...
- Ability to manage users and groups
- Login, forgot password, password reset
- Signup and approval workflow
- Oauth support
- Optional: Shibboleth support
SSO Implementations
| Service | License | Platform | Notes |
|---|---|---|---|
| Central Authentication Service | Apache 2.0 | Java | |
| Gluu | Java, in theory | Installed on Centos7 | |
| IdentityServer | Apache | Microsoft | |
| Shibboleth | |||
| WSO2 |
Central Authentication Service
- SSO only (no user management)
- No oauth support
Gluu
- So far, haven't been able to get it running
Shibboleth
- SSO only (no user management)
- Requires LDAP or other system
WSO2
WSO2 seems to be the most viable solution for hosting our own IdP. This assumes that we cannot simply rely on external solutions, such as Github.
- Ability to manage users and groups: supported
- Sign-up: supported, requires customization (look and feel)
- Login: supported, requires customization (look and feel)
- Forgot/reset password: requires custom UI development (API available)
- Account approval: requires custom workflow
- Oauth: supported
Other options
Sign up with Github
Simply allow the user to sign up with their Oauth account. This still requires an account approval workflow, but without the need to host our own IdP.
Steps:
- Sign-up with Github
- User is prompted to authorize beta.ndslabs.org
- Once authorized, an account is created but in an unapproved state.
- An email is sent to ndslabs support for authorization
- We authorize/deny the user