I gave a presentation this past weekend at Linuxfest Northwest on the topic of using a collection of Apache HTTPD modules and SSSD to provide identity management for web applications. This is an approach that is currently used by OpenStack, ManageIQ, and Foreman to allow the Apache HTTPD web server to handle all of the authentication and retrieval of user identity data and exposing it to the web applications.
This is a nice approach that can remove the complexity of interfacing directly with a centralized identity source from the web application itself, with all of the great advantages that SSSD and the underlying Linux platform provides. It’s particularly useful when using FreeIPA, as you can get Kerberos single sign-on and use centralized host-based access control (HBAC) to control access to your web applications. If you’re developing web applications that have to deal with any sort of authentication and authorization (which is pretty much everything), it’s worth taking a look.
The slides from the presentation are available here.
There is also a great write-up about this approach from FreeIPA developer Jan Pazdziora on the FreeIPA wiki here.