uniAuth 1.2.0
web application
Identity Provider per la gestione del SingleSignOn
Pubblicato da UNIVERSITA' DELLA CALABRIA
Contatto tecnico Giuseppe De Marco
Vitalità:
67%
L’indice di vitalità, così come previsto nelle linee guida sull’acquisizione e riuso di software per la PA, è calcolato prendendo in considerazione le seguenti quattro categorie:
- Code activity: il numero di commit e merge giornalieri;
- Release history: il numero di release giornaliere;
- User community: il numero di autori unici;
- Longevity: l’età del progetto.
I range di ogni misura possono essere trovati nel file vitality-ranges.yml.
Stato di sviluppo: stabile
Funzionalità del software
HTTP-REDIRECT and POST bindings
ForceAuthn
SLO, SAML Single Logout
Signed and Encrypted assertions
AllowCreate, nameid is stored with a persistent nameid format
https://www.unical.it
Informazioni di dettaglio
uniAuth 1.2.0
web application
Ultimo rilascio 2020-01-13 (1.2.0)
Tipo di manutenzione internal
Licenza Apache-2.0
Piattaforme
linux
web
Lista dipendenze
OSS
MariaDB
Python
Django
Piattaforme abilitanti Nessuna
Conformità GDPR Misure Minime Sicurezza
Lingue supportate
Italiano
Inglese
Descrizione estesa
This Release implements a SAML2 IDP.
An OIDC Provider on top of IdentityPython will be also available in the next releases.
SAML2 Features
uniAuth, as a SAML2 IDP, is based on pysaml2. Features:
- HTTP-REDIRECT and POST bindings (signed authn request must be in HTTP-POST binding);
- ForceAuthn;
- SLO, SAML Single Logout;
- Signed and Encrypted assertions;
- AllowCreate, nameid is stored with a persistent nameid format.
Implementation specific Features
- no restart needed on new matadata store or SP creation;
- Full Internazionalization support (i18n);
- Interactive Metadata Store definitions through the Admin Backend UI;
- Interactive ServiceProvider definition through the Admin Backend UI;
- Customizable Template and style based on AGID guidelines;
- MetadataStore and SP validations on save, to prevent faulty configurations in production environment;
- Configurable digest algorithm and salt for Computed NameID;
- Many configurable options, for every SP we can decide:
- enable/disable explicitally;
- signature and digest algorithms;
- attributes release (force a set or release what requested by sp);
- attribute rewrite and creation, fully configurable AttributeProcessors per SP, every aspect of attribute release can be customized from scratch;
- agreement screen message, availability, data consent form.
- Configurable log rotation through uwsgi;
- Importable StoredPersistentID for each user, from migrations from another IDP;
- An optional LDAP web manager with a configurable app (
ldap\_peoples
) throughdjango-ldap-academia-ou-manager <https://github.com/peppelinux/django-ldap-academia-ou-manager>
__; - Multiple LDAP sources through
pyMultiLDAP <https://github.com/peppelinux/pyMultiLDAP>
__; - Multifactor support, as originally available in djangosaml2idp;
- Detailed logs.
Characteristics
uniAuth permit us to configure metadata store and federate new Service Providers directly from the Admin backend interface, via Web. See Official Documentation at readthedocs for usage specifications and advanced topics.