Faits sur https://www.websequencediagrams.com/
git clone http://repos.entrouvert.org/mandaye.git
git clone git://repos.entrouvert.org/mandaye.git
MandayeJS is an Authentication Reverse Proxy. Its purpose is to add s to add external
authentication systems to legacy application, i.e. SSO.
$ tar xzvf phantomjs.tar.gz $ sudo mv phantomjs-2.1.1-linux-x86_64 /opt/phantomjs/ $ sudo apt install python-mandayejs mandayejs
vim /etc/mandayejs/settings.py
PHANTOM_JS_BINARY = '/opt/phantomjs/bin/phantomjs'
class Example(AppSettings): # url of the login form SITE_LOGIN_PATH = '/' # SITE_LOCATORS describe login form fiels # they're used to generate the association form SITE_LOCATORS = [ { 'id': '#username', 'label': 'Username', 'name': 'username', # always same as id 'kind': 'string', 'required': True, 'help': '', }, { 'id': '#birth_date', 'label': 'Birth date', 'name': 'birth_date', # always same as id 'kind': 'date', 'required': True, 'help': 'exemple 16/06/2008' }, { 'id': '#password', 'label': 'Password', 'name': 'password', # always same as id 'kind': 'password', 'required': True, 'help': '' }, ] # List of javascript scripts running on every pages. # they're loaded in panel.html SITE_APP_SCRIPTS = [ 'myapp/js/example.com.js', ] # JS Script asserting authentication through phantomjs # The authentication assertion function must be into # a var such as : # # $(function(){ # window.auth_success = function(){ # // your code # } # }); SITE_AUTH_CHECKER = 'myapp/js/auth.checker.js' # List of cookies to delete when dissociating an account SITE_AUTH_COOKIE_KEYS = [ 'UserSessionId', ] # URL on which the authentication is forced # if user is connected and already associated SITE_FORCE_REDIRECT_URL = '/login.php' # LOCATOR on which the authentication is forced # if user is connected and already associated SITE_FORCE_REDIRECT_LOCATOR = '#logon-form' # Locator used to catch the local application # logout process in order to launch a SLO SITE_LOGOUT_LOCATOR = '#account_logout' # Application's webservices SITE_WEB_SERVICES = { 'products': '/products/id', } # If your class inherits from another and # a SITE_LOGIN_PATH need to be set SITE_LOGIN_PATH_PREFIX = '/wonderland/'
SITE_APP = 'mandayejs.applications.Example'
It's possible to associate/dissociate an account through the MandayeJS API. 3 methods are available :
* GET /_mandaye/api/ : # Returns SITE_LOCATORS response : status_code : 200 data : { "login": "", "password": "" } * POST /_mandaye/api : # Associates an user, create a new user when it doesn't exist data : { "name_id_content": "12345", "email": "kevin@fake.com", "first_name": "kevin", "last_name": "fake", "locators": { "login": "fake", "password": "fake" } } response : status_code : - success : 200 - failure : 401/403 * DELETE /_mandaye/api : # Dissociate an user account data : { "name_id_content": "12345" } response : status_code : - success : 200 - failure : 403/404
1. Export users authentication data from database and ldap
COPY (SELECT idp.unique_id, sp.post_values FROM idp_user AS idp, sp_user AS sp WHERE sp.idp_user_id = idp.id) TO 'credentials.csv' DELIMITER ';';
$ sudo slapcat -a '(spName=<service_provider_name>)' -l <dest_filename>
2. Convert name_id
into uuid
import csv
from authentic2.saml.models import LibertyFederation
def csv_get_dict_data(filename):
with open(filename, 'rb') as fd:
fieldnames = ['username', 'credentials']
reader = csv.DictReader(fd, delimiter=';', quotechar='|', fieldnames=fieldnames)
return list(reader)
return False
def csv_write_dict_data(data, filename):
with open(filename, 'wb') as fd:
writer = csv.DictWriter(fd, data[0].keys())
writer.writerows(data)
data = csv_get_dict_data('credentials.csv')
def name_id_2_uuid(data):
result = []
for datum in data:
try:
federation = LibertyFederation.objects.get(name_id_content=datum['username'])
user_uuid = federation.user.uuid
result.append({'username': user_uuid, 'credentials': datum['credentials']})
except (LibertyFederation.DoesNotExist,) as e:
continue
return result
csv_write_dict_data(name_id_2_uuid(data), 'credentials.csv')
3. Import users
$ mandayejs-manage migrate-user --csv credentials.csv
Mandaye is a modular rewriting reverse proxy. Its main use is to add external
authentication systems to legacy application, i.e. SSO.
It dispatches HTTP requests to your applications and allow you to transform and
filter the request and the response.
Mandaye allows to couple your authentication provider with incompatible web
applications.
This software copyrighted by Entr'ouvert and is licensed under the GNU AGPL
version 3 for distribution.
You must install the following packages to use Mandaye
You can install all those dependencies quickly using pip
pip install gevent poster SQLAlchemy Beaker Mako lxml gunicorn
or easy_install::
easy_install gevent poster SQLAlchemy Beaker Mako lxml gunicorn
or apt-get (Debian based distributions)::
apt-get install gunicorn python-poster python-sqlalchemy python-beaker python-mako python-lxml python-setuptools
It's recommended to install the following modules
You can install this Python modules with pip
pip install pycrypto static
Install at least Python >=2.5 and setuptools or distribute and enter this command in a shell
$ python setup.py install
If you want to develop use this command line
$ python setup.py develop
Configure MANDAYE_PATH/mandaye/config.py with your own preferences.
You must configure the database uri and the log file.
First create your database
$ mandaye_admin.py --createdb
Launch mandaye server
$ mandaye_server.py
mandaye_server.py use gunicorn and gunicorn options (please read http://gunicorn.org/configure.html)
You could also use gunicorn.conf.py-sample (in the mandaye files)
$ mandaye_server.py -c PATH_TO_THE_FILE/gunicorn.conf.py
or
$ mandaye_server.py -c PATH_TO_THE_FILE/gunicorn.conf.py -b 0.0.0.0:4242