FreeIPA Free SSO Solution
Linux/UNIX Based Identity And Authentication Solution
FreeIPA offers centralized authentication and authorization for networked environments. It comes with CLI, RPC access, and a Web user interface to manage users.
FreeIPA is a free open source authentication and authorization solution for Linux/UNIX based networked systems. It consists of some powerful components such as Directory Server, Kerberos, PKI, DNS, Certmonger, NTP Server, Web UI, Trusts, and Client. Further, this open source software provides single sign-on capabilities for servers and applications in the network. It is highly configurable with other software such as Microsoft Active Directory. Additionally, it offers automation of installation and ease of management tasks.
This free SSO software comes up with multiple user interfaces such as Web UI, CLI, and JSONRPC API. Moreover, the FreeIPA Directory Service is based on LDAP and it acts as a backend for authorization and authentication. Above all, the integrated PKI signs and publishes certificates for FreeIPA hosts and services. After that, administrators can manage and serve DNS records using DNS integration.
FreeIPA offers the following key features:
- Open Source
- Authentication / Authorization
- LDAP Support
- Multiple UIs
- Identity Provider
First, run the following command to clone the source code:
git clone https://pagure.io/freeipa.git
Next, install the packages on your system by running the following commands:
cd freeipa cp freeipa.spec.in freeipa-builddep.spec sudo yum-builddep freeipa-builddep.spec
After that, run the following command:
sudo dnf copr enable @freeipa/freeipa-master
Once all the dependencies are installed, run the following command to make build:
./makerpms.sh sudo yum localinstall dist/rpms/*.rpm
In addition, if you have IPA installed on your development system you can do some limited in-tree development of management plugins. To do this:
- As root user, install IPA using ipa-server-install
- Create ~/.ipa/alias/.pwd and enter the admin password
- Run kinit admin
- To run the server, execute python lite-server.py
- Copy /etc/ipa/default.conf into ~/.ipa/default.conf
- Replace xmlrpc_uri with http://127.0.0.1:8888/ipa/xml
- To run the CLI, execute ./ipa
Finally, FreeIPA will detect that it is running in-tree and will use the port and XML-RPC location that lite-server.py is listening only to. However, if you make changes to the server-side of a plugin you’ll need to restart lite-server.py.
You may find the following links relevant: