Souk is no longer maintained. If you are looking for an Identity Provider, you should look at Authentic.

Souk is a free software Python framework that implements the Liberty Alliance ID-FF 1.2 protocols. It allows to build full-featured identity providers, service providers and proxies and includes sample code for all these servers (See examples below).

Screenshot of Liberty Alliance single sign-on using one of Souk.

Initially, Souk has been developped as a test environment for Lasso (See last column in Subversion Status table).

It is built on top of Lasso, libxml2 & libxslt and OpenSSL and is developed on GNU/Linux.


Souk is Free Software licensed under the GNU General Public License (with an OpenSSL exception).

Copyright © 2004, 2005 Entr'ouvert



The latest Souk release is available as a gzipped tarball: souk-0.6.0.tar.gz

This version of Souk is designed to be used with Lasso 0.6.0 or greater.


Since version 0.6.0, Souk has been ported to Windows and an installer is available from the GForge project page.


   python build
   python install


One of the Souk examples features 2 service providers, 2 different kinds of proxies and 2 identity providers.

2 service providers, 1 passive proxy, 1 dynamic proxy and 2 identity providers

To test it, add the following lines to your /etc/hosts file: idp1.lasso.lan idp2.lasso.lan proxy1.lasso.lan proxy2.lasso.lan sp1.lasso.lan sp2.lasso.lan

Enter the examples/lasso.lan directory.

Launch each server below in a different terminal:


Restart your web browser to take care of the changes in /etc/hosts. Then you can use it to connect to the following URLs:

  • https://sp1.lasso.lan:2006
  • https://sp2.lasso.lan:2008
  • https://proxy1.lasso.lan:2014
  • https://proxy2.lasso.lan:2016
  • https://idp1.lasso.lan:1998
  • https://idp2.lasso.lan:2000

At startup, there exists 4 accounts on each service and identity provider. Their login begins with "alice", "bob", "charlie" & "david" and are suffixed using "-sp1", "-sp2", "-idp1" & "-idp2". For example the login for Bob on service provider 2 is "bob-sp2".


Initially there is no identity federation between accounts. So the first time you attempt to single sign-on, don't forget to set "Name ID Policy" to "Federated", otherwise the authentication will fail.


Each server stores everything in RAM. It doesn't remember anything once it is stopped; even identity federations are lost.

Mailing-Lists, Bugs Reports...

Everything is on our GForge site: