Projects:57North ID

From 57North Hacklab
Jump to: navigation, search
57North ID
Description 57North centralised identity and SSO
People User:VShell
Theme Infrastructure
Website https://id.57north.org.uk
Status Active

57North ID combines an LDAP server with a user management portal and a CAS IdP to become a single, centralised point for user identity within 57North. All 57North services should authenticate against it, which they can do in a handful of ways:

  • CAS single sign-on, intended for web-based services
  • LDAP username/password sign-on, intended for local services such as 57North-managed desktops
  • SSH public keys, for SSH-based network services

It supports two types of accounts - member and guest. The intention is that every user signs up as a guest, and HackHub will manage promoting them to members according to 57North's membership procedures.

The CAS server is at https://id.57north.org.uk, and follows JASIG's CAS protocol version 3.0, minus proxy tokens as they are currently unimplemented. There are a variety of clients available for most languages and frameworks, or if you have an XML parser and an HTTP client library it can be implemented in about ten lines of code. The server requires an admin (currently Shell) to whitelist CAS clients by URL. It supports two endpoints - https://id.57north.org.uk for member-only services, and https://guest.id.57north.org.uk for services which all users with a 57North ID can access, such as a wiki or other public service.

The LDAP server will be accessible at ldap.57north.org.uk via TLS, as soon as I can be convinced it's secure enough. Users are under ou=users,dc=57north,dc=org,dc=uk.

The code for the CAS server and portal is hosted at https://git.57north.org.uk/shell/57n-id/, and runs on finzean, as does the LDAP server.

Enabled Services[edit]

The following services are enabled to use 57North ID for authentication: