ssoca
SSO for services that use CA-based authentication.
For when you might want...
- ssh users to authenticate against Cloud Foundry UAA,
- Google Cloud project owners to have access to an OpenVPN server, or
- a GitHub team to access a network with sshuttle
With the caveat that this repo...
- is a work in progress, and
- is open source to help facilitate demos, discussion, and reviews to continue its evolution
Summary
Supporting services like...
Supporting authentication from (and restricting by)...
- GitHub - organization, team, user
- Google - email, email domain, Cloud project+role
- HTTP Basic
Supporting certificate authority keys stored in...
- In-memory
- Local filesystem
Supported technically by...
- authentication being delegated to an external service (like Okta, UAA, GitHub, OAuth), and
- external services being configured to trust a particular certificate authority, with
ssoca
validating authentication and signing short-lived certificates.
Details
License
MIT License