Cefriel - SIRAC Authentication Platform for Comune di Genova

As part of Cefriel (cefriel.com), I contributed to SIRAC, an authentication orchestration platform used by the Comune di Genova (comune.genova.it) as the single sign-on (SSO) layer for its online portals and citizen services. The platform's role is to act as a unified entry point for Italy's official digital identity systems — such as SPID, CIE and eIDAS-compliant identities — and to expose a consistent interface to municipal applications.:contentReferenceoaicite:0

At a protocol level, SIRAC implements the main web authentication standards:

• SAML (Security Assertion Markup Language), widely used in public administration and legacy identity setups.
• OIDC (OpenID Connect), the modern, OAuth2-based identity layer.

The platform not only supports these standards generically, but also adapts to the specific profiles and variations used by different Italian identity providers (e.g. SPID, CIE, and other eIDAS-aligned schemes), and can be used by applications that speak either SAML or OIDC, thanks to an internal translation layer between protocols.:contentReferenceoaicite:1

My work on SIRAC had two main dimensions:

1. Translation and configuration model
   I contributed to the translation layer that allows SIRAC to mediate between different identity protocols and provider-specific nuances, while still presenting a consistent contract to the applications that rely on it. This involved working with the configuration model that describes:
   • Which identity providers are available (SPID, CIE, eIDAS, etc.).
   • How they are configured at the SAML/OIDC level.
   • How SIRAC should project those identities onto downstream applications.
2. Administrative dashboard and deployment pipeline
   Initially, SIRAC was configured manually via XML files, and every new client or service required coordinated edits in SIRAC, Apache and Shibboleth configuration files. This was error-prone and hard to scale. My main contribution was to design and implement an administration dashboard and configuration pipeline around SIRAC:
   • I developed an admin dashboard using React for the frontend and NestJS for the backend, with MongoDB as the persistence layer.
   • In this dashboard, SIRAC configuration is stored in a standardized data model that describes identity providers, clients, flows and policies in a structured way instead of raw XML.
   • From this model, I implemented processes to generate the concrete configuration artifacts needed by:
     • SIRAC itself (core auth configuration).
     • Apache (vhosts, routing, SSO endpoints).
     • Shibboleth (identity provider / service provider configuration).
   • Using Ansible, we set up a deployment scheme that takes the generated configurations and rolls them out to multiple infrastructures from the same dashboard-defined model, ensuring consistency across environments.

This work turned SIRAC from a powerful but manually configured SSO layer into a managed, model-driven authentication platform, where:

• Administrators use a web dashboard instead of editing XML and server configs by hand.
• Applications in the Comune di Genova ecosystem can rely on a unified authentication entry point that speaks both SAML and OIDC.
• Identity providers like SPID, CIE and eIDAS-based schemes can be integrated and evolved without losing control over configuration, traceability and security.

My contribution combined identity standards, full-stack development (React, NestJS, MongoDB) and infrastructure automation (Ansible) to help make SIRAC more operationally robust, auditable and easier to extend for new services and identity requirements.