One of the smaller projects within the Development Fund of the CESNET association focused on the creation of documentation for connecting various software components to Single Sign-on. The main goal was to make it easier for administrators to integrate services and contribute to user friendliness and security.
Pavel Břoušek and Jakub Šeliga, the tandem of solvers of the project "Documentation of the integration of federated identities", created ten instructions for connecting various software components using the SAML2, OAuth2 or OIDC protocol to single sign-on (SSO) in Czech and English. They managed to test and describe the connection of ten representatives from the categories of libraries, frameworks, applications and web servers to single sign-on using one of the authentication protocols used in the academic environment.
With this documentation, identity providers will not have to study the software to find the authentication protocol features it supports and the appropriate configuration to satisfy service administrators, and can refer them to a ready-made guide. In turn, service administrators do not need to study the properties of authentication protocols supported by the identity provider and their software and search for a suitable combination of them. Both parties will therefore significantly save time, and thanks to the instructions, it is easier and faster to replace local authentication with external authentication, which has positive effects on security and user-friendliness.
The results of the project in the form of created instructions can then be viewed in the git repository at this address:: https://gitlab.ics.muni.cz/perun-proxy-aai/sp-docs