{"id":22268219,"url":"https://github.com/curityio/dynamic-authenticator-demo","last_synced_at":"2025-10-28T05:10:38.887Z","repository":{"id":74437451,"uuid":"520853391","full_name":"curityio/dynamic-authenticator-demo","owner":"curityio","description":"Resources needed to run a demo of the dynamic authenticator","archived":false,"fork":false,"pushed_at":"2024-11-05T14:14:22.000Z","size":259,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-01-30T13:31:44.274Z","etag":null,"topics":["authentication","federation","oauth2","openid-connect","saml","use-case"],"latest_commit_sha":null,"homepage":"https://curity.io/resources/learn/dynamic-authenticator/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/curityio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-03T11:30:17.000Z","updated_at":"2024-11-05T14:14:22.000Z","dependencies_parsed_at":"2024-12-03T11:11:59.270Z","dependency_job_id":"5d17fa53-d592-4075-80d6-36f8b979aa07","html_url":"https://github.com/curityio/dynamic-authenticator-demo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fdynamic-authenticator-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fdynamic-authenticator-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fdynamic-authenticator-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fdynamic-authenticator-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/curityio","download_url":"https://codeload.github.com/curityio/dynamic-authenticator-demo/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245486241,"owners_count":20623239,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","federation","oauth2","openid-connect","saml","use-case"],"created_at":"2024-12-03T11:11:56.501Z","updated_at":"2025-10-28T05:10:33.833Z","avatar_url":"https://github.com/curityio.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Dynamic Authenticator Demo\n\nThis repository contains resources needed to demonstrate the usage of a Dynamic Authenticator in the Curity Identity Server.\nThe resources created with scripts from this repo are:\n\n- Two separate instances of the Curity Identity Server that serve as two external OIDC Providers.\n- Two separate instances of the Curity Identity Server that serve as two external SAML Providers.\n- A node API that serves configuration required by the Dynamic Authenticator.\n- An instance of the Curity Identity Server with two types of Dynamic Authenticators configured.\n\nNote, that the OIDC and SAML providers are just added for demonstration purpose and to make this example self-contained. Don't bother the extra instances of the Curity Identity Server and related data stores. In a proper environment, those providers are external and maintained by a third party. To simulate a real-world scenario, the providers in this example are assigned different domains. See [The Created Resources](#the-created-resources) for the details.\n\n## Prerequisites\n\nThe following tools are used by the script from this repo, and you will need them to run the demo:\n\n- Docker Desktop\n- openssl\n- curl\n\nMake sure that you have those installed and available in path before running the scripts.\n\nYou will also need a license for the Curity Identity Server. If you don't have one you can get a trial license from the\n[Curity Developer portal](https://developer.curity.io/free-trial/).\n\n## Starting the Demo\n\nFollow these steps in order to run the demo:\n\n- Copy the JSON license file to `/idsvr`.\n- Add the following domains to `/etc/hosts`:\n\n```\n127.0.0.1 login.example.com provider1.example.com provider2.example.com provider3.example.com provider4.example.com\n```\n\n- Run the `./deploy.sh` script. It will create the required certificates and containers.\n\n## Log in Using the Dynamic Authenticator\n\nYou can log in to the main instance of the Curity Identity Server, by starting an OAuth flow for the client `dynamic-authenticator-demo`.\n\nThe dynamic authenticator needs a way of determining which configuration to use for the authentication. Therefore, it first collects a username, then calls the configuration API with the domain typed into the username field.\n\nEnter the following URL in your browser to start an authentication:\n\n```\nhttps://login.example.com:8443/oauth/v2/oauth-authorize?client_id=dynamic-authenticator-demo\u0026response_type=code\u0026scope=openid\u0026redirect_uri=http://localhost\n```\n\nIn the username prompt, type `user1@provider1` or `user2@provider2` for federating to an OIDC provider,\n`user3@provider3` or `user4@provider4` for federating to a SAML IdP.