GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → YunoHost → Ssowat

YunoHost / Ssowat

Licence: agpl-3.0
A simple SSO for NGINX, written in Lua

Programming Languages

lua
6591 projects

Labels

ldapssonginx-module

Projects that are alternatives of or similar to Ssowat

Nginx Sso
SSO authentication provider for the auth_request nginx module
Stars: ✭ 195 (+2.63%)
Mutual labels:  ldap, sso
OpenAM
OpenAM is an open access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security.
Stars: ✭ 476 (+150.53%)
Mutual labels:  ldap, sso
Arkid
一账通是一款开源的统一身份认证授权管理解决方案,支持多种标准协议(LDAP, OAuth2, SAML, OpenID),细粒度权限控制,完整的WEB管理功能,钉钉、企业微信集成等
Stars: ✭ 217 (+14.21%)
Mutual labels:  ldap, sso
docker-lemonldap
Docker LemonLDAP-NG Image w/S6 overlay, Zabbix Monitoring based on Debian or Alpine
Stars: ✭ 20 (-89.47%)
Mutual labels:  ldap, sso
caddy-security
🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
Stars: ✭ 696 (+266.32%)
Mutual labels:  ldap, sso
Authelia
The Single Sign-On Multi-Factor portal for web apps
Stars: ✭ 11,094 (+5738.95%)
Mutual labels:  ldap, sso
Ldap Passwd Webui
Very simple web interface for changing password stored in LDAP or Active Directory (Samba 4 AD).
Stars: ✭ 150 (-21.05%)
Mutual labels:  ldap
Multiotp
multiOTP open source strong two factor authentication PHP library, OATH certified, with TOTP, HOTP, Mobile-OTP, YubiKey, SMS, QRcode provisioning, etc.
Stars: ✭ 173 (-8.95%)
Mutual labels:  ldap
Pi
Multi-tenant application development engine for cloud ready SaaS platform.
Stars: ✭ 145 (-23.68%)
Mutual labels:  sso
Djangosaml2
A maintenance fork of the original and no longer maintained djangosaml2 library.
Stars: ✭ 143 (-24.74%)
Mutual labels:  sso
Ssh Ldap Pubkey
Utility to manage SSH public keys stored in LDAP.
Stars: ✭ 185 (-2.63%)
Mutual labels:  ldap
Mod zip
Streaming ZIP archiver for nginx 📦
Stars: ✭ 178 (-6.32%)
Mutual labels:  nginx-module
Pac4j
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 2,097 (+1003.68%)
Mutual labels:  ldap
Bird Java
bird-java是以Spring Boot为基础的开发增强组件包。
Stars: ✭ 154 (-18.95%)
Mutual labels:  sso
Guacamole Install Rhel 7
Apache Guacamole installation bash script for RHEL 7 and CentOS 7 including options for Nginx, HTTPS, SSL, LDAP, Let's Encrypt certificates and more
Stars: ✭ 174 (-8.42%)
Mutual labels:  ldap
Keycloak Reactjs Demo
Demo for React.js and Keycloak SSO integration.
Stars: ✭ 147 (-22.63%)
Mutual labels:  sso
Tsung
Tsung is a high-performance benchmark framework for various protocols including HTTP, XMPP, LDAP, etc.
Stars: ✭ 2,185 (+1050%)
Mutual labels:  ldap
Ngx healthcheck module
nginx module for upstream servers health check. support stream and http upstream. 该模块可以为Nginx提供主动式后端服务器健康检查的功能(同时支持四层和七层后端服务器的健康检测)
Stars: ✭ 145 (-23.68%)
Mutual labels:  nginx-module
Docker Test Openldap
Docker OpenLDAP Server for testing LDAP applications
Stars: ✭ 164 (-13.68%)
Mutual labels:  ldap
Ldaprecord Laravel
Multi-domain LDAP Authentication & Management for Laravel.
Stars: ✭ 178 (-6.32%)
Mutual labels:  ldap
View All Similar Projects ➔

SSOwat

A simple LDAP SSO for NGINX, written in Lua.

