Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Authentication layer for web app tools

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 mod_perl
Octocat-spinner-32 www
Octocat-spinner-32 README.markdown
README.markdown

GodAuth

A system for handling single-signon authentication across multiple web apps under apache.

Design

You create a simple signin system that take your user's authentication credentials (username, password, whatever) and compares it to your user database. It then mints a signed cookie containing the username and a list of 'roles'. A mod_perl layer then checks this cookie for every request, allowing or denying it based on a set of rules where different URL regexps require different users or roles. It then exposes the username and roles of the authenticated user to the underlying applications via environment variables and request headers.

Because it sits in the Apache layer, you can use it to control access to multiple applications - svn browsers, wikis, bug trackers, database admin tools, deploy tools, monitoring, pastebins, logs, etc.

Installation

  1. Copy all the files in the mod_perl folder to somewhere on your server that Apache can read from.
  2. Adjust values in GodAuthConfig.pm to match your setup.
  3. Modify the path in GodAuthInit.pl.
  4. Modify the config path at the bottom of GodAuth.pm.
  5. Modify the path in god_auth.conf.
  6. Symlink god_auth.conf into /etc/httpd/conf.d (or your local equivalent).

Patches to make this less path-edity are welcome. Setting an environment variable in GodAuthInit.pl is probably a good approach.

  1. Setup the login webapp.
  2. But it's not done yet...
Something went wrong with that request. Please try again.