ssoca

SSO for services that use CA-based authentication.

For when you might want...

• ssh users to authenticate against Cloud Foundry UAA,
• Google Cloud project owners to have access to an OpenVPN server, or
• a GitHub team to access a network with sshuttle

With the caveat that this repo...

• is a work in progress, and
• is open source to help facilitate demos, discussion, and reviews to continue its evolution

Summary

Supporting services like...

• HTTP x.509 (rfc5280) (in theory)
• OpenSSH (rfc6187)
• OpenVPN
• sshuttle

Supporting authentication from (and restricting by)...

• GitHub - organization, team, user
• Google - email, email domain, Cloud project+role
• HTTP Basic

Supporting certificate authority keys stored in...

• In-memory
• Local filesystem

Supported technically by...

• authentication being delegated to an external service (like Okta, UAA, GitHub, OAuth), and
• external services being configured to trust a particular certificate authority, with
• ssoca validating authentication and signing short-lived certificates.

Details

• User Documentation
• Technical Documentation
• BOSH Release
• Roadmap
• ssoca (sōsə, SO-sa)

License

MIT License