Demo program is a mod_XXX for apache 2.2. The development environment is:

Cent OS v5.4

• Apache 2.2.3
• OpenSSL 0.9.8e-fips-rhel5
• MySQL 5.0.77 (for eunomia user registry and session store)

I'm sorry, but I can't open my code in this time, because I can't confirm whether my code infringes other's copyright or not.

There are 2 web servers in this demo system. One is "eunomiaproject.org" and another is "example.com". Of course, these servers are configured for Eunomia. The eunomiaproject.org server is configured as a member of realm "alice", and the example.com one is configured as a member of realm "rabbit".

We registered only one user named "testuser1" at eunomiaproject.org, and registered 2 users named "testuser1" and "testuser2" at example.com.

The eunomiaproject.org server requires "email" and "telephone" attributes for local user authentication, and "address" and "telephone" for remote user authentication. But the example.com server allows only "telephone" attribute for remote request.

The next picture is the overview.

This scenario includes 3 authentication patterns.

1: Local Login

• The "testuser1" of eunomiaproject.org logins the eunomiaproject.org server (This is just like a normal form login)
• Show the apache access_log to see the access user name (testuser1)
• Access printenv.cgi to show the user's info

2: Remote Login(simple))

• Access http://eunomiaproject.org/test.html to show login page
• Select example.com for regirect login
• Redirect to example.com automatically and login at example.com
• After the authentication, redirect to eunomiaproject.org automatically and show the requesting page
• Show the apache access_log to see the access user name (rabbit-testuser1)
• Access printenv.cgi to show the user's info

3: Remote Login(login at the remote server previously)

• The "testuser2" user logins at example.com previously
• After the authentication, the user access the eunomiaproject.org server
• Login required
• Select example.com for regirect login
• Redirect to example.com automatically and confirm this user has already authenticated at example.com
• Redirect to eunomiaproject.org automatically and show the requesting page
• Show the apache access_log to see the access user name (rabbit-testuser1)
• Access printenv.cgi to show the user's info

The next video shows these 3 patterns consecutively. If it is difficult to watch the demo, please watch it at YouTube. (http://www.youtube.com/watch?v=8xGMC2bRb60)