-
Notifications
You must be signed in to change notification settings - Fork 10
Home
This wiki contains an overview of OpenConext Stepup. Following the documentation policy, documentation that has a close relationship to one of the components is kept in the repository of that component.
- Application Flows ...
- Design Documentation ...
- License and Copyright
- OpenConext EngineBlock Configuration
- Requests for comments (RFCs)
All the applications (aka components) that can be deployed as part of OpenConext Stepup:
- OpenConext/Stepup-SelfService - The user self-service registration application
- OpenConext/Stepup-RA - The RA administration application
- OpenConext/Stepup-Gateway - The Stepup SAML proxy
- OpenConext/Stepup-Middleware - The Middleware required for Stepup-SelfService, Stepup-RA and Stepup-Gateway.
- OpenConext/Stepup-tiqr - The Tiqr GSSP IdP
- SURFnet/oath-service-php - OATH keyserver for Tiqr
The project includes Ansible playbooks for setting up and managing a complete OpenConext Stepup production infrastructure. There are also projects for building release tarballs of the Stepup Applications and a project for creating a test or development setup using Vagrant.
- OpenConext/Stepup-Deploy - Ansible playbooks for setting up and managing a OpenConext Stepup infrastructure. This is also the focal point for information and documentation about OpenConext Stepup.
- OpenConext/Stepup-VM - Project to use Vagrant to do a local Stepup installation for testing and development
- OpenConext/Stepup-Build - Project to create the build VM used to create the tarballs for deploying the Stepup Applications
Libraries that are used by the Stepup Applications and that are maintained as part of OpenConext Stepup:
- OpenConext/Stepup-Middleware-client
- OpenConext/Stepup-Middleware-clientbundle
- OpenConext/Stepup-saml-bundle
- OpenConext/Stepup-bundle
- OpenConext/Stepup-u2f-bundle
- SURFnet/yubikey-api-client-bundle
Abandoned
The CHANGELOG in the Stepup-Deploy repo lists the changes of not only the deployment scrips, but also the changes in the Stepup Applications.
Much of the development discussions take place outside github in a pivotal tracker: https://www.pivotaltracker.com/n/projects/1163646
The Stepup project page on the openconext.org website.
SURFnet uses OpenConext (Stepup) to offer SURFconext (Strong Authentication) to its constituency. To that end it provides extensive documentation aimed at Identity Providers, Service Provides and users of the service in the SURFconext Strong Authenticaton section of the Get Conexted wiki.
The SURFconext Strong Authenticaton product page.
There is an animation introducing SURFconext Strong authentication.
The study (2012) a the root of the development of the Stepup software: https://www.surf.nl/en/knowledge-base/2012/report-step-up-authentication-as-a-service.html
TNC 2017 presentation "Step-up authentication and the art of creative SAML proxying" about the SAML concepts used in Stepup: https://tnc17.geant.org/core/presentation/44
Study on "Remote vetting" of users: https://www.surf.nl/binaries/content/assets/surf/nl/kennisbank/2018/201804_report_remote_vetting_for_surfconext_strong_authentication.pdf