\n\n![Username authenticator](/docs/username.jpg)\n\nYou may now log in at the external provider. Use one of the following credentials to log in at the different providers:\n\n| Provider  | Username | Password    |\n|-----------|----------|-------------|\n| provider1 | `user1`  | `Password1` |\n| provider2 | `user2`  | `Password1` |\n| provider3 | `user3`  | `Password1` |\n| provider4 | `user4`  | `Password1` |\n\n\n![Provider 1 login screen](/docs/provider1.jpg)\n\nAfter logging in with a provider you will see a Debug Attribute Action screen, where you can study the attributes collected from the respective provider.\nNote that even though `userX@providerX` was first used as the subject, the final subject is the one obtained from the provider.\n\n| Dynamic Authenticator using OIDC | Dynamic Authenticator using SAML |\n| --- | --- |\n| ![Result of Debug Attribute Action for OIDC](/docs/debug-attribute-action-result-oidc.jpg) | ![Result of Debug Attribute Action for SAML](/docs/debug-attribute-action-result-saml.jpg) |\n\n### Customizing the Look and Feel\n\nThe [Look And Feel](https://curity.io/resources/learn/customize-look-and-feel-simple) editor provides a way of changing the theme of the login forms without the need of editing CSS files and templates. You can use it to quickly change the login screen look.\n\n## The Created Resources\n\nThe demo creates the following resources. Some useful endpoints are provided for convenience.\n\n### Provider 1\n\nA Curity Identity Server instance that serves as an external OIDC Provider.\n\nEndpoints:\n- OIDC metadata: https://provider1.example.com:8444/oauth/v2/oauth-anonymous/.well-known/openid-configuration\n- admin UI: https://provider1.example.com:6750/admin\n\n### Provider 2\n\nA Curity Identity Server instance that serves as an external OIDC Provider.\n\nEndpoints:\n- OIDC metadata: https://provider2.example.com:8445/oauth/v2/oauth-anonymous/.well-known/openid-configuration\n- admin UI: https://provider2.example.com:6751/admin\n\n### Provider 3\n\nA Curity Identity Server instance that serves as an external SAML IdP.\n\nEndpoints:\n- SAML IdP URL: https://provider3.example.com:8446/authn/authentication\n- admin UI: https://provider3.example.com:6752/admin\n\n### Provider 4\n\nA Curity Identity Server instance that serves as an external SAML IdP.\n\nEndpoints:\n- SAML IdP URL: https://provider4.example.com:8446/authn/authentication\n- admin UI: https://provider4.example.com:6753/admin\n\n\n### Main instance\n\nA Curity Identity Server instance that uses the dynamic authenticator.\n\nEndpoints:\n- OIDC metadata: https://login.example.com:8443/oauth/v2/oauth-anonymous/.well-known/openid-configuration\n- admin UI: https://login.example.com:6749/admin\n\n### The Configuration API\n\nA node Express API that serves the configuration required by the dynamic authenticator.\n\nEndpoints:\n- http://localhost:8080/api/configuration?fid=(provider1|provider2|provider3|provider4)\n\n\n## Updating the Resources\n\nWhen you update the default configuration files or the API code you will have to redeploy the containers. Running `./deploy.sh` again\nwill restart all containers, and the Curity Identity Server instances will have the configurations and data reset.\n\nIf you change the API code, run the script with the `--rebuild-api` option. This will refresh the API code in the container.\n\nIf you need the certificates to be renewed, run the script with the `--regenerate-certs` option.\n\n## Teardown\n\nOnce you're done with the demo, run the `./teardown.sh` script. This will free all the resources used in this demo.\n\n## Further Reading\n\nHave a look at this [tutorial](https://curity.io/resources/learn/dynamic-authenticator) that describes the Dynamic Authenticator in details.\n\nIf you want more information about the Curity Identity Server, Identity and Access Management, OAuth or OpenID Connect,\nthen have a look at the [resources](https://curity.io/resources/) section of the [Curity](https://curity.io) website.\n\nIf you have any questions or comments don't hesitate to open an issue in this repository or contact us.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fdynamic-authenticator-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcurityio%2Fdynamic-authenticator-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fdynamic-authenticator-demo/lists"}