I recently found an awesome project on Github called SSOwat. It's a super-lightweight SSO application written in Lua that integrates directly with Nginx. I got extremely excited because how often do you find a cool SSO project that's not written in Enterprise Web-Scale Java or lolPHP? Interestingly enough, SSOwat was built with the intention of integrating with a neat project called YunoHost.
After checking it out and promptly getting a LDAP server set up, I started setting it up in my Nginx jail. During my setup, I made some UI mods to be less YunoHost branded and more generic-ish with a flat UI. I also added an additional setting to restrict user login to a specific login group (
restrict_login_group). My changes can be found in the maiome-development github repo, here.
First things first, I had to recompile Nginx with the Lua module, which is very trivial to do on FreeBSD. On FreeBSD, the adding the Lua flag to the Nginx port automatically compiles LuaJIT 2.0.4.
SSOwat requires the
lualdap module, but in ports, it is only available for Lua 5.2, but LuaJIT 2.0.4 is equivalent to Lua 5.1. The easiest way to make this work is to install the following packages:
lua51-5.1.5_9 lua51-lpeg-0.12 lua51-luafilesystem-1.6.3 lua51-luasocket-3.0r1
After that, we actually need to compile the
lualdap module. The latest version that is compatible with Lua 5.1 can be cloned from
http://git.zx2c4.com/lualdap. I recommend applying this patch and adjusting CC and other paths to fit your platform.
lualdap can easily be compiled and installed via
make install. On FreeBSD, this will result in a
lualdap.so being added to
After all of that work, everything should be ready to go! Just follow the installation instructions in the README and you're good to go!