Perun  is an identity and access management system that covers management of the whole user life cycle. Its key features are virtual organisation management, user and group management, resource management and service management. Perun has been designed to work in distributed and federated environments.


  • Licence: FreeBSD licence

  • Open source project available at https://github.com/CESNET/Perun

  • Developed by CESNET and Masaryk University in Brno, Czech Republic



Features

  • Complete VO and group management

  • Identity consolidation (account linking)

  • Push mechanism for authorisation data delivery (delivering ACLs, group information to services using push)

  • Pull mechanism for authorisation data delivery via LDAP and AA

  • Provisioning/de-provisioning of the user rights on services

  • Enrolment management (customisable application forms, various enrolment flows)

  • Delegation support for VO and group management

  • Security teams support (global user banning)

  • Import and synchronisation of users/groups with existing identity and group management systems

  • Homeless users

  • Different Levels of Assurance

  • Flexible and scalable attribute release policies

  • Persistent and unique user identifiers

  • Browser & non-browser based federated access

  • Social media identities

  • Effective accounting

  • Integration with e-Government infrastructures (Ready to be supported)

Supported Standards

  •  VOOT

  • SAML2 IdP and AA (via Shibboleth IdP)

  • Various authentication protocols, primarily used in enrolment management (via Apache AuthN modules)

  • LDAP

User Interfaces and APIs

  • Web-based GUI

  • Command-line interface

  • REST-like API

  • Libraries: PHP , Perl, JavaScript and Java

Support for Virtual Organisations

  • Supports multiple VOs

  • Delegated administration of VOs and groups/subgroups

  • Does not support hierarchical VOs, but supports VO to VO synchronization

  • Support for VO registration (customizable VO application forms)

  • Support for management of resources allocated to VOs

Dependencies on other technologies

  • Supported DBs: PostgreSQL, Oracle DB
  • Requires Java container
  • Shibboleth SP and IdP
  • OpenLDAP 
  • Apache

Operational overview

  • It can be provided as a service by CESNET
  • It is available as a virtual appliance
  • Can be deployed locally using source code from GitHub (installation manual is not yet publically available)

Expected level of support

Perun has several production deployments (Czech e-Infrastructure provided by CESNET, Masaryk University, ELIXIR, EGI). Development and support team consists of employees from CESNET and Masaryk University, therefore code base maintenance and future development is ensured.










  • No labels