Great job! I will take a look.
Thanks ;) regards, François Papon [email protected] Le 15/04/2019 à 10:44, Steinar Bang a écrit : > https://github.com/steinarb/authservice > > I wrote this to cover my own usecase, which was to have the same login > for nginx itself, as well as a couple of web whiteboard webapps running > in the same apache karaf, behind the nginx server through a reverse > proxy setup. > > Cross-webapp SSO works by providing the shiro interfaces Realm[1] and > SessionDAO[2] as OSGi services to shiro web sessionmanagers. > > Nginx authentication is handled by providing an nginx with a URL > suitable for the nginx auth_request module[3], that shares Realm and > SessionDAO with the karaf webapps. > > Authservice is based on Shiro 1.3.1 (I can't remember why it isn't > 1.3.2. I will try with 1.3.2 and if it works, release a new version of > authservice to maven central shortly), and it will be upgraded to the > first OSGi-friendly 1.4.x or 1.5 version released by Francois Papon. > > The authservice license is Apache v2, and authservice has been deployed > to maven central. > > To try it out: > 1. From a karaf console, give the following commands: > feature:repo-add > mvn:no.priv.bang.authservice/authservice/LATEST/xml/features > feature:install authservice-with-derby-dbrealm-and-session > 2. Open the URL http://localhost:8181/authservice in a web browser and > log in with username/password: jad/1ad > 3. Verify that the "User administration UI" is inaccessible and use the > back button in the browser to get back to the main authservice page > 4. Click on the "Change your own password" link and try changing the > password > 5. After changing the password click on the back button in the browser > to get back to the main authservice page > Note: don't use the "Back to top" link because that links to two > levels up > 6. Click on the "Change your own email and real name" and try changing > them > 7. Click on the back button in the browser to get back to the main > authservice page (here also "Back to top" link, links two levelse > up, because both of these URLs are intended as self service URLs > linked to from the main nginx page) > 8. Click on "Logout" and then login again as username/password: > admin/admin > 9. Click on the "User administration UI" and try giving user jad the > useradmin role > 10. Click on the "Up to authservice top" link and then click the > "Logout" link > 11. Log in with username/password: jad/1ad > 12. Verify that user jad now can use the "User administration UI" > > The authservice-with-derby-dbrealm-and-session feature uses an in-memory > database that will disappear when karaf is stopped and restarted. > > "Production" authservice uses PostgreSQL. > > > Authservice feature summary > - Based on Apache Shiro > - Apache Karaf application based on pax web whiteboard and OSGi Declarative > Services (DS) > - Plain HTML "self-service" pages for letting users change their > passwords and personal information > - A small user administration UI written in react and styled with > bootstrap v4 > - A Shiro JDBC realm that supports base64 encoded password salt > - JDBC database schema and initial data setup provided by a liquibase > script, which means that in theory any JDBC database supported by > liquibase can be used to replace PosgreSQL (some code required, the > README has suggestions) > > References: > [1] > <http://shiro.apache.org/static/1.3.1/apidocs/org/apache/shiro/realm/Realm.html> > [2] > <http://shiro.apache.org/static/1.3.1/apidocs/org/apache/shiro/session/mgt/eis/SessionDAO.html> > [3] <http://nginx.org/en/docs/http/ngx_http_auth_request_module.html>
