Perun is an identity and access management system that covers management of the whole user life cycle. Its key features are virtual organisation management, user and group management, resource management and service management. Perun has been designed to work in distributed and federated environments.
Licence: FreeBSD licence
Open source project available at https://github.com/CESNET/Perun
Developed by CESNET and Masaryk University in Brno, Czech Republic
Table of Contents
Features
Complete VO and group management
Identity consolidation (account linking)
Push mechanism for authorisation data delivery (delivering ACLs, group information to services using push)
Pull mechanism for authorisation data delivery via LDAP and AA
Provisioning/de-provisioning of the user rights on services
Enrolment management (customisable application forms, various enrolment flows)
Delegation support for VO and group management
Security teams support (global user banning)
Import and synchronisation of users/groups with existing identity and group management systems
Homeless users
Different Levels of Assurance
Flexible and scalable attribute release policies
Persistent and unique user identifiers
Browser & non-browser based federated access
Social media identities
Effective accounting
Integration with e-Government infrastructures (Ready to be supported)
Supported Standards
VOOT
SAML2 IdP and AA (via Shibboleth IdP)
Various authentication protocols, primarily used in enrolment management (via Apache AuthN modules)
LDAP
User Interfaces and APIs
Web-based GUI
Command-line interface
REST-like API
Libraries: PHP , Perl, JavaScript and Java
Support for Virtual Organisations
Supports multiple VOs
Delegated administration of VOs and groups/subgroups
Does not support hierarchical VOs, but supports VO to VO synchronization
Support for VO registration (customizable VO application forms)
Support for management of resources allocated to VOs