Free sso software for linux

Lemonldap::Portal::Sslsso is a Perl extension for the Lemonldap SSO system.

SYNOPSIS

use Lemonldap::Portal::Sslsso;

my $message ;
my %params =Vars;
my $stack_user=Lemonldap::Portal::Ssslsso->new(formateUser => &my_method);
my $urlc;
my $urldc;
$retour=$stack_user->process(param => %params,
server => $ReverseProxyConfig::ldap_serveur,
port => $ReverseProxyConfig::ldap_port,
DnManager => $ReverseProxyConfig::ldap_admin_dn,
passwordManager => $ReverseProxyConfig::ldap_admin_pd,
branch => $ReverseProxyConfig::ldap_branch_people,
id_certif => $ENV{SSL_CLIENT_S_DN_Email} ,
field_certif=>mail
);
if ($retour) {
$message=$retour->message;
$erreur=$retour->error;
}

See in directory examples for more details
DESCRIPTION ^
Lemonldap is a SSO system under GPL.
In SSL environment all jobs are made by mod_ssl .
In this case params user and password are useless.
Sslsso.pm manages all the cycle of authentification : The users mail is in the client certificate then the module ll retrieve the ldap Entry.
The OCSP protocol is available with the last release of mod_ssl.

step 0 : setting configuration
step 1 : manage the source of request
step 2 : manage timeout
step 3 : control the input form of user and password
step 4 : formate the userid if needing
step 5 : build the filter for the search
step 6 : build subtree for the search ldap
step 7 : make socket upon ldap server
step 8 : bind operation
step 9 : make search
step 10 : confection of %session from ldap infos
step 11 : unbind
Any step can bee overload for include your custom method.
standards errors messages :

1 => Your connection has expired; You must to be authentified once again,
3 => Wrong directory manager account or password ,
4 => not found in directory,

ACASUserFolder is a User Folder implementing the Yale CAS Single Sign On (SSO) Authentication method.
It aims are interoperability, robustness, security and end user simplicity. This project started at the Bordeaux 1 University as a proof of concept for Plone integration in a CASified esup-portal environment.
This Product was formerly known as CASUserFolder but has been renamed to avoid name conflict with another similar product.
Main features:
- Yale CAS architectures 1.0 & 2.0
- Plone Support
- GroupUserFolder support (patch for versions < 3.3)
- Support for POST and GET methods arguments
- Auto-login without adding login button to your site
- clean implementation : doesnt patch anything in the running zope instance
- management tab for testing CAS login
- default roles for CAS Users
- optional persistent users for assigning local roles
- online help
Compatibility:
- python 2.1 (see note below) / 2.2 / 2.3
- Zope : tested with 2.6.2 / 2.7.1 / 2.7.4 / 2.7.5 / 2.8.0 / 2.8.1
- Plone : tested with 2.0.5 & 2.1
- GoupUserFolder (need patch for versions < 3.3)
- CookieCrumbler
- VirtualHostMonster proof (groarrrr)
Installation:
Uncompress the tarball in your Zope Products directory. Under GNU/Linux This is something like:
/usr/lib/zope/lib/python/Products/
Next restart Zope to take the product into account.
Enhancements:
- FIX: deactivated verbose debug output

Crowd project is a web-based single sign-on (SSO) tool that simplifies application provisioning and identity management.
Main features:
- Give your users the convenience of single sign-on
- Manage any number of users, logins and passwords
- Centralise user management for applications such as JIRA, Confluence and Bamboo
- Connect to multiple LDAP servers, such as Microsoft Active Directory
- Integrate or import legacy user repositories
- Control access to select applications for every user and group
- Easily connect Crowds application framework to new web applications

Jetspeed provides a JSR-168 compliant enterprise portal.
etspeed-2 is a full implementation of the Java Portlet API. It is fully compliant with the Portlet Specification 1.0 (JSR-168). It has passed the TCK (Test Compatibility Kit) suite and is fully CERTIFIED to the Java Portlet Standard.
Notable features include security components backed by LDAP and database implementations, and some robust administration interfaces. Custom portals can be built and deployed using the Jetspeed plugin for Maven.
Developers can use the Jetspeed PSML language to assemble portlets, and the Apache Portals Bridges project to bridge portals with existing technologies including Struts, JSF, PHP, and Perl.
For GUI designers, Jetspeed comes with several built-in templates used to decorate portals and portlets.
Main features:
- Fully compliant with Java Portlet API Standard 1.0 (JSR 168)
- Passed JSR-168 TCK Compatibility Test Suite
- J2EE Security based on JAAS Standard, JAAS DB Portal Security Policy
- LDAP Support for User Authentication
- Spring-based Components and Scalable Architecture
- Configurable Pipeline Request Processor
- Auto Deployment of Portlet Applications
- Jetspeed Component Java API
- Jetspeed AJAX XML API
- Declarative Security Constraints and JAAS Database Security Policy
- Runtime Portlet API Standard Role-based Security
- Portal Content Management and Navigations: Pages, Menus, Folders, Links
- Multithreaded Aggregation Engine
- PSML Folder CMS Navigations, Menus, Links
- Jetspeed SSO (Single Sign-on)
- Rules-based Profiler for page and resource location
- Integrates with most popular databases including Derby, MySQL, MS SQL, Postgres, Oracle, DB2, Hypersonic
- Client independent capability engine (html, xhtml, wml,vml)
- Internationalization: Localized Portal Resources in 12 Languages
- Statistics Logging Engine
- Portlet Registry
- Full Text Search of Portlet Resources with Lucene
- User Registration
- Forgotten Password
- Rich Login and Password Configuration Management

Lemonldap::NG::Portal::AuthSsl is a Perl extension for building Lemonldap compatible portals based on SSL v3 mechanisms.

