If you want to set up an in-house authentication system to use for ownCloud, WordPress, and the like, find out how to install privacyIDEA on your Ubuntu server.
privacyIDEA is a modular authentication system that can manage authentication on your network. It's powerful, it's flexible, and it can be set up for free on an existing Ubuntu server.
Unlike a lot of authentication systems, privacyIDEA isn't that hard to install and set up; in fact, you can have your next authentication system up and running in minutes. I'll use the Ubuntu 16.04 platform to show how to set it up, which might seem like a problem because there isn't a privacyIDEA release for anything later than 14.04—fortunately, there's a very easy workaround.
SEE: Information Security Policy (Tech Pro Research)
What you need
You need a Ubuntu server that's up and running, and that server will need to have a full LAMP stack. You can install privacyIDEA with NGINX, but I'm going to stick with what I know best: Apache.
First, you must add the necessary repositories. To do this, open a terminal window and issue the following command:
sudo add-apt-repository ppa:privacyidea/privacyidea
Before you update apt, we have to get around the fact that there are no releases for Xenial (16.04). From the terminal, open the file /etc/apt/sources.list.d/privacyidea-ubuntu-privacy-idea-xenial.list in your favorite editor. Look for the line:
deb http://ppa.launchpad.net/privacyidea/privacyidea/ xenial main
Change that to:
deb http://ppa.launchpad.net/privacyidea/privacyidea/ trusty main
Save and close the file.
Now run sudo apt-get update, and the repository updates will succeed. Once that command finishes, install privacyIDEA with the following command:
apt-get install python-privacyidea privacyideaadm privacyidea-apache2
Now that your privacyIDEA system is installed it's time to set it up for login.
You must set up an admin user via the command line with the following command:
sudo pi-manage admin add admin
You will be prompted to enter and verify a new password for the admin user. You're ready to log into your privacyIDEA web UI.
To log into the web UI, point your browser to https://IP_OF_SERVER/#/login. You will be prompted for the admin credentials you just created. The user will be admin, and the password will be the one you set up with the pi-admin command.
At first login, you'll be prompted to create a default realm (Figure A). When prompted, click Create Realm, and you're ready to go.
Creating a resolver
Before you start adding users, you must create a resolver. There are four types of resolvers that can be added:
Since I already have MySQL running on the server, I'll demonstrate how to create a new sqlresolver; this will require you to have an existing database running that includes tables and a primary key. Without the primary key set, the resolver will not connect.
To create the resolver, log into privacyIDEA as the admin, click Users, and then click New sqlresolver. In the resulting window (Figure B), fill out all of the necessary information and make sure to click Edit User Store.
You must click one of the types of systems this resolver will be used for (WordPress, OTRS, Tine 2.0, ownCloud, Typo3, Drupal). After you select the system, it will autofill some necessary information. You'll have to change the table name to reflect an actual table in your database, map the table columns accordingly, and set a limit (the default is 500). With that basic information filled out, click Test SQL Resolver and, if the test passes, click Save Resolver. You can start adding users for your new resolver.
What you can do now
Your privacyIDEA authentication server is ready. With this service up and running, you can use it to create such things as two-step authentication for an ownCloud server.
For more information on rolling out privacyIDEA into your network, check out the official documentation.
- How to host multiple websites on Apache2 (TechRepublic)
- How to install the Seafile file and sync system on Ubuntu (TechRepublic)
- How to install SparkleShare on Ubuntu and connect it to GitHub (TechRepublic)
- How to manage Linux password expiry with the chage command (TechRepublic)
- Security versus privacy? There's only going to be one winner (ZDNet)
- Security and Privacy: New Challenges (ZDNet)