a good thing!
Ping open sources OpenID Connect module for Apache Web server
Historically, Ping Identity has been extremely active in the identity community be it standards bodies, conferences or open source.
Back in 2002, Ping co-founder and original CTO Bryan Field-Elliott (now chief architect for On-Demand Services) grew an internal federated identity mission into an open source project. Former Ping marketing maven Eric Norlin dubbed it SourceID and released it into "free" - as in speech, not beer - and it became the go-to community for open source federated identity projects for both identity geeks and corporations.
Now, Ping is continuing that pioneer spirit with an open source project on GitHub known as mod_auth_openid, an authentication/authorization module for the Apache 2.x HTTP server.
The project enables an Apache web server to operate as an OpenID Connect Relying Party using the OpenID Connect Basic Client or Implicit Client profile. (Follow this link to get your geek on with a full-set of configuration options).
But in plain English that means it's a groundbreaking project that fills a gap in scaling federation to handle the authentication onslaught from mobile devices, APIs to the Internet of Things.
In short, there is a real possibility that all future Web Single Sign-On (SSO) will be based on OpenID Connect and scale up to untold numbers of users, and Apache is surely to be a key node in guaranteeing that model works. The recently finalized OpenID Connect specification is currently supported by Google, AOL, Salesforce.com, Ping Identity and many others.
In addition, developers are emerging as an important cog in the identity infrastructure by relying on established ID services, whether behind the firewall or on the Web, instead of crafting built-in identity schemes of their own.
The Relying Party (RP) side of federation has always been the weak link in the chain, now inserting that foundational necessity for identity federation should get easier with the Apache module.
The important development here is connecting OpenID Connect to the Apache platform, the Internet's most popular web server platform according to NetCraft market research. And open source is the proper way to bring tools to the Apache community.
Open source has picked up some steam in the news lately driven by a number of vendors. Ping Identity partner Box said recently it was re-connecting with open source. Gluu is working on OpenID Connect Plugins for Apache that incorporate the User Managed Access specification and focus on authorization. ForgeRock forged a relationship with Salesforce on the back of OSS. And NASA just open sourced some of the toys in its software vault.
And yes, Ping is eating its own 1s and 0s on this one, allowing its mod_auth_openidc project to operate as an OAuth 2.0 Resource Server to a PingFederate OAuth 2.0 Authorization Server, validating Bearer access tokens against PingFederate.
But there are no dependencies here - it is pure open source.
Just one disclaimer. This software is open sourced by Ping Identity but not supported commercially as such. See the Github Issues section for this project or contact project author Hans Zandbelt directly at hzandbelt at pingidentity dot com.
The project is available here.