Souk

Souk is no longer maintained. If you are looking for an Identity Provider, you should look at Authentic.

Souk is a free software Python framework that implements the Liberty Alliance ID-FF 1.2 protocols. It allows to build full-featured identity providers, service providers and proxies and includes sample code for all these servers (See examples below).

Screenshot of Liberty Alliance single sign-on using one of Souk.

Initially, Souk has been developped as a test environment for Lasso (See last column in Subversion Status table).

It is built on top of Lasso, libxml2 & libxslt and OpenSSL and is developed on GNU/Linux.

License

Souk is Free Software licensed under the GNU General Public License (with an OpenSSL exception).

Copyright © 2004, 2005 Entr'ouvert

Download

Source

The latest Souk release is available as a gzipped tarball: souk-0.6.0.tar.gz

This version of Souk is designed to be used with Lasso 0.6.0 or greater.

Packages

Since version 0.6.0, Souk has been ported to Windows and an installer is available from the GForge project page.

Install

   python setup.py build
   python setup.py install

Examples

One of the Souk examples features 2 service providers, 2 different kinds of proxies and 2 identity providers.

2 service providers, 1 passive proxy, 1 dynamic proxy and 2 identity providers

To test it, add the following lines to your /etc/hosts file: 

127.0.0.1 idp1.lasso.lan idp2.lasso.lan
127.0.0.1 proxy1.lasso.lan proxy2.lasso.lan
127.0.0.1 sp1.lasso.lan sp2.lasso.lan

Enter the examples/lasso.lan directory.

Launch each server below in a different terminal: 

./sp1.py
./sp2.py
./proxy1.py
./proxy2.py
./idp1.py
./idp2.py

Restart your web browser to take care of the changes in /etc/hosts. Then you can use it to connect to the following URLs:

  • https://sp1.lasso.lan:2006
  • https://sp2.lasso.lan:2008
  • https://proxy1.lasso.lan:2014
  • https://proxy2.lasso.lan:2016
  • https://idp1.lasso.lan:1998
  • https://idp2.lasso.lan:2000

At startup, there exists 4 accounts on each service and identity provider. Their login begins with "alice", "bob", "charlie" & "david" and are suffixed using "-sp1", "-sp2", "-idp1" & "-idp2". For example the login for Bob on service provider 2 is "bob-sp2".

Warning

Initially there is no identity federation between accounts. So the first time you attempt to single sign-on, don't forget to set "Name ID Policy" to "Federated", otherwise the authentication will fail.

Warning

Each server stores everything in RAM. It doesn't remember anything once it is stopped; even identity federations are lost.

Mailing-Lists, Bugs Reports...

Everything is on our GForge site: http://labs.libre-entreprise.org/projects/souk/.