Translation status

Issues

Requirements

  • nginx-extras from Debian wheezy-backports
  • lua-json
  • lua-ldap
  • lua-filesystem
  • lua-socket
  • lua-rex-pcre

OR

Installation

  • Fetch the repository
git clone https://github.com/YunoHost/SSOwat /etc/ssowat

NGINX configuration

  • Add SSOwat's NGINX configuration (http{} scope)
nano /etc/nginx/conf.d/ssowat.conf

lua_shared_dict cache 10m;
init_by_lua_file   /etc/ssowat/init.lua;
access_by_lua_file /etc/ssowat/access.lua;

You can also put the access_by_lua_file directive in a server{} scope if you want to protect only a vhost.

SSOwat configuration

mv /etc/ssowat/conf.json.example /etc/ssowat/conf.json
nano /etc/ssowat/conf.json

If you use YunoHost, you may want to edit the /etc/ssowat/conf.json.persistent file, since the /etc/ssowat/conf.json will often be overwritten.

Available parameters

Only the portal_domain SSOwat configuration parameters is required, but it is recommended to know the others to fully understand what you can do with it.

portal_domain

Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (Required).

portal_path

URI of the authentication portal (default: /ssowat/). This path must end with “/”.

portal_port

Web port of the authentication portal (default: 443 for https, 80 for http).

portal_scheme

Whether authentication should use secure connection or not (default: https).

domains

List of handled domains (default: similar to portal_domain).

ldap_host

LDAP server hostname (default: localhost).

ldap_group

LDAP group to search in (default: ou=users,dc=yunohost,dc=org).

ldap_identifier

LDAP user identifier (default: uid).

ldap_attributes

User's attributes to fetch from LDAP (default: ["uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"]).

ldap_enforce_crypt

Let SSOwat re-encrypt weakly-encrypted LDAP passwords into the safer sha-512 (crypt) (default: true).

allow_mail_authentication

Whether users can authenticate with their mail address (default: true).

login_arg

URI argument to use for cross-domain authentication (default: sso_login).

additional_headers

Array of additionnal HTTP headers to set once user is authenticated (default: { "Remote-User": "uid" }).

session_timeout

The session expiracy time limit in seconds, since the last connection (default: 86400 / one day).

session_max_timeout

The session expiracy time limit in seconds (default: 604800 / one week).

redirected_urls

Array of URLs and/or URIs to redirect and their redirect URI/URL (example: { "/": "example.org/subpath" }).

redirected_regex

Array of regular expressions to be matched against URLs and URIs and their redirect URI/URL (example: { "example.org/megusta$": "example.org/subpath" }).

default_language

Language code used by default in views (default: en).

permissions

The list of permissions depicted as follows:

"myapp.main": {
    "auth_header": true,
    "label": "MyApp",
    "public": true,
    "show_tile": true,
    "uris": [
        "example.tld/myapp"
    ],
    "users": [
        "JaneDoe",
        "JohnDoe"
    ]
},
"myapp.admin": {
    "auth_header": true,
    "label": "MyApp (admin)",
    "public": false,
    "show_tile": false,
    "uris": [
        "example.tld/myapp/admin"
    ],
    "users": [
        "JaneDoe"
    ]
},
"myapp.api": {
    "auth_header": false,
    "label": "MyApp (api)",
    "public": true,
    "show_tile": false,
    "uris": [
        "re:domain%.tld/%.well%-known/.*"
    ],
    "users": []
}

auth_header

Does the SSO add an authentication header that allows certain apps to connect automatically? (True by default)

label

A user-friendly name displayed in the portal and in the administration panel to manage permission. (By convention it is of the form: Name of the app (specificity of this permission))

public

Can a person who is not connected to the SSO have access to this authorization?

show_tile

Display or not the tile in the user portal.

uris

A list of url attatched to this permission, a regex url start with re:.

users

A list of users which is allowed to access to this permission. If public.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].