Identity Management Tools
Over the years, Carillon experts have produced a number of applications and libraries that can be helpful when setting up Public Key Infrastructures and Federated Identity Management solutions. Those were not written with publication and commercialisation in mind, but simply to make our lives easier by automating some recurrent tasks and implementing certain RFC features.
Since we found these applications useful and believe they would be beneficial to others as well, we have made some of them available as free, open-sourced software, released under the GNU LGPLv2.
While Carillon provides no guarantees with regard to the distributed code, we can provide our customers with complete technical support and modification services.
STS - Secure Token Service
The Carillon STS is a PHP-based Federated Identity Provider (IdP) which is capable of acting as a Secure Token Service compatible with Windows CardSpace and other "infocard" implementations. It has been successfully tested with CardSpace, as well as with Chuck Mortimore's Firefox identity selector plugin.
- X.509 Certificate Validation Daemon
Pathfinder is a Linux daemon that provides centralized X.509 certificate validation. It is fully RFC5280 compliant, and can process complex trust models, such as bridging and multiple bridge traversal.
- Pathfinder for Apache -
Client Certificate Validation
This patch allows the Apache web server to use Pathfinder for verification of client certificates.
- Pathfinder for
FreeRADIUS - Client Certificate Validation
This patch allows the FreeRADIUS server to use Pathfinder for verification of client X.509 certificates during authentication requests.
- Pathfinder for xmlsec -
XML Security library
This patch allows the xmlsec1 tool and the libxmlsec1 library to use Pathfinder for validation of X.509 certificates when verifying a digitally signed XML structure.
- Pathfinder for Stunnel -
This patch allows the Stunnel 4.23 Universal SSL Wrapper to use Pathfinder for verification of X.509 certificates presented by a remote client or server. This makes it even easier to add proper certificate validity checking to applications and servers that may not even already be SSL-aware.
- Pathfinder for OpenLDAP - Certificate
This patch allows the OpenLDAP server to use Pathfinder both for verification of client certificates (for LDAPS) and for verification of certificates fetched by the LDAP Proxy backend.
- Extra SSL Info - for
Apache HTTPD 2.2.8
This patch adds some extra SSL_* variables to the apache environment, which we've found useful. In particular, Certificate Policies OIDs, and the email and DNS forms of Subject Alternative Name, are parsed and published for client and server certificates.
- Certificate Discovery Service -
X.509 encryption certificate retrieval through LDAP
These patches contain updates to Boeing's LDAP proxy, rendering it compatible with recent versions of OpenLDAP.
- Electronic 8130-3 Validator Tool - Validate a digitally signed XML form 8130-3. This tool validates an uploaded file against the ATA Schema from Spec 2000 Chapter 16, and then validates the digital signature on the file. Any problems with the digitally signed electronic 8130-3 are reported. If the validation succeeds, you may view a PDF representation of the 8130-3.
- Carillon Electronic 8130-3 and AEEC 827 SimpleSign - Quick, simple to deploy, centralized solutions for Electronic 8130-3 and 827 software crate management.