debian: begin new version for squeeze
This commit is contained in:
parent
3d6e0b612a
commit
d1e4ef613b
|
@ -1,17 +1,8 @@
|
|||
Setting up an Authentic server
|
||||
==============================
|
||||
|
||||
On installation the package will have created an empty database, you should add
|
||||
a super user, using the following command::
|
||||
You need to create an empty database and you should add a
|
||||
super user, using the following command::
|
||||
|
||||
su authentic -p -c "python /usr/share/authentic2/manage.py createsuperuser"
|
||||
|
||||
The package doesn't ship a startup script, that would start Authentic
|
||||
automatically, that is because running an identity server on the builtin HTTP
|
||||
server (not HTTPS!) is definitely not a good idea.
|
||||
|
||||
Even though, if you want a quick look, before configuring properly a real HTTP
|
||||
server, you can use this command::
|
||||
|
||||
su authentic -p -c "python /usr/share/authentic2/manage.py runserver"
|
||||
su authentic -p -c "authentic2-ctl syncdb"
|
||||
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
WSGIScriptAlias / /usr/share/authentic2/authentic.wsgi
|
||||
Alias /media/admin/ /usr/share/pyshared/django/contrib/admin/media/
|
|
@ -1,2 +1,3 @@
|
|||
etc/authentic2
|
||||
usr/share/authentic2
|
||||
usr/share/authentic2/static
|
||||
var/lib/authentic2/media
|
||||
|
|
|
@ -0,0 +1,161 @@
|
|||
#!/bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: passerelle
|
||||
# Required-Start: $network $local_fs
|
||||
# Required-Stop:
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Passerelle provides an uniform access to multiple data sources and services
|
||||
# Description: Passerelle provides an uniform access to multiple data sources and services.
|
||||
### END INIT INFO
|
||||
|
||||
# Author: Jérôme Schneider <jschneider@entrouvert.com>
|
||||
|
||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin
|
||||
DESC=passerelle
|
||||
NAME=passerelle
|
||||
DAEMON=/usr/bin/gunicorn
|
||||
PIDFILE=/var/run/passerelle/$NAME.pid
|
||||
LOG_DIR=/var/log/passerelle
|
||||
SCRIPTNAME=/etc/init.d/$NAME
|
||||
|
||||
USER=authentic
|
||||
GROUP=authentic
|
||||
|
||||
DAEMON_ARGS="--pid $PIDFILE \
|
||||
--user $USER --group $GROUP \
|
||||
--daemon \
|
||||
--access-logfile $LOG_DIR/gunicorn-access.log \
|
||||
--log-file $LOG_DIR/gunicorn-error.log \
|
||||
--bind=127.0.0.1:8091 \
|
||||
--workers=10 \
|
||||
--worker-class=sync \
|
||||
--timeout=60 \
|
||||
authentic2.wsgi:application"
|
||||
|
||||
# Exit if the package is not installed
|
||||
[ -x $DAEMON ] || exit 0
|
||||
|
||||
# Read configuration variable file if it is present
|
||||
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||
|
||||
# Load the VERBOSE setting and other rcS variables
|
||||
. /lib/init/vars.sh
|
||||
|
||||
# Define LSB log_* functions.
|
||||
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
|
||||
. /lib/lsb/init-functions
|
||||
|
||||
#
|
||||
# Function that starts the daemon/service
|
||||
#
|
||||
do_start()
|
||||
{
|
||||
# Return
|
||||
# 0 if daemon has been started
|
||||
# 1 if daemon was already running
|
||||
# 2 if daemon could not be started
|
||||
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|
||||
|| return 1
|
||||
start-stop-daemon --start --quiet --exec $DAEMON -- \
|
||||
$DAEMON_ARGS \
|
||||
|| return 2
|
||||
}
|
||||
|
||||
#
|
||||
# Function that stops the daemon/service
|
||||
#
|
||||
do_stop()
|
||||
{
|
||||
# Return
|
||||
# 0 if daemon has been stopped
|
||||
# 1 if daemon was already stopped
|
||||
# 2 if daemon could not be stopped
|
||||
# other if a failure occurred
|
||||
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE
|
||||
RETVAL="$?"
|
||||
[ "$RETVAL" = 2 ] && return 2
|
||||
# Wait for children to finish too if this is a daemon that forks
|
||||
# and if the daemon is only ever run from this initscript.
|
||||
# If the above conditions are not satisfied then add some other code
|
||||
# that waits for the process to drop all resources that could be
|
||||
# needed by services started subsequently. A last resort is to
|
||||
# sleep for some time.
|
||||
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
|
||||
[ "$?" = 2 ] && return 2
|
||||
# Many daemons don't delete their pidfiles when they exit.
|
||||
rm -f $PIDFILE
|
||||
return "$RETVAL"
|
||||
}
|
||||
|
||||
#
|
||||
# Function that sends a SIGHUP to the daemon/service
|
||||
#
|
||||
do_reload() {
|
||||
#
|
||||
# If the daemon can reload its configuration without
|
||||
# restarting (for example, when it is sent a SIGHUP),
|
||||
# then implement that here.
|
||||
#
|
||||
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
|
||||
return 0
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
log_daemon_msg "Starting $DESC " "$NAME"
|
||||
do_start
|
||||
case "$?" in
|
||||
0|1) log_end_msg 0 ;;
|
||||
2) log_end_msg 1 ;;
|
||||
esac
|
||||
;;
|
||||
stop)
|
||||
log_daemon_msg "Stopping $DESC" "$NAME"
|
||||
do_stop
|
||||
case "$?" in
|
||||
0|1) log_end_msg 0 ;;
|
||||
2) log_end_msg 1 ;;
|
||||
esac
|
||||
;;
|
||||
status)
|
||||
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
|
||||
;;
|
||||
#reload|force-reload)
|
||||
#
|
||||
# If do_reload() is not implemented then leave this commented out
|
||||
# and leave 'force-reload' as an alias for 'restart'.
|
||||
#
|
||||
#log_daemon_msg "Reloading $DESC" "$NAME"
|
||||
#do_reload
|
||||
#log_end_msg $?
|
||||
#;;
|
||||
restart|force-reload)
|
||||
#
|
||||
# If the "reload" option is implemented then remove the
|
||||
# 'force-reload' alias
|
||||
#
|
||||
log_daemon_msg "Restarting $DESC" "$NAME"
|
||||
do_stop
|
||||
case "$?" in
|
||||
0|1)
|
||||
do_start
|
||||
case "$?" in
|
||||
0) log_end_msg 0 ;;
|
||||
1) log_end_msg 1 ;; # Old process is still running
|
||||
*) log_end_msg 1 ;; # Failed to start
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
# Failed to stop
|
||||
log_end_msg 1
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
|
||||
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
|
||||
exit 3
|
||||
;;
|
||||
esac
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
debian/local_settings.py /etc/authentic2/
|
||||
debian/apache-example /etc/authentic2/
|
|
@ -25,10 +25,17 @@ case "$1" in
|
|||
echo "..done"
|
||||
fi
|
||||
|
||||
mkdir -p /var/lib/authentic2
|
||||
chmod 755 /var/lib/authentic2
|
||||
chown $AUTHENTIC_USER:$AUTHENTIC_GROUP /var/lib/authentic2
|
||||
|
||||
/usr/bin/authentic2-ctl collectstatic --noinput --link
|
||||
/usr/bin/authentic2-ctl compilemessages
|
||||
|
||||
;;
|
||||
|
||||
reconfigure)
|
||||
/usr/bin/authentic2-ctl collectstatic --noinput --link
|
||||
/usr/bin/authentic2-ctl compilemessages
|
||||
|
||||
;;
|
||||
|
||||
abort-upgrade|abort-remove|abort-deconfigure)
|
||||
|
@ -40,14 +47,6 @@ case "$1" in
|
|||
;;
|
||||
esac
|
||||
|
||||
rm -f /var/lib/pycentral/authentic2.pkgremove
|
||||
if which pycentral >/dev/null 2>&1; then
|
||||
pycentral pkginstall authentic2
|
||||
if grep -qs '^authentic2$' /var/lib/pycentral/delayed-pkgs; then
|
||||
sed -i '/^authentic2$/d' /var/lib/pycentral/delayed-pkgs
|
||||
fi
|
||||
fi
|
||||
|
||||
case "$1" in
|
||||
configure)
|
||||
if [ -z "$2" ]; then
|
||||
|
|
|
@ -1,3 +1,11 @@
|
|||
authentic2 (2.0.2.196.g8409882-1) unstable; urgency=low
|
||||
|
||||
* debian: port to squeeze
|
||||
* debian: add an init script
|
||||
* debian: add static files
|
||||
|
||||
-- Jérôme Schneider <jschneider@entrouvert.com> Thu, 13 Jun 2013 17:14:30 +0200
|
||||
|
||||
authentic2 (1.9.0-0) unstable; urgency=low
|
||||
|
||||
* Initial packaging.
|
||||
|
|
|
@ -1,18 +1,17 @@
|
|||
Source: authentic
|
||||
Source: authentic2
|
||||
Section: python
|
||||
Priority: optional
|
||||
Maintainer: Frederic Peters <fpeters@debian.org>
|
||||
Build-Depends-Indep: python-all-dev (>= 2.3.5-11), python-central (>= 0.5.6)
|
||||
Build-Depends: debhelper (>= 7.0.50~), quilt (>= 0.40), python-setuptools
|
||||
XS-Python-Version: current, >= 2.3
|
||||
Build-Depends-Indep: python-all-dev (>= 2.5)
|
||||
Build-Depends: debhelper (>= 8.0), python-setuptools, git
|
||||
Standards-Version: 3.8.3
|
||||
Homepage: http://authentic.labs.libre-entreprise.org
|
||||
X-Python-Version: >= 2.6
|
||||
|
||||
Package: authentic
|
||||
Package: authentic2
|
||||
Architecture: all
|
||||
Pre-Depends: python-django
|
||||
Depends: ${misc:Depends}, ${python:Depends}, python-django-registration
|
||||
XB-Python-Version: ${python:Versions}
|
||||
Description: Versatile identity server
|
||||
Authentic is a versatile identity provider aiming to address a broad
|
||||
range of needs, from simple to complex setups; it has support for many
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
diff --git a/authentic2/settings.py b/authentic2/settings.py
|
||||
index e65f7ae..3919505 100644
|
||||
--- a/authentic2/settings.py
|
||||
+++ b/authentic2/settings.py
|
||||
@@ -19,7 +19,7 @@ MANAGERS = ADMINS
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.sqlite3',
|
||||
- 'NAME': 'authentic.db',
|
||||
+ 'NAME': '/var/lib/authentic/authentic.db',
|
||||
}
|
||||
}
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
diff --git a/authentic2/settings.py b/authentic2/settings.py
|
||||
index e65f7ae..cb8faec 100644
|
||||
--- a/authentic2/settings.py
|
||||
+++ b/authentic2/settings.py
|
||||
@@ -4,8 +4,8 @@ import os
|
||||
|
||||
gettext_noop = lambda s: s
|
||||
|
||||
-DEBUG = True
|
||||
-USE_DEBUG_TOOLBAR = True
|
||||
+DEBUG = False
|
||||
+USE_DEBUG_TOOLBAR = False
|
||||
STATIC_SERVE = True
|
||||
TEMPLATE_DEBUG = DEBUG
|
|
@ -1,2 +0,0 @@
|
|||
database_path.patch
|
||||
disable_debug.patch
|
|
@ -3,14 +3,18 @@
|
|||
d=$(CURDIR)/debian/authentic2
|
||||
|
||||
%:
|
||||
dh --with quilt --with python-central $@
|
||||
dh $@
|
||||
|
||||
override_dh_install:
|
||||
dh_install
|
||||
# FIXME: remove this overrides when we will have a clean upstream branch
|
||||
override_dh_auto_clean:
|
||||
git status
|
||||
dh_auto_clean
|
||||
|
||||
override_dh_pycentral:
|
||||
dh_pycentral
|
||||
touch $(d)/etc/authentic2/local_settings.py
|
||||
cp $(CURDIR)/debian/apache2.conf $(d)/usr/share/authentic/
|
||||
cp $(CURDIR)/debian/authentic.wsgi $(d)/usr/share/authentic/
|
||||
override_dh_auto_build:
|
||||
git status
|
||||
dh_auto_build
|
||||
|
||||
override_dh_auto_install:
|
||||
git status
|
||||
dh_auto_install
|
||||
|
||||
|
|
|
@ -1,295 +0,0 @@
|
|||
.. _README:
|
||||
|
||||
======================================
|
||||
Authentic2 - Versatile Identity Server
|
||||
======================================
|
||||
|
||||
Authentic2 is a versatile identity provider aiming to address a broad
|
||||
range of needs, from simple to complex setups; it has support for many
|
||||
protocols and can bridge between them.
