Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/icholy/wafer

A simple approach to single-sign-on
https://github.com/icholy/wafer

Last synced: about 1 month ago
JSON representation

A simple approach to single-sign-on

Host: GitHub
URL: https://github.com/icholy/wafer
Owner: icholy
Created: 2015-11-18T04:11:35.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2015-11-23T16:33:45.000Z (almost 9 years ago)
Last Synced: 2024-10-03T15:18:51.011Z (about 2 months ago)
Language: Go
Size: 63.5 KB
Stars: 0
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# WIP: Wafer

> A barebones approach to single-sign-on

* Provides login and logout page.
* Uses LDAP for storing users and passwords.
* Sets a [JWT](http://jwt.io/) on all specified domain.

## JWT Data:

This is data that will be accessible to all applications via headers.

``` json
{
"id": 123,
"name": "Ilia Choly",
"groups": ["admin", "dev"]
}
```

## WebHooks:

Each application can be configured with a wafer webhook.
These are invoked when a user logs in via wafer.

Example config file (for the wafer server):
```
http://sub1.domain.com/wafer_webhook.php
https://sub2.domain.com:8888/wafer_webhook/
```

Hooks have two responsibilities:

1. Set the provided JWT in the cookie so it's available on that domain.
2. Provision a user account for the user in the JWT if it does not already exist.

## Login page:

After the login page, the user is redirected to a page containing `img` tags pointing to the configured domain.
It provisions user data in applications and it sets the JWT cookie.

``` html

Login Successfull

Click here if you're not redirected

```

## Application Integration

1. The JWT is used to identify which user is logged in.
2. If there is no JWT, the application redirects to the `wafer` server.
3. After login, the `wafer` server invokes the application's `/water_hook` route.
4. The user is then redirected back to the application.

## Apache Integration

I'll need to write an apache module which authenticates against JWT. Example:

``` apache

AuthType JWT
AuthName "Members Only"
AuthJWTKey "secret"
Require user
ErrorDocument 401 http://wafer.server.com/login?appname=apache

```

WIP: https://github.com/icholy/mod_auth_jwt