gssapi-wai: WAI Middleware for SPNEGO authentiaction

[ bsd3, library, network ] [ Propose Tags ]

Basic WAI Middleware allows both SPNEGO and failback to Kerberos username/password authentication.

[Skip to Readme]


[Index] [Quick Jump]


Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees


  • No Candidates
Versions [RSS],,,,,,
Dependencies base (>=4.8 && <5), base64-bytestring, bytestring, case-insensitive, gssapi (>=0.2.0), http-types, vault, wai, wai-extra [details]
License BSD-3-Clause
Copyright Ondrej Palkovsky
Author Ondrej Palkovsky
Category Network
Home page
Source repo head: git clone
Uploaded by ondrap at 2018-10-30T13:37:10Z
Distributions NixOS:
Reverse Dependencies 1 direct, 0 indirect [details]
Downloads 4634 total (14 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs available [build log]
Last success reported on 2018-11-02 [all 1 reports]

Readme for gssapi-wai-

[back to package description]

Build Status Hackage

GSSAPI and Kerberos bindings for Haskell

See haskell gssapi package for tutorial how to set up kerberos authentication with Windows AD.

This module is modelled after spnego-http-auth-nginx-module. If you are using it to provide auth, it should be reasonably easy to use this module instead.

The application

Generally you need to use TLS, otherwise browsers refuse to use SPNEGO authentication. The library provides wai middleware component to ease use. The username is saved to a vault.

{-# LANGUAGE OverloadedStrings #-}
module Main where
import           Data.ByteString.Lazy.Char8     (fromStrict)
import           Data.Function                  ((&))
import           Data.Maybe                     (fromMaybe)
import           Data.Monoid                    ((<>))
import qualified Data.Vault.Lazy                as V
import           Network.HTTP.Types             (status200)
import           Network.HTTP.Types.Header      (hContentType)
import           Network.Wai                    (Application, responseLBS,
import           Network.Wai.Handler.Warp       (defaultSettings, setPort)
import           Network.Wai.Handler.WarpTLS    (runTLS, tlsSettings)

import           Network.Wai.Middleware.SpnegoAuth

app :: Application
app req respond = do
    let user = fromMaybe "no-user-found?" (V.lookup spnegoAuthKey (vault req))
    respond $ responseLBS status200 [(hContentType, "text/plain")] ("Hello " <> fromStrict user)

main :: IO ()
main = do
  let port = 3000
      settings = defaultSettings & setPort port
      tsettings = tlsSettings "cert.pem" "key.pem"
      authSettings = defaultSpnegoSettings{spnegoRealm=Just "EXAMPLE.COM"}
  putStrLn $ "Listening on port " ++ show port
  runTