Boruta server - a lightweight Identity and Access Management solution

pknoth · October 25, 2022, 9:50am

Still an ongoing work but yet OpenID certified I have been writing a standalone version on top of boruta | Hex that includes:

an OAuth 2.0/OpenID Connect certified authorization server
an identity provider with configurable backends
an administration interface
a light gateway that enables authorization

The source code is available at GitHub - malach-it/boruta-server: Lightweight Identity and Access Management solution

I am looking for production use cases to integrate this first beta release. If you have any need for an identity and access management solution, drop me a note to discuss the needs for such an integration.

The documentation is still a work in progress, do not hesitate to reach out if you have questions about how it does work or what is possible to do with the server.

All kinds of feedback will be very welcome!

Thank you for reading me so far, hope to see you around.

mayel · October 25, 2022, 8:24pm

Hi @pknoth this sounds great. As you know I’ve already started integrating the boruta lib into Bonfire: GitHub - bonfire-networks/bonfire_open_id: Use OpenID and OAuth with your Bonfire identity or connect to Bonfire with an external identity and may want to also integrate these tools, in which case would it be possible to package the apps as libraries rather than a standalone umbrella project? (maybe keeping boruta-server as an example repo that wraps those libraries)

pknoth · October 25, 2022, 8:46pm

Hi @mayel,

I built a standalone version of boruta in order to open its usage beyond the Elixir community and enable any service to get the advantages of such a solution. I designed it to be evolutive to handle further needs and features, thinking of all the possible improvements in the authentication field, but also to have a wider implementation of OAuth/OpenID specifications.

That said, I think the idea to extract some of it to support the elixir package can be a good idea, I’ll keep that in mind knowing that it would bring more work and maintenance to be in a good shape.

gordoneliel · January 3, 2023, 2:21am

I might be interested, will be in the market for an OAuth server soon. A question though, is there a reason why the main boruta project is on gitlab and this one on GitHub? Makes it a little difficult to browse

pknoth · February 4, 2023, 1:20pm

Hi again,

Few months ago, I recorded a loom presentation about the installation of the server. Here it is, with the hope it will help better understand how it works. Loom | Free Screen & Video Recording Software | Loom

Cheers

pknoth · February 15, 2023, 9:02am

Then I started to post on LinkedIn about boruta, publishing a video series about how the server works

The installation - linkedIn
Client management - linkedIn

More are to come.

Like it, share it, the more it is visible the best it is!

Thank you reading me

barttenbrinke · February 22, 2023, 9:45am

I’ve just started using Boruta to build a connection to Keycloak - it works very nicely. I will be sharing your Linkedin Posts

pknoth · April 7, 2023, 10:12am

Hi there!

These days, I am working on a code of conduct for all boruta related projects. It would be a derivate of contributor covenant and would like to publish the result with the same license (CC 4.0).

If any would like to participate to the working group, do not hesitate to reach out.

Have a nice day/afternoon/evening wherever you are.

pknoth · April 17, 2023, 11:24am

Hey !

A little note about a new video of the boruta series. It is short and talks about managing users with the server. Here it is on linkedin.

Thank you for listening if you had.

Have a great morning/afternoon/evening wherever you are!

pknoth · May 6, 2023, 9:41am

Hi there!

I have recently been implementing micro gateways into the boruta server. Here is a new video of the boruta series demonstrating them on Linkedin

The code source of the server is still available on GitHub

As always, all feedback is very welcome

Cheers

pknoth · May 17, 2023, 7:08pm

I am glad to say that this server is now also certified for the Config and Dynamic OP by the OpenID Foundation.

I released then version 0.2.0 with quite a lot of improvements:

[gateway] introspected token forwarding to updatreams
[identity] email templates edition
[identity] configure, expose and edit user metadata
[identity] user metadata configuration
[gateway] static configuration
[gateway] microgateways
[identity] identity federation (login with button)
[auth] better well-known openid configuration
[auth] dynamic client registration
[auth] client authentication methods configuration
[auth] global signing key pairs

As a reminder,

I also plan to launch a documentation website to better understand how the server works, stay tuned.

With care,

pknoth · May 31, 2023, 5:04pm

I just finished recording the series of demo videos of boruta:

the installation - Loom | Free Screen & Video Recording Software | Loom
the OAuth clients - Loom | Free Screen & Video Recording Software | Loom
the identity providers and the users - Loom | Free Screen & Video Recording Software | Loom
the (micro)gateway - Loom | Free Screen & Video Recording Software | Loom
the monitoring - Loom | Free Screen & Video Recording Software | Loom

Have a look, all feedback is welcome!

Thank you for listening to me (if you have).

Cheers

pknoth · June 10, 2023, 7:37am

I just published the story of the product in medium - https://medium.com/p/f3b9ca5a9ac9

Departing from scratch, I tell how I came to create a full Identity and Access Management solution.

Happy reading!

pknoth · June 22, 2023, 9:51am

If you want to support, the product needs you!

As I am looking for funds to hire a technical writer to redact the documentation, the project is open for donations on open collective - boruta server - Open Collective

Thank you for your support.

Cheers

pknoth · July 18, 2023, 11:25am

boruta server is now available on DockerHub

https://hub.docker.com/r/malachit/boruta-server

Happy coding!

pknoth · December 13, 2023, 10:29am

Hi there,

Lastly, I integrated TOTP as a second factor for second-factor authentication. It helps to make use of an authenticator to secure your account.

Here is a video demonstrating the behavior - Pascal Knoth on LinkedIn: TOTP Authentication Demo: Enabling Time-Based One-Time Passwords 👍

Have a great day/afternoon/night wherever you are

barttenbrinke · January 16, 2024, 8:59am

We have been using this in conjunction with Keycloak orchestration (we set up new singon environments from elixir) and this is working very nicely. Awesome work!

pknoth · January 23, 2024, 4:59pm

Hi all,

I recently worked to enable self-sovereign identity by implementing the specifications from the IETF, W3C, and OpenID Foundation. Then I have a working Proof of Concept of verifiable credential issuance which is great !

I wrote an article about what is SSI and what I do within that frame - https://medium.com/p/479f2ffa5f4e

As usual, all feedback is very welcome

pknoth · September 1, 2024, 1:16pm

The version 0.4.0 is out.

This release contains (as stated in the changelog):

[ssi] Configurable verifiable credentials issuance with oid4vci implementation
[ssi] Siopv2 same device implementation
[auth] Demonstration proof of possession implementation
[auth] Pushed Authorization Request implementation
[infra] Server ip address bindings configuration via environment variables
[infra]Infrastructure as Code with static file configuration
[admin] Admin ui improvements
[auth] Better identity federation
[identity] Webauthn integration
[infra] Remote IP logging

This brings boruta to the new era of the Self-Sovereign Identity with certified verifiable credentials issuance abilities. Cannot wait the implementation of verification with oid4vp!

Have a great morning/evening/afternoon wherever you are.