|
||||
|
||||
Authentic2 is under the GNU AGPL version 3 licence.
|
||||
|
||||
It has support for SAMLv2 thanks to Lasso, a free (GNU GPL)
|
||||
implementation of the Liberty Alliance specifications.
|
||||
|
||||
Features
|
||||
========
|
||||
|
||||
Authentic can authenticate users against:
|
||||
- an LDAP directory,
|
||||
- a SAML 2.0 identity provider,
|
||||
- an OpenID identity provider,
|
||||
- with an X509 certificate.
|
||||
|
||||
Authentic can provide authentication to web applications using the following
|
||||
protocols:
|
||||
- OpenID,
|
||||
- SAML 2.0,
|
||||
- CAS 1.0 & CAS 2.0.
|
||||
|
||||
Authentic can proxy authentication between any two different protocols it
|
||||
support.
|
||||
|
||||
Installation
|
||||
============
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
You must install the following packages to use Authentic
|
||||
|
||||
- Python Lasso binding 2.3.5:
|
||||
|
||||
From sources: http://lasso.entrouvert.org/download
|
||||
Debian based distribution: apt-get install python-lasso
|
||||
|
||||
- Django 1.3:
|
||||
|
||||
From sources: http://www.djangoproject.com/download/1.3/tarball/
|
||||
|
||||
- Django-registration 0.8-alpha-1:
|
||||
|
||||
From sources: http://bitbucket.org/ubernostrum/django-registration/downloads
|
||||
Debian based distribution: apt-get install python-django-registration
|
||||
|
||||
- Django-authopenid 0.9.6:
|
||||
|
||||
From sources: http://bitbucket.org/benoitc/django-authopenid/downloads
|
||||
|
||||
- Django-south 0.7.3:
|
||||
|
||||
From sources:: http://south.aeracode.org/docs/installation.html
|
||||
|
||||
- Django-profiles 0.2:
|
||||
|
||||
From sources:: http://pypi.python.org/pypi/django-profiles
|
||||
|
||||
You install all the django libraries quickly using pip::
|
||||
|
||||
pip install django django-profiles django-registration \
|
||||
django-debug-toolbar django-authopenid south
|
||||
|
||||
or easy_install::
|
||||
|
||||
easy_install django django-profiles django-registration \
|
||||
django-debug-toolbar django-authopenid south
|
||||
|
||||
Quick Start
|
||||
-----------
|
||||
|
||||
Then launch the following commands::
|
||||
|
||||
python manage.py syncdb --migrate
|
||||
python manage.py runserver
|
||||
|
||||
You should see the following output::
|
||||
|
||||
Validating models...
|
||||
0 errors found
|
||||
|
||||
Django version 1.2, using settings 'authentic.settings'
|
||||
Development server is running at http://127.0.0.1:8000/
|
||||
Quit the server with CONTROL-C.
|
||||
|
||||
You can access the running application on http://127.0.0.1:8000/
|
||||
|
||||
|
||||
Specifying a different database
|
||||
-------------------------------
|
||||
|
||||
This is done by modifying the DATABASES dictionary in your local_settings.py file
|
||||
(create it in Authentic project directory); for example::
|
||||
|
||||
DATABASES['default'] = {
|
||||
'ENGINE': 'django.db.backends.postgresql',
|
||||
'NAME': 'authentic',
|
||||
'USER': 'admindb',
|
||||
'PASSWORD': 'foobar',
|
||||
'HOST': 'db.example.com',
|
||||
'PORT': '', # empty string means default value
|
||||
}
|
||||
|
||||
You should refer to the Django documentation on databases settings at
|
||||
http://docs.djangoproject.com/en/dev/ref/settings/#databases for all
|
||||
the details.
