开源软件名称(OpenSource Name):YunoHost/SSOwat开源软件地址(OpenSource Url):https://github.com/YunoHost/SSOwat开源编程语言(OpenSource Language):Lua 59.0%开源软件介绍(OpenSource Introduction):SSOwatA simple LDAP SSO for NGINX, written in Lua. IssuesRequirements
OR
Installation
git clone https://github.com/YunoHost/SSOwat /etc/ssowat NGINX configuration
nano /etc/nginx/conf.d/ssowat.conf lua_shared_dict cache 10m;
init_by_lua_file /etc/ssowat/init.lua;
access_by_lua_file /etc/ssowat/access.lua;
You can also put the SSOwat configuration
If you use YunoHost, you may want to edit the Available parametersOnly the portal_domainDomain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (Required). portal_pathURI of the authentication portal (default: portal_portWeb port of the authentication portal (default: portal_schemeWhether authentication should use secure connection or not (default: domainsList of handled domains (default: similar to ldap_hostLDAP server hostname (default: ldap_groupLDAP group to search in (default: ldap_identifierLDAP user identifier (default: ldap_attributesUser's attributes to fetch from LDAP (default: ldap_enforce_cryptLet SSOwat re-encrypt weakly-encrypted LDAP passwords into the safer sha-512 (crypt) (default: allow_mail_authenticationWhether users can authenticate with their mail address (default: login_argURI argument to use for cross-domain authentication (default: additional_headersArray of additionnal HTTP headers to set once user is authenticated (default: session_timeoutThe session expiracy time limit in seconds, since the last connection (default: session_max_timeoutThe session expiracy time limit in seconds (default: redirected_urlsArray of URLs and/or URIs to redirect and their redirect URI/URL (example: redirected_regexArray of regular expressions to be matched against URLs and URIs and their redirect URI/URL (example: default_languageLanguage code used by default in views (default: permissionsThe list of permissions depicted as follows: "myapp.main": {
"auth_header": true,
"label": "MyApp",
"public": true,
"show_tile": true,
"uris": [
"example.tld/myapp"
],
"users": [
"JaneDoe",
"JohnDoe"
]
},
"myapp.admin": {
"auth_header": true,
"label": "MyApp (admin)",
"public": false,
"show_tile": false,
"uris": [
"example.tld/myapp/admin"
],
"users": [
"JaneDoe"
]
},
"myapp.api": {
"auth_header": false,
"label": "MyApp (api)",
"public": true,
"show_tile": false,
"uris": [
"re:domain%.tld/%.well%-known/.*"
],
"users": []
} auth_headerDoes the SSO add an authentication header that allows certain apps to connect automatically? (True by default) labelA user-friendly name displayed in the portal and in the administration panel to manage permission. (By convention it is of the form: Name of the app (specificity of this permission)) publicCan a person who is not connected to the SSO have access to this authorization? show_tileDisplay or not the tile in the user portal. urisA list of url attatched to this permission, a regex url start with usersA list of users which is allowed to access to this permission. If |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论