External authentication and access control for Web applications
When applications get deployed in enterprise environment or in large organizations, they need to support user accounts and groups that are managed externally, in existing directory services like FreeIPA or Active Directory, or federated via protocols like SAML. While it is possible to add support for these individual use cases and protocols directly to application code or to Web frameworks or libraries, often it is better to delegate the authentication and identity operations to a front end server and do minimal modifications to the application code to be able to consume results of the external authentication, identity lookups, and access control.
In this talk we will look at the use of Apache modules that allow single-sign on with central access control and identity services. We will focus on using proven OS-level components such as SSSD for Web applications, but will also discuss setup using federation.