SYNOPSIS

use Lemonldap::NG::Portal::AuthSsl;
my $portal = new Lemonldap::NG::Portal(
domain => gendarmerie.defense.gouv.fr,
storageModule => Apache::Session::MySQL,
storageOptions => {
DataSource => dbi:mysql:database,
UserName => db_user,
Password => db_password,
TableName => sessions,
},
ldapServer => ldap.domaine.com,
cookie_secure => 1,
);
# Example of overloading: choose the LDAP variables to store
$portal->{setSessionInfo} = sub {
my ($self) = @_;
foreach $_ qw(uid cn mail appli) {
$self->{sessionInfo}->{$_} = $entry->get_value($_);
}
PE_OK;
};

if($portal->process()) {
# Write here the menu with CGI methods. This page is displayed ONLY IF
# the user was not redirected here.
print $portal->header; # DONT FORGET THIS (see CGI(3))
print "...";

# or redirect the user to the menu
print $portal->redirect( -uri => https://portal/menu);
}
else {
# Write here the html form used to authenticate with CGI methods.
# $portal->error returns the error message if athentification failed
# Warning: by defaut, input names are "user" and "password"
print $portal->header; # DONT FORGET THIS (see CGI(3))
print "...";
print < form method="POST" >;
# In your form, the following value is required for redirection
print < input type="hidden" name="url" value=".$portal->param(url)." >;
# Next, login and password
print Login : < input name="user" >< br >;
print Password : < input name="pasword" type="password" autocomplete="off" >;
print < /form >;
}
Modify your httpd.conf:
< Location /My/File >
SSLVerifyClient require
SSLOptions +ExportCertData +CompatEnvVars +StdEnvVars
< /Location >

Lemonldap is a simple Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application (they just have to read some headers for accounting).

It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space. There are two ways to build a cross domain authentication:

Cross domain authentication itself (Lemonldap::Portal::Cda (not yet implemented in Lemonldap::NG))

"Liberty Alliance" (Lemonldap::LibertyAlliance::*)

This library just overload few methods of Lemonldap::NG::Portal to use Apache SSLv3 mechanism: weve just to verify that $ENV{SSL_CLIENT_S_DN_Email} exists. So remenber to export SSL variables to CGI.

See Lemonldap::NG::Portal for usage and other methods.

Vulture is an HTTP reverse proxy. It does many security checks (authentication, rewriting, filtering) before proxying request from Internet to your web applications. With authentication enabled, vulture will open flows only to authenticated users.
VultureNG also allows to your users to use only one password to access many different applications by learning and forwarding their different accounts.
Main features:
- Authentication (SSL, LDAP/AD, SQL, Radius)
- Authentication forwarding (SSO)
- Headers modification on the fly
- Flow encryption
- Content filtering
- URL Rewriting
- Load balancing
Enhancements:
- AJAX in the administration interface (process restart).
- PKI authentication (for ACL syncro).
- ModSecurity2.
- An Oeufdure patch and a mimine patch.

Lemonldap::Portal::Cda is a Cross Domain Authentification Perl extension for Lemonldap SSO.

SYNOPSIS

use Lemonldap::Portal::Cda;
my $stack_user= Lemonldap::Portal::Cda->new(type=> master);
or my $stack_user= Lemonldap::Portal::Cda->new(type=> slave);

Lemonldap is a SSO system under GPL. Sometimes you have two or more domains (.bar.foo and .bar.foo2) The CDA :Cross Domain Authentification manages and centralize all credentials on all domains . CDA works with redirection in order to catch the credential cookie.

You may use an objet "master" domain with a "slave" domain . All authentification needed for the "slave" domain will be redirected on the "master" domain

METHODS

new (type => master|slave);

process (param => %params, bar => foo );

The process method alway return an error 8 (message = CDA requested) .

The master CDA just do a redirection with the id_session in the params of url GET . The slave CDA uses the id_session send by master for put on fly a cookie on slave domain.
see directory examples.

(url_encoded,url_decoded) : getAllRedirection

return the initial request encoded in Base64 and plaintext url

string : getSession

return the id_session or false .

string : message() ;

return the text of error

int : error() ;

return the number of error

Lemonldap::Handlers::Generic is a Perl extension for Lemonldap sso system.

Lemonldap::Handlers::Generic4a2 - Handler for Apache2 Lemonldap SSO

system

SYNOPSIS

In httpd.conf
.....
perltranshandler Lemonldap::Handlers::Generic4a2
.....

Generic4a2 is the central piece of websso framework .

This module provides several methods but the principal goal of this is the handler function .

It can be combined with mod_proxy or mod_rewrite and all other apaches modules .

It provides also an built-in http proxy with LWP . see http://lemonldap.sf.net for more infos .