Enterprise Sign On Engine
Developer(s) | Queensland University of Technology |
---|---|
Written in | Java and C++ |
Operating system | Cross-platform |
Type | Identity and access management |
License | Apache License 2.0 |
Website | http://esoeproject.qut.edu.au |
The Enterprise Sign On Engine is an open source platform for single sign on, access control and federation. It was originally built for the Queensland University of Technology and subsequently made available to all under the Apache 2.0 license.
ESOE is standards based, complying with SAML 2.0 and implementing a significant subset of XACML 2.0. The core server system is developed in Java while connectivity to services is achieved through provided SAML service provider software for Apache Tomcat/JBoss, Apache Web Servers and Microsoft IIS.
Further to this ESOE is able to act as hub for identity protocols and is able to translate tokens from Shibboleth and OpenID to its internal SAML 2.0 token type.
The design goals of ESOE are such that it should interact with any type of service and even aggregate identity data across them. Support for LDAP compliant servers and Microsoft Active Directory are implemented as reference plugins for the authentication 'pipeline'.
Architecture
The underlying architecture of ESOE is such that all modules are able to be removed, replaced or reimplemented to suit a specific deployment. This is achieved with heavy utilization of the Spring Framework and interface driven design. Development is carried out with using Agile principals and the software includes hundreds of automated test cases.
For added flexibility each core part of the system has been developed using a pluggable pipeline approach. This means that authentication, identity and SSO events must each traverse a pipeline of plugins which all perform different tasks. This allows organizations to add functionality specific to their deployment while still taking advantage of the core logic.
The entire system is built using a centralized ESOE Build system which relies on Apache Ant. Dependencies in the system are automatically maintained by heavy integration with Apache Ivy. Eclipse is the preferred development environment. All code is stored in Subversion.