uniAuth 1.2.0

web application

Identity Provider per la gestione del SingleSignOn

Technical detail

Vitality:

64%

i

The vitality index, as explicited in the guidelines for the acquisition and reuse of software for Italian PA, is calculated according to the following four main categories:

  • Code activity: the daily number of commits and merges;
  • Release history: the daily number of releases;
  • User community: the number of unique authors;
  • Longevity: the age of the project.

The ranges of every measure can be found in the vitality-ranges.yml file.

Development status: stable


Software functionality

HTTP-REDIRECT and POST bindings

ForceAuthn

SLO, SAML Single Logout

Signed and Encrypted assertions

AllowCreate, nameid is stored with a persistent nameid format

https://www.unical.it

INTENDED AUDIENCE
  • employment
  • detailed information

    uniAuth 1.2.0

    web application

    Last release 2020-01-13 (1.2.0)

    Type of maintenance internal

    Supported languages Italian
    English

    Extended description

    This Release implements a SAML2 IDP.

    An OIDC Provider on top of IdentityPython will be also available in the next releases.

    SAML2 Features

    uniAuth, as a SAML2 IDP, is based on pysaml2. Features:

    • HTTP-REDIRECT and POST bindings (signed authn request must be in HTTP-POST binding);
    • ForceAuthn;
    • SLO, SAML Single Logout;
    • Signed and Encrypted assertions;
    • AllowCreate, nameid is stored with a persistent nameid format.

    Implementation specific Features

    • no restart needed on new matadata store or SP creation;
    • Full Internazionalization support (i18n);
    • Interactive Metadata Store definitions through the Admin Backend UI;
    • Interactive ServiceProvider definition through the Admin Backend UI;
    • Customizable Template and style based on AGID guidelines;
    • MetadataStore and SP validations on save, to prevent faulty configurations in production environment;
    • Configurable digest algorithm and salt for Computed NameID;
    • Many configurable options, for every SP we can decide:
      • enable/disable explicitally;
      • signature and digest algorithms;
      • attributes release (force a set or release what requested by sp);
      • attribute rewrite and creation, fully configurable AttributeProcessors per SP, every aspect of attribute release can be customized from scratch;
      • agreement screen message, availability, data consent form.
    • Configurable log rotation through uwsgi;
    • Importable StoredPersistentID for each user, from migrations from another IDP;
    • An optional LDAP web manager with a configurable app (ldap\_peoples) through django-ldap-academia-ou-manager <https://github.com/peppelinux/django-ldap-academia-ou-manager>__;
    • Multiple LDAP sources through pyMultiLDAP <https://github.com/peppelinux/pyMultiLDAP>__;
    • Multifactor support, as originally available in djangosaml2idp;
    • Detailed logs.

    Characteristics

    uniAuth permit us to configure metadata store and federate new Service Providers directly from the Admin backend interface, via Web. See Official Documentation at readthedocs for usage specifications and advanced topics.

    Other software that may interest you

    back to contents