Know of SSO turnkey Appliance with ldap, radius, openid, etc?

Question

I'm helping a typical small company that started with a couple of outsourced systems (google apps, svn/trac). added an internal jabber server (ejabber for mostly iChat clients). subscribes to a couple of webservices (e.g. highrisehq). and has a vpn service provided by a pfsense freebsd firewall.

And the net result of all this is that they're drowning in passwords and accounts.

It seems that if they had a single unified login / single signon service they could go a long way to combining these. E.g.: ldap as the master repository, radius linked to it for vpn, ejabber and even WPA2 wireless access, plugins for google app sign on, and perhaps an openid server for external websites like highrisehq.

It seems that all these tools exist separately, but does anyone know of a single box that combines them with a nice GUI and auto-updates? (e.g. like pfsense/m0n0wall for firewalls, freeNAS for storage). It doesn't have to be FOSS. A paid box would be fine too.

I figure this must exist. Microsoft's Active Directory is likely one solution but they'd rather avoid Windows if possible. There seem to be various "AAA" servers that ISPs use or for enterprise firewall/router management, but that doesn't seem quite right.

Any obvious solutions I'm missing? Thanks!

Answer 1

You may not want to standardise passwords across so many apps (especially external ones), though for internal ones using an auth service like LDAP makes sense.

You could solve the issue of remembering passwords with an eSSO like Novell SecureLogin

Also you might be interested in Novell Access Manager and Novell Identity Manager

Answer 2

It's been over a year since you originaly asked the question, so I'm guessing you've solved your problem by now. But if someone else is interested in a possible solution I suggest the following:

First of all, I don't know of any "all in one" solution to your problem. However it's quite easy to combine three products that will solve all of your needs and provide a single source for User management and password storage.

The first thing to do is install an LDAP Directory to manage Users and Groups (and possibly other objects outside the scope of your question). This can be OpenLDAP, Apache DS, Microsoft Active Directory, etc. Basically any LDAP Server will do.

Second I recommend installing FreeRADIUS with the LDAP Directory configured as it's backend Service.

Third get a license of Atlassian Crowd. It provides OpenID and Google Apps authentication. Prices for up to 50 Users start at $10 and go all the way up to $8000 for an unlimited user license.

Installation and Configuration of the three is relatively easy. You'll probably put most work into creating your Users and Groups. You can install all three components on a single Server and end up with a box that allows you to authenticate pretty much everything from Desktop Login, over Google Apps and other Web Apps, down to VPN and even Switch, WiFi and Router Login.

Just make sure you configure your Roles and Groups wisely! Otherwise you might end up with some Sales Person being able to do administration on your Firewalls and Routers :-)