssowat

Nginx Sso
SSO authentication provider for the auth_request nginx module
Stars: ✭ 195 (+2.63%)
Mutual labels:  ldap, sso
OpenAM is an open access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security.
Stars: ✭ 476 (+150.53%)
Mutual labels:  ldap, sso
一账通是一款开源的统一身份认证授权管理解决方案,支持多种标准协议(LDAP, OAuth2, SAML, OpenID),细粒度权限控制,完整的WEB管理功能,钉钉、企业微信集成等
Stars: ✭ 217 (+14.21%)
Mutual labels:  ldap, sso
Docker LemonLDAP-NG Image w/S6 overlay, Zabbix Monitoring based on Debian or Alpine
Stars: ✭ 20 (-89.47%)
Mutual labels:  ldap, sso
🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
Stars: ✭ 696 (+266.32%)
Mutual labels:  ldap, sso
The Single Sign-On Multi-Factor portal for web apps
Stars: ✭ 11,094 (+5738.95%)
Mutual labels:  ldap, sso
Ldap Passwd Webui
Very simple web interface for changing password stored in LDAP or Active Directory (Samba 4 AD).
Stars: ✭ 150 (-21.05%)
Mutual labels:  ldap
multiOTP open source strong two factor authentication PHP library, OATH certified, with TOTP, HOTP, Mobile-OTP, YubiKey, SMS, QRcode provisioning, etc.
Stars: ✭ 173 (-8.95%)
Mutual labels:  ldap
Multi-tenant application development engine for cloud ready SaaS platform.
Stars: ✭ 145 (-23.68%)
Mutual labels:  sso
A maintenance fork of the original and no longer maintained djangosaml2 library.
Stars: ✭ 143 (-24.74%)
Mutual labels:  sso
Ssh Ldap Pubkey
Utility to manage SSH public keys stored in LDAP.
Stars: ✭ 185 (-2.63%)
Mutual labels:  ldap
Mod zip
Streaming ZIP archiver for nginx 📦
Stars: ✭ 178 (-6.32%)
Mutual labels:  nginx-module
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 2,097 (+1003.68%)
Mutual labels:  ldap
Bird Java
bird-java是以Spring Boot为基础的开发增强组件包。
Stars: ✭ 154 (-18.95%)
Mutual labels:  sso
Guacamole Install Rhel 7
Apache Guacamole installation bash script for RHEL 7 and CentOS 7 including options for Nginx, HTTPS, SSL, LDAP, Let's Encrypt certificates and more
Stars: ✭ 174 (-8.42%)
Mutual labels:  ldap
Keycloak Reactjs Demo
Demo for React.js and Keycloak SSO integration.
Stars: ✭ 147 (-22.63%)
Mutual labels:  sso
Tsung is a high-performance benchmark framework for various protocols including HTTP, XMPP, LDAP, etc.
Stars: ✭ 2,185 (+1050%)
Mutual labels:  ldap
Ngx healthcheck module
nginx module for upstream servers health check. support stream and http upstream. 该模块可以为Nginx提供主动式后端服务器健康检查的功能(同时支持四层和七层后端服务器的健康检测)
Stars: ✭ 145 (-23.68%)
Mutual labels:  nginx-module
Docker Test Openldap
Docker OpenLDAP Server for testing LDAP applications
Stars: ✭ 164 (-13.68%)
Mutual labels:  ldap
Ldaprecord Laravel
Multi-domain LDAP Authentication & Management for Laravel.
Stars: ✭ 178 (-6.32%)
Mutual labels:  ldap


A simple LDAP SSO for NGINX, written in Lua.

Translation status



  • nginx-extras from Debian wheezy-backports
  • lua-json
  • lua-ldap
  • lua-filesystem
  • lua-socket
  • lua-rex-pcre



  • Fetch the repository
git clone /etc/ssowat

NGINX configuration

  • Add SSOwat's NGINX configuration (http{} scope)
nano /etc/nginx/conf.d/ssowat.conf
lua_shared_dict cache 10m;
init_by_lua_file   /etc/ssowat/init.lua;
access_by_lua_file /etc/ssowat/access.lua;

You can also put the access_by_lua_file directive in a server{} scope if you want to protect only a vhost.

SSOwat configuration

mv /etc/ssowat/conf.json.example /etc/ssowat/conf.json
nano /etc/ssowat/conf.json

If you use YunoHost, you may want to edit the /etc/ssowat/conf.json.persistent file, since the /etc/ssowat/conf.json will often be overwritten.

Available parameters

Only the portal_domain SSOwat configuration parameters is required, but it is recommended to know the others to fully understand what you can do with it.


Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (Required).


URI of the authentication portal (default: /ssowat/). This path must end with “/”.


Web port of the authentication portal (default: 443 for https, 80 for http).


Whether authentication should use secure connection or not (default: https).


List of handled domains (default: similar to portal_domain).


LDAP server hostname (default: localhost).


LDAP group to search in (default: ou=users,dc=yunohost,dc=org).


LDAP user identifier (default: uid).


User's attributes to fetch from LDAP (default: ["uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"]).


Let SSOwat re-encrypt weakly-encrypted LDAP passwords into the safer sha-512 (crypt) (default: true).


Whether users can authenticate with their mail address (default: true).


URI argument to use for cross-domain authentication (default: sso_login).


Array of additionnal HTTP headers to set once user is authenticated (default: { "Remote-User": "uid" }).


The session expiracy time limit in seconds, since the last connection (default: 86400 / one day).


The session expiracy time limit in seconds (default: 604800 / one week).


Array of URLs and/or URIs to redirect and their redirect URI/URL (example: { "/": "" }).


Array of regular expressions to be matched against URLs and URIs and their redirect URI/URL (example: { "$": "" }).


Language code used by default in views (default: en).


The list of permissions depicted as follows:

"myapp.main": {
    "auth_header": true,
    "label": "MyApp",
    "public": true,
    "show_tile": true,
    "uris": [
    "users": [
"myapp.admin": {
    "auth_header": true,
    "label": "MyApp (admin)",
    "public": false,
    "show_tile": false,
    "uris": [
    "users": [
"myapp.api": {
    "auth_header": false,
    "label": "MyApp (api)",
    "public": true,
    "show_tile": false,
    "uris": [
    "users": []


Does the SSO add an authentication header that allows certain apps to connect automatically? (True by default)


A user-friendly name displayed in the portal and in the administration panel to manage permission. (By convention it is of the form: Name of the app (specificity of this permission))


Can a person who is not connected to the SSO have access to this authorization?


Display or not the tile in the user portal.


A list of url attatched to this permission, a regex url start with re:.


A list of users which is allowed to access to this permission. If public.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].