Federation Services – the new module in didmos

The open source software suite for Identity & Access Management (IAM), didmos, continues to grow. didmos now consists of seven modules that can be used for different areas of IAM – individually or in combination. All modules together form a comprehensive IAM solution.

With the new module, didmos Federation Services, DAASI International is introducing a toolkit that is dedicated to the special challenges in federated environments. The aim is to increase security within an IT landscape, e.g. in research infrastructures, improve user-friendliness and ultimately also reduce administration costs.

The first tool of the didmos Federation Services is FedSSH. This software combines SSH access to servers with web-based, federated authentication. Traditionally, SSH access requires local user and credential management. With FedSSH, the benefits of federated IAM can now be combined with the security level of SSH access. Federated IAM uses a special position of trust within the federation and assumes that all appropriately authenticated and authorised users are entitled to access regardless of the home organisation. It is therefore possible to simply connect FedSSH to a central IdP via SSO.

FedSSH was developed by the Alfred Wegener Institute, Helmholtz Centre for Polar and Marine Research (AWI) and has now been handed over to DAASI International for further maintenance as an open source product.

 

‘This is a good example of how open source licensing can be used to turn software developed in a research context into a sustainably available and maintained product in cooperation with an open source company such as DAASI International,’ comments Peter Gietz, CEO of DAASI International.

FedSSH: convenient installation and simple password management

FedSSH can be installed quite easily on Unix servers and does not require any additional software on the client side, so that any SSH clients can be used.

In a federated environment with FedSSH in use, users only need to remember one password, no matter how many servers they need access to. This also means fewer forgotten passwords and fewer accounts that need to be deactivated when users leave.

 

Like FedSSH, all future didmos Federation Services tools will be able to be used both in conjunction with the didmos modules and as a stand-alone solution. Another tool is already being planned that will work with dynamic Kerberos tickets in federations.

If you would like to share your suggestions on the topic with us, for example what type of tool you think would be useful, please write to us via the didmos mailing list. We welcome contributions from the community.