FreeIPA Open source identity and access management software

FreeIPA Free SSO Solution

Linux/UNIX Based Identity And Authentication Solution

FreeIPA offers centralized authentication and authorization for networked environments. It comes with CLI, RPC access, and a Web user interface to manage users.

FreeIPA is a free open source authentication and authorization solution for Linux/UNIX based networked systems. It consists of some powerful components such as Directory Server, Kerberos, PKI, DNS, Certmonger, NTP Server, Web UI, Trusts, and Client. Further, this open source software provides single sign-on capabilities for servers and applications in the network. It is highly configurable with other software such as Microsoft Active Directory. Additionally, it offers automation of installation and ease of management tasks.

This free SSO software comes up with multiple user interfaces such as Web UI, CLI, and JSONRPC API. Moreover, the FreeIPA Directory Service is based on LDAP and it acts as a backend for authorization and authentication. Above all, the integrated PKI signs and publishes certificates for FreeIPA hosts and services. After that, administrators can manage and serve DNS records using DNS integration.

FreeIPA is mainly written in Python with the input of other languages such as JavaScript and C with documentation regarding deployment and development.

System Requirements

Requirements to set up FreeIPA include:

  • Linux/UNIX
  • Git

Features

FreeIPA offers the following key features:

  • Open Source
  • Scalable
  • Authentication / Authorization
  • LDAP Support
  • Secure
  • Developer-Friendly
  • Multiple UIs
  • SSO
  • Identity Provider
  • Configurable

Installation

First, run the following command to clone the source code:

git clone https://pagure.io/freeipa.git

Next, install the packages on your system by running the following commands:

cd freeipa
cp freeipa.spec.in freeipa-builddep.spec 
sudo yum-builddep freeipa-builddep.spec

After that, run the following command:

sudo dnf copr enable @freeipa/freeipa-master

Once all the dependencies are installed, run the following command to make build:

./makerpms.sh
sudo yum localinstall dist/rpms/*.rpm

In addition, if you have IPA installed on your development system you can do some limited in-tree development of management plugins. To do this:

Server setup:

  • As root user, install IPA using ipa-server-install
  • Create ~/.ipa/alias/.pwd and enter the admin password
  • Run kinit admin
  • To run the server, execute python lite-server.py

Client setup:

Finally, FreeIPA will detect that it is running in-tree and will use the port and XML-RPC location that lite-server.py is listening only to. However, if you make changes to the server-side of a plugin you’ll need to restart lite-server.py.

Explore

You may find the following links relevant: