Identity Provider per la gestione del SingleSignOn
Published by UNIVERSITA' DELLA CALABRIA
Technical contact Giuseppe De Marco
Vitality is an index calculated following the four main categories of the document:
- Code activity: the daily number of commits and merges;
- Release history: the daily number of releases;
- User community: the number of unique authors;
- Longevity: the age of the project. The ranges of every measure can be found in the vitality-ranges.yml file in https://github.com/italia/developers-italia-backend
Development status: stable
Full Internazionalization support (i18n);
Interactive Metadata Store definitions through the Admin Backend UI;
Interactive ServiceProvider Federation through the Admin Backend UI;
Customizable Template and style based on AGID guidelines;
MetadataStore and SP validations on save, to prevent faulty configurations in production;
Optional and quite granular Agreement Screen;
Many configurable options, for every SP we can decide:
signature and digest algorithms;
attributes release policies;
attribute rewrite and creation, fully configurable AttributeProcessors per SP;
every aspect of attribute release can be customized from schratch;
selectable hashing algorithm for Computed NameID;
agreement screen message, availability, data consent form.
Configurable log rotation through uwsgi;
Importable StoredPersistentID for each user, for migrations from other IDP;
An LDAP web manager with a configurable app (`ldap_peoples`);
Multifactor support, as available in djangosaml2idp;
Detailed but not huge logs.
Last release 2019-02-05 (1.0-rc)
Type of maintenance internal
List of dependencies
uniAuth would let simple users to do an applicative administration of the platform, create new metadata store and federate new Service Provider, without handle high sysadmin tasks.
uniAuth, as a SAML2 IDP, is based on pysaml2 and it supports:
- HTTP-REDIRECT and POST bindings; - AuthnRequest with or without ForceAuthn; - SLO, SAML Single Logout; - Encrypted assertions, customizable sign/digest algorithms and, in general, it presents a good posture in terms of security regarding SAML standards. - uniAuth do not support AllowCreate NameIDPolicy, this behaviour is completely demanded to uniAuth AttributeProcessors.