-
Notifications
You must be signed in to change notification settings - Fork 7
Home
tai edited this page May 5, 2011
·
4 revisions
mod_auth_ticket (MAT) is a module for protecting website using various SSO (single-sign-on) schemes. To each webapp being protected, MAT simulates HTTP Basic Authentication environment by converting authinfo obtained from SSO result. To each user, it still works as form-based SSO auth.
Benefits of this module are as follows:
- It works with any kind of SSO, including OpenID and OAuth.
- It can protect any web content, including static content.
- Each webapp does not need to support SSO scheme being used - this is done completely at server-level.
- First, you'll need to have lighttpd (tested with 1.4.x) source extracted somewhere.
- Next, edit Makefile and change CDEFS and CFLAGS, so it'll point to lighttpd source folder and uses same compiler option that was used to build your lighttd. Alternatively, you can also choose to build one by editing Makefile.am in lighttpd source.
- Copy mod_auth_ticket.so to lighttpd module folder.
- Place "relaying page" that works as a bridge between external SSO server. You can start from sample contents under demo/ folder for this (but will need some editing).
- Enable module by adding configuration based on demo/auth-ticket.conf
Basic functionality works, and I've been using it for more than a year now. However, it need more development for use in high-volume/high-security site due to following reasons:
- It has some memory leak as it currently do not release expired cache (due to sloppy coding as a quick hack).
- Encryption scheme used between "relay page" and MAT is not secure enough (due to design tradeoff).