{"id":13556214,"url":"https://github.com/YunoHost/SSOwat","last_synced_at":"2025-04-03T09:30:59.632Z","repository":{"id":1933192,"uuid":"13584169","full_name":"YunoHost/SSOwat","owner":"YunoHost","description":"A simple SSO for NGINX, written in Lua","archived":false,"fork":false,"pushed_at":"2024-12-06T17:21:41.000Z","size":2156,"stargazers_count":234,"open_issues_count":3,"forks_count":71,"subscribers_count":29,"default_branch":"dev","last_synced_at":"2025-03-25T10:09:20.647Z","etag":null,"topics":["authentication-portal","ldap","lua","nginx-module","sso","yunohost"],"latest_commit_sha":null,"homepage":"","language":"Lua","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/YunoHost.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2013-10-15T08:12:10.000Z","updated_at":"2025-03-17T15:30:31.000Z","dependencies_parsed_at":"2023-09-27T22:26:35.449Z","dependency_job_id":"c43513e5-899a-4d26-8bf3-8aa8653a32c2","html_url":"https://github.com/YunoHost/SSOwat","commit_stats":{"total_commits":831,"total_committers":134,"mean_commits":6.201492537313433,"dds":0.7460890493381468,"last_synced_commit":"10572e646cbdae2b41659955ecc52c45fa83d1ee"},"previous_names":[],"tags_count":117,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YunoHost%2FSSOwat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YunoHost%2FSSOwat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YunoHost%2FSSOwat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YunoHost%2FSSOwat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/YunoHost","download_url":"https://codeload.github.com/YunoHost/SSOwat/tar.gz/refs/heads/dev","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246540520,"owners_count":20793930,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication-portal","ldap","lua","nginx-module","sso","yunohost"],"created_at":"2024-08-01T12:03:42.258Z","updated_at":"2025-04-03T09:30:59.625Z","avatar_url":"https://github.com/YunoHost.png","language":"Lua","readme":"SSOwat\n======\n\nA simple LDAP SSO for NGINX, written in Lua.\n\n- [Please report issues to the YunoHost bugtracker](https://github.com/YunoHost/issues).\n\nInstallation\n------------\n\n* Fetch the repository\n\n```bash\ngit clone https://github.com/YunoHost/SSOwat /etc/ssowat\n```\n\n\nNGINX configuration\n-------------------\n\n* Add SSOwat's NGINX configuration (`http{}` scope)\n\n```bash\nnano /etc/nginx/conf.d/ssowat.conf\n```\n\n```nginx\n\nlua_shared_dict cache 10m;\ninit_by_lua_file   /etc/ssowat/init.lua;\naccess_by_lua_file /etc/ssowat/access.lua;\n\n```\n\nYou can also put the `access_by_lua_file` directive in a `server{}` scope if you want to protect only a vhost.\n\n\nSSOwat configuration\n--------------------\n\n```\nmv /etc/ssowat/conf.json.example /etc/ssowat/conf.json\nnano /etc/ssowat/conf.json\n```\n\nIf you use YunoHost, you may want to edit the `/etc/ssowat/conf.json.persistent` file, since the `/etc/ssowat/conf.json` will often be overwritten.\n\n## Available parameters\n\nOnly the `portal_domain` SSOwat configuration parameters is required, but it is recommended to know the others to fully understand what you can do with it.\n\n- `cookie_secret_file`: Where the secret used for signing and encrypting cookie is stored. It should only be readable by root.\n- `cookie_name`: The name of the cookie used for authentication. Its content is expected to be a JWT signed with the cookie secret and should contain a key `user` and `password` (which is needed for Basic HTTP Auth). Because JWT is only encoded and signed (not encrypted), the `password` is expected to be encrypted using the cookie secret.\n- `session_folder`: A path to a folder where files exists for any valid valid session id. SSOwat will check for the last modification date to confirm that the session is not expired.\n- `domain_portal_urls`: Location of the portal to use for login and browsing apps, to redirect to when access to some route is denied\n- `redirected_urls`: Array of URLs and/or URIs to redirect and their redirect URI/URL (**example**: `{ \"/\": \"example.org/subpath\" }`).\n\n### `permissions`\n\nThe list of permissions depicted as follows:\n\n```json\n\"myapp.main\": {\n    \"auth_header\": true,\n    \"label\": \"MyApp\",\n    \"public\": true,\n    \"show_tile\": true,\n    \"uris\": [\n        \"example.tld/myapp\"\n    ],\n    \"users\": [\n        \"JaneDoe\",\n        \"JohnDoe\"\n    ]\n},\n\"myapp.admin\": {\n    \"auth_header\": true,\n    \"label\": \"MyApp (admin)\",\n    \"public\": false,\n    \"show_tile\": false,\n    \"uris\": [\n        \"example.tld/myapp/admin\"\n    ],\n    \"users\": [\n        \"JaneDoe\"\n    ]\n},\n\"myapp.api\": {\n    \"auth_header\": false,\n    \"label\": \"MyApp (api)\",\n    \"public\": true,\n    \"show_tile\": false,\n    \"uris\": [\n        \"re:domain%.tld/%.well%-known/.*\"\n    ],\n    \"users\": []\n}\n```\n\n#### auth_header\n\nDoes the SSO add an authentication header that allows certain apps to connect automatically? (**True by default**)\n\n#### public\n\nCan a person who is not connected to the SSO have access to this authorization?\n\n#### uris\n\nA list of url attatched to this permission, a regex url start with `re:`.\n\n#### users\n\nA list of users which is allowed to access to this permission. If `public`.\n","funding_links":[],"categories":["Lua","lua"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FYunoHost%2FSSOwat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FYunoHost%2FSSOwat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FYunoHost%2FSSOwat/lists"}