Documentation
¶
Index ¶
- type AuthServer
- type Authenticator
- func (sa *Authenticator) AuthenticateUser(r *requests.Request) error
- func (sa *Authenticator) ConfigureBindCredentials(cfg *Config) error
- func (sa *Authenticator) ConfigureRealm(cfg *Config) error
- func (sa *Authenticator) ConfigureSearch(cfg *Config) error
- func (sa *Authenticator) ConfigureServers(cfg *Config) error
- func (sa *Authenticator) ConfigureTrustedAuthorities(cfg *Config) error
- func (sa *Authenticator) ConfigureUserGroups(cfg *Config) error
- func (sa *Authenticator) IdentifyUser(r *requests.Request) error
- type Config
- type IdentityStore
- func (b *IdentityStore) Authenticate(r *requests.Request) error
- func (b *IdentityStore) Configure() error
- func (b *IdentityStore) Configured() bool
- func (b *IdentityStore) GetConfig() map[string]interface{}
- func (b *IdentityStore) GetKind() string
- func (b *IdentityStore) GetLoginIcon() *icons.LoginIcon
- func (b *IdentityStore) GetName() string
- func (b *IdentityStore) GetRealm() string
- func (b *IdentityStore) IdentifyUser(r *requests.Request) error
- func (b *IdentityStore) Request(op operator.Type, r *requests.Request) error
- type UserAttributes
- type UserGroup
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthServer ¶
type AuthServer struct {
Address string `json:"address,omitempty" xml:"address,omitempty" yaml:"address,omitempty"`
URL *url.URL `json:"-"`
Port string `json:"-"`
Encrypted bool `json:"-"`
IgnoreCertErrors bool `json:"ignore_cert_errors,omitempty" xml:"ignore_cert_errors,omitempty" yaml:"ignore_cert_errors,omitempty"`
PosixGroups bool `json:"posix_groups,omitempty" xml:"posix_groups,omitempty" yaml:"posix_groups,omitempty"`
Timeout int `json:"timeout,omitempty" xml:"timeout,omitempty" yaml:"timeout,omitempty"`
}
AuthServer represents an instance of LDAP server.
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
Authenticator represents database connector.
func NewAuthenticator ¶
func NewAuthenticator() *Authenticator
NewAuthenticator returns an instance of Authenticator.
func (*Authenticator) AuthenticateUser ¶
func (sa *Authenticator) AuthenticateUser(r *requests.Request) error
AuthenticateUser checks the database for the presence of a username/email and password and returns user claims.
func (*Authenticator) ConfigureBindCredentials ¶
func (sa *Authenticator) ConfigureBindCredentials(cfg *Config) error
ConfigureBindCredentials configures user credentials for LDAP binding.
func (*Authenticator) ConfigureRealm ¶
func (sa *Authenticator) ConfigureRealm(cfg *Config) error
ConfigureRealm configures a domain name (realm) associated with the instance of authenticator.
func (*Authenticator) ConfigureSearch ¶
func (sa *Authenticator) ConfigureSearch(cfg *Config) error
ConfigureSearch configures base DN, search filter, attributes for LDAP queries.
func (*Authenticator) ConfigureServers ¶
func (sa *Authenticator) ConfigureServers(cfg *Config) error
ConfigureServers configures the addresses of LDAP servers.
func (*Authenticator) ConfigureTrustedAuthorities ¶
func (sa *Authenticator) ConfigureTrustedAuthorities(cfg *Config) error
ConfigureTrustedAuthorities configured trusted certificate authorities, if any.
func (*Authenticator) ConfigureUserGroups ¶
func (sa *Authenticator) ConfigureUserGroups(cfg *Config) error
ConfigureUserGroups configures user group bindings for LDAP searching.
func (*Authenticator) IdentifyUser ¶
func (sa *Authenticator) IdentifyUser(r *requests.Request) error
IdentifyUser returns user challenges.
type Config ¶
type Config struct {
Name string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"`
Realm string `json:"realm,omitempty" xml:"realm,omitempty" yaml:"realm,omitempty"`
Servers []AuthServer `json:"servers,omitempty" xml:"servers,omitempty" yaml:"servers,omitempty"`
BindUsername string `json:"bind_username,omitempty" xml:"bind_username,omitempty" yaml:"bind_username,omitempty"`
BindPassword string `json:"bind_password,omitempty" xml:"bind_password,omitempty" yaml:"bind_password,omitempty"`
Attributes UserAttributes `json:"attributes,omitempty" xml:"attributes,omitempty" yaml:"attributes,omitempty"`
SearchBaseDN string `json:"search_base_dn,omitempty" xml:"search_base_dn,omitempty" yaml:"search_base_dn,omitempty"`
SearchUserFilter string `json:"search_user_filter,omitempty" xml:"search_user_filter,omitempty" yaml:"search_user_filter,omitempty"`
SearchGroupFilter string `json:"search_group_filter,omitempty" xml:"search_group_filter,omitempty" yaml:"search_group_filter,omitempty"`
Groups []UserGroup `json:"groups,omitempty" xml:"groups,omitempty" yaml:"groups,omitempty"`
TrustedAuthorities []string `json:"trusted_authorities,omitempty" xml:"trusted_authorities,omitempty" yaml:"trusted_authorities,omitempty"`
// LoginIcon is the UI login icon attributes.
LoginIcon *icons.LoginIcon `json:"login_icon,omitempty" xml:"login_icon,omitempty" yaml:"login_icon,omitempty"`
// RegistrationEnabled controls whether visitors can registers.
RegistrationEnabled bool `json:"registration_enabled,omitempty" xml:"registration_enabled,omitempty" yaml:"registration_enabled,omitempty"`
// UsernameRecoveryEnabled controls whether a user could recover username by providing an email address.
UsernameRecoveryEnabled bool `` /* 127-byte string literal not displayed */
// PasswordRecoveryEnabled controls whether a user could recover password by providing an email address.
PasswordRecoveryEnabled bool `` /* 127-byte string literal not displayed */
// ContactSupportEnabled controls whether contact support link is available.
ContactSupportEnabled bool `json:"contact_support_enabled,omitempty" xml:"contact_support_enabled,omitempty" yaml:"contact_support_enabled,omitempty"`
// SupportLink is the link to the support portal.
SupportLink string `json:"support_link,omitempty" xml:"support_link,omitempty" yaml:"support_link,omitempty"`
// SupportEmail is the email address to reach support.
SupportEmail string `json:"support_email,omitempty" xml:"support_email,omitempty" yaml:"support_email,omitempty"`
// The roles assigned to a user when no matching LDAP groups found.
FallbackRoles []string `json:"fallback_roles,omitempty" xml:"fallback_roles,omitempty" yaml:"fallback_roles,omitempty"`
}
Config holds the configuration for the IdentityStore.
type IdentityStore ¶
type IdentityStore struct {
// contains filtered or unexported fields
}
IdentityStore represents authentication provider with LDAP identity store.
func NewIdentityStore ¶
func NewIdentityStore(cfg *Config, logger *zap.Logger) (*IdentityStore, error)
NewIdentityStore return an instance of LDAP-based identity store.
func (*IdentityStore) Authenticate ¶
func (b *IdentityStore) Authenticate(r *requests.Request) error
Authenticate performs authentication.
func (*IdentityStore) Configure ¶
func (b *IdentityStore) Configure() error
Configure configures IdentityStore.
func (*IdentityStore) Configured ¶
func (b *IdentityStore) Configured() bool
Configured returns true if the identity store was configured.
func (*IdentityStore) GetConfig ¶
func (b *IdentityStore) GetConfig() map[string]interface{}
GetConfig returns IdentityStore configuration.
func (*IdentityStore) GetKind ¶
func (b *IdentityStore) GetKind() string
GetKind returns the authentication method associated with this identity store.
func (*IdentityStore) GetLoginIcon ¶
func (b *IdentityStore) GetLoginIcon() *icons.LoginIcon
GetLoginIcon returns the instance of the icon associated with the provider.
func (*IdentityStore) GetName ¶
func (b *IdentityStore) GetName() string
GetName return the name associated with this identity store.
func (*IdentityStore) GetRealm ¶
func (b *IdentityStore) GetRealm() string
GetRealm return authentication realm.
func (*IdentityStore) IdentifyUser ¶
func (b *IdentityStore) IdentifyUser(r *requests.Request) error
IdentifyUser performs user identification.
type UserAttributes ¶
type UserAttributes struct {
Name string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"`
Surname string `json:"surname,omitempty" xml:"surname,omitempty" yaml:"surname,omitempty"`
Username string `json:"username,omitempty" xml:"username,omitempty" yaml:"username,omitempty"`
MemberOf string `json:"member_of,omitempty" xml:"member_of,omitempty" yaml:"member_of,omitempty"`
Email string `json:"email,omitempty" xml:"email,omitempty" yaml:"email,omitempty"`
}
UserAttributes represent the mapping of LDAP attributes to JWT fields.
type UserGroup ¶
type UserGroup struct {
GroupDN string `json:"dn,omitempty" xml:"dn,omitempty" yaml:"dn,omitempty"`
Roles []string `json:"roles,omitempty" xml:"roles,omitempty" yaml:"roles,omitempty"`
}
UserGroup represent the binding between BaseDN and a serarch filter. Upon successful authentation for the combination, a user gets assigned the roles associated with the binding.
Source Files
Click to show internal directories.
Click to hide internal directories.