|
||||
|
||||
How to upgrade to a new version of authentic ?
|
||||
----------------------------------------------
|
||||
|
||||
Authentic store all its data in a relational database as specified in its
|
||||
settings.py or local_settings.py file. So in order to upgrade to a new version
|
||||
of authentic you have to update your database schema using the
|
||||
migration command — you will need to have installed the dependency django-south,
|
||||
see the beginning of this README file.::
|
||||
|
||||
python ./manage.py migrate
|
||||
|
||||
Then you will need to create new tables if there are.::
|
||||
|
||||
python ./manage.py syncdb
|
||||
|
||||
Using Authentic with an LDAP directory
|
||||
======================================
|
||||
|
||||
Authentic use the module django_auth_ldap to synchronize the Django user tables
|
||||
with an LDAP. For complex use case, we will refer you to the django_auth_ldap
|
||||
documentation, see http://packages.python.org/django-auth-ldap/.
|
||||
|
||||
How to authenticate users against an LDAP server with anonymous binding ?
|
||||
-------------------------------------------------------------------------
|
||||
|
||||
1. Install the django_auth_ldap module for Django::
|
||||
|
||||
pip install django_auth_ldap
|
||||
|
||||
|
||||
2. Configure your local_settings.py file for authenticating against LDAP.
|
||||
|
||||
The next lines must be added::
|
||||
|
||||
AUTHENTICATION_BACKENDS += ( 'django_auth_ldap.backend.LDAPBackend', )
|
||||
|
||||
import ldap
|
||||
from django_auth_ldap.config import LDAPSearch
|
||||
|
||||
# Here put the LDAP URL of your server
|
||||
AUTH_LDAP_SERVER_URI = 'ldap://ldap.example.com'
|
||||
# Let the bind DN and bind password blank for anonymous binding
|
||||
AUTH_LDAP_BIND_DN = ""
|
||||
AUTH_LDAP_BIND_PASSWORD = ""
|
||||
# Lookup user under the branch o=base and by mathcing their uid against the
|
||||
# received login name
|
||||
AUTH_LDAP_USER_SEARCH = LDAPSearch("o=base",
|
||||
ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
|
||||
|
||||
How to allow members of an LDAP group to manage Authentic ?
|
||||
-----------------------------------------------------------
|
||||
|
||||
1. First you must know the objectClass of groups in your LDAP schema, this FAQ
|
||||
will show you the configuration for two usual classes: groupOfNames and
|
||||
groupOfUniqueNames.
|
||||
|
||||
2. Find the relevant groupname. We will say it is: cn=admin,o=mycompany
|
||||
|
||||
3. Add the following lines::
|
||||
|
||||
from django_auth_ldap.config import GroupOfNamesType
|
||||
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
|
||||
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("o=mycompany",
|
||||
ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)")
|
||||
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
|
||||
"is_staff": "cn=admin,o=mycompany"
|
||||
}
|
||||
|
||||
For an objectClass of groupOfUniqueNames you would change the string
|
||||
GroupOfNamesType to GroupOfUniqueNamesType and grouOfNames to
|
||||
groupOfUniqueNames. For more complex cases see the django_auth_ldap
|
||||
documentation.
|
||||
|
||||
SAML 2.0
|
||||
========
|
||||
|
||||
How to I authenticate against Authentic2 with a SAMLv2 service provider ?
|
||||
-------------------------------------------------------------------------
|
||||
|
||||
1. Grab the SAML2 IdP metadata:
|
||||
|
||||
http[s]://your.domain.com/idp/saml2/metadata
|
||||
|
||||
2. And configure your service provider with it.
|
||||
|
||||
Go to the providers admin panel on:
|
||||
|
||||
http[s]://your.domain.com/admin/saml/libertyprovider/add/
|
||||
|
||||
There create a new provider using the service provider metadata and enable it
|
||||
as a service provider, you can customize some behaviours like the preferred
|
||||
assertion consumer or encryption for the NameID or the Assertion element.
|
||||
|
||||
CAS
|
||||
===
|
||||
|
||||
How to use Authentic2 as a CAS 1.0 or CAS 2.0 identity provider ?
