Skip to content
/ nginx-sso Public

A simple SSO Server based on nginx proxy. It is easy to install and setup.

timelegend.net

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

elementdavv/nginx-sso

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
config
config
 
 
public
public
 
 
src
src
 
 
view
view
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 

Repository files navigation

Nginx SSO

Description

This is a simple SSO Server based on nginx proxy. It is easy to install and setup.

How does Nginx SSO work

Nginx SSO is working at domain level, It runs in the same one nginx deployment with web applications.

Nginx SSO forces visitors to login and authenticate before allowing them access to a website. Every request is checked to ensure that it is valid.

After authenticated, Nginx SSO sends the visitor's email to web applications.

API

Nginx SSO provides following end points:

  • /login

  • /logout

  • /signup

  • /forgot

  • /validate

On validating successful, the email of loggined user is set in HTTP header named HTTP_REMOTE_USER.

SSO Server Setup

  1. Clone the repository
git clone https://github.com/elementdavv/nginx-sso.git
  1. Install dependencies
cd nginx-sso && composer install

  1. Make sure nginx with php are configured correctly. All web applications on nginx are working properly as well

  2. Create user database. For mysql server, using following script:

  • vendor/delight-im/auth/Database/MySQL.sql
  1. Edit settings in src/config.php
  • If email activation is enabled, make sure php mail() works properly
  1. Edit settings in following files, MAKE SURE the settings of api_scheme/api_host/api_port/inner_port are consistent

  • config/api.conf

  • config/conf.conf

Nginx Configurations

  1. Include AT nginx's server level
  • config/api.conf
  1. Include INSIDE the server to be protected by SSO
  • config/validate.conf
  1. (Optional) Include INSIDE the server / location requiring login
  • config/auth.conf
  1. (Optional) Include INSIDE the php block of the server / location requiring login
  • config/id.conf
  1. (Optional) Refer to an config example
  • config/default

PHP Configurations

  1. (Optional) Add email setting in php.ini

    If using msmtp to send email, codes like:

sendmail_path = "/usr/bin/msmtp -C /path/to/msmtprc -t"

Web applications Setup

Web applications needs do following:

  • Obtain the email value from HTTP header named HTTP_REMOTE_USER, login the user if not logined, and register new user if needed.

  • Redirect to SSO login end point if no HTTP_REMOTE_USER HTTP header

  • Redirect logout link to SSO logout end point.

  • (Optional) Disable any original user login/register/forgot password lifecycle.

About

A simple SSO Server based on nginx proxy. It is easy to install and setup.

timelegend.net

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages