Lemonldap::NG is a complete and modular Web-SSO that can run with reverse-proxies or directly on application webservers. It can be used in conjunction with OpenID-Connect, CAS and SAML systems as identity or service provider. It can also be used as proxy between those federation systems.
It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection. Authorization are built by associating a regular expression and a rule. Regular expression is applied on the requested URL and the rule calculates if the user is authorized.
These details are provided for information only. No information here is legal advice and should not be used as such.