GithubHelp home page GithubHelp logo

isabella232 / sso Goto Github PK

View Code? Open in Web Editor NEW

This project forked from kathmi/sso

0.0 0.0 0.0 3.98 MB

sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services

License: MIT License

Dockerfile 0.16% Go 99.07% Shell 0.21% CSS 0.42% Makefile 0.13%

sso's Introduction

sso

See our launch blog post for more information!

CircleCI MIT license Docker Automated build codecov.io

Please take the SSO Community Survey to let us know how we're doing, and to help us plan our roadmap!

sso — lovingly known as the S.S. Octopus or octoboi — is the authentication and authorization system BuzzFeed developed to provide a secure, single sign-on experience for access to the many internal web apps used by our employees.

It depends on Google as its authoritative OAuth2 provider, and authenticates users against a specific email domain. Further authorization based on Google Group membership can be required on a per-upstream basis.

The main idea behind sso is a "double OAuth2" flow, where sso-auth is the OAuth2 provider for sso-proxy and Google is the OAuth2 provider for sso-auth.

sso is built on top of Bitly’s open source oauth2_proxy

In a nutshell:

  • If a user visits an sso-proxy-protected service (foo.sso.example.com) and does not have a session cookie, they are redirected to sso-auth (sso-auth.example.com).
    • If the user does not have a session cookie for sso-auth, they are prompted to log in via the usual Google OAuth2 flow, and then redirected back to sso-proxy where they will now be logged in (to foo.sso.example.com)
    • If the user does have a session cookie for sso-auth (e.g. they have already logged into bar.sso.example.com), they are transparently redirected back to proxy where they will be logged in, without needing to go through the Google OAuth2 flow
  • sso-proxy transparently re-validates & refreshes the user's session with sso-auth

Installation

Quickstart

Follow our Quickstart guide to spin up a local deployment of sso to get a feel for how it works!

Code of Conduct

Help us keep sso open and inclusive. Please read and follow our Code of Conduct.

Contributing

Contributions to sso are welcome! Please follow our contribution guideline.

Issues

Please file any issues you find in our issue tracker.

Security Vulns

If you come across any security vulnerabilities with the sso repo or software, please email [email protected]. In your email, please request access to our bug bounty program so we can compensate you for any valid issues reported.

Maintainers

sso is actively maintained by the BuzzFeed Infrastructure teams.

Notable forks

  • pomerium an identity-access proxy, inspired by BeyondCorp.

sso's People

Contributors

jusshersmith avatar jphines avatar danbf avatar loganmeetsworld avatar katzdm avatar mreiferson avatar mccutchen avatar sporkmonger avatar thoward-godaddy avatar cameronattard avatar cotarg avatar snebel29 avatar tahoward avatar mcfearsome avatar quovobill avatar ready4god2513 avatar gordcorp avatar colemujadzic avatar kjetijor avatar notnmeyer avatar niksrc avatar while1eq1 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.