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1. Activate CAS IdP support in settings.py::
|
||||
|
||||
IDP_CAS = True
|
||||
|
||||
2. Then create the database table to hold CAS service tickets::
|
||||
|
||||
python authentic2/manage.py syncdb --migrate
|
||||
|
||||
3. Also configure authentic2 to authenticate against your LDAP directory (see
|
||||
above) if your want your user attributes to be accessible from your service,
|
||||
if it is not necessary you can use the normal relational database storage
|
||||
for you users.
|
||||
|
||||
4. Finally configure your service to point to the CAS endpoint at:
|
||||
|
||||
http[s]://your.domain.com/idp/cas/
|
||||
|
||||
5. If needed configure your service to resolve authenticated user with your
|
||||
LDAP directory (if user attributes are needed for your service)
|
||||
|
||||
|
||||
PAM authentication
|
||||
==================
|
||||
|
||||
This module is copied from https://bitbucket.org/wnielson/django-pam/ by Weston
|
||||
Nielson and the pam ctype module by Chris Atlee http://atlee.ca/software/pam/.
|
||||
|
||||
Add 'authentic2.vendor.dpam.backends.PAMBackend' to your
|
||||
``settings.py``::
|
||||
|
||||
AUTHENTICATION_BACKENDS = (
|
||||
...
|
||||
'authentic2.vendor.dpam.backends.PAMBackend',
|
||||
...
|
||||
)
|
||||
|
||||
Now you can login via the system-login credentials. If the user is
|
||||
successfully authenticated but has never logged-in before, a new ``User``
|
||||
object is created. By default this new ``User`` has both ``is_staff`` and
|
||||
``is_superuser`` set to ``False``. You can change this behavior by adding
|
||||
``PAM_IS_STAFF=True`` and ``PAM_IS_SUPERUSER`` in your ``settings.py`` file.
|
||||
|
||||
The default PAM service used is ``login`` but you can change it by setting the
|
||||
``PAM_SERVICE`` variable in your ``settings.py`` file.
|
||||
|
||||
Attribute Management in Authentic2
|
||||
==================================
|
||||
|
||||
See `attribute management <attribute_management.html>`_ page.
|
||||
|
||||
Roadmap
|
||||
=======
|
||||
|
||||
- All (or nearly) settings will be configurable from the /admin panels
|
||||
- Login page will remember user choices for authentication and authenticate
|
||||
the user passively using hidden iframes
|
||||
- After a logout no passive login will be done
|
||||
- CAS IdP will allow to whitelist service URL and proxy granting ticket URLs,
|
||||
and to refuse request from unkown URLs. It will also allow to use patterns
|
||||
as URLs.
|
||||
- Extended CAS 2.0, with SAML attribute inside the CAS 2.0 validated ticket.
|
||||
- A virtual LDAP directory based on the OpenLDAP socket backend would remove
|
||||
the need for a real LDAP directory to pass user attributes to CAS relying
|
||||
parties.
|
||||
- WS-Trust token service endpoint
|
||||
- Email forwarder, so that relying parties never get the real user email.
|
||||
- Support slo in the CAS logout endpoint
|
||||
|
||||
Copyright
|
||||
---------
|
||||
|
||||
Authentic is copyrighted by Entr'ouvert and is licensed through the GNU General
|
||||
Public Licence, version 2 or later. A copy of the whole license text is
|
||||
available in the COPYING file.
|
||||
|
||||
The OpenID IdP originates in the project django_openid_provider by Roman
|
||||
Barczy¿ski, which is under the Apache 2.0 licence. This imply that you must
|
||||
distribute authentic2 under the AGPL3 licence when distributing this part of the
|
||||
project which is the only AGPL licence version compatible with the Apache 2.0
|
||||
licence.
|
Loading…
Reference in New Issue