gssapi-wai: WAI Middleware for SPNEGO authentiaction
Basic WAI Middleware allows both SPNEGO and failback to Kerberos username/password authentication.
[Skip to Readme]
Downloads
- gssapi-wai-0.1.2.3.tar.gz [browse] (Cabal source package)
- Package description (as included in the package)
Maintainer's Corner
For package maintainers and hackage trustees
Candidates
- No Candidates
| Versions [RSS] | 0.1.0.0, 0.1.0.1, 0.1.1.0, 0.1.2.0, 0.1.2.1, 0.1.2.2, 0.1.2.3 |
|---|---|
| Dependencies | base (>=4.8 && <5), base64-bytestring, bytestring, case-insensitive, gssapi (>=0.2.0), http-types, vault, wai, wai-extra [details] |
| License | BSD-3-Clause |
| Copyright | Ondrej Palkovsky |
| Author | Ondrej Palkovsky |
| Maintainer | palkovsky.ondrej@gmail.com |
| Category | Network |
| Home page | https://github.com/ondrap/gssapi-wai |
| Source repo | head: git clone https://github.com/ondrap/gssapi-wai.git |
| Uploaded | by ondrap at 2018-10-30T13:37:10Z |
| Distributions | NixOS:0.1.2.3 |
| Reverse Dependencies | 1 direct, 0 indirect [details] |
| Downloads | 4888 total (9 in the last 30 days) |
| Rating | (no votes yet) [estimated by Bayesian average] |
| Your Rating | |
| Status | Docs available [build log] Last success reported on 2018-11-02 [all 1 reports] |
Readme for gssapi-wai-0.1.2.3
[back to package description]
GSSAPI and Kerberos bindings for Haskell
See haskell gssapi package for tutorial how to set up kerberos authentication with Windows AD.
This module is modelled after spnego-http-auth-nginx-module. If you are using it to provide auth, it should be reasonably easy to use this module instead.
The application
Generally you need to use TLS, otherwise browsers refuse to use SPNEGO authentication. The library provides wai middleware component to ease use. The username is saved to a vault.
{-# LANGUAGE OverloadedStrings #-}
module Main where
import Data.ByteString.Lazy.Char8 (fromStrict)
import Data.Function ((&))
import Data.Maybe (fromMaybe)
import Data.Monoid ((<>))
import qualified Data.Vault.Lazy as V
import Network.HTTP.Types (status200)
import Network.HTTP.Types.Header (hContentType)
import Network.Wai (Application, responseLBS,
vault)
import Network.Wai.Handler.Warp (defaultSettings, setPort)
import Network.Wai.Handler.WarpTLS (runTLS, tlsSettings)
import Network.Wai.Middleware.SpnegoAuth
app :: Application
app req respond = do
let user = fromMaybe "no-user-found?" (V.lookup spnegoAuthKey (vault req))
respond $ responseLBS status200 [(hContentType, "text/plain")] ("Hello " <> fromStrict user)
main :: IO ()
main = do
let port = 3000
settings = defaultSettings & setPort port
tsettings = tlsSettings "cert.pem" "key.pem"
authSettings = defaultSpnegoSettings{spnegoRealm=Just "EXAMPLE.COM"}
putStrLn $ "Listening on port " ++ show port
runTLS tsettings settings (spnegoAuth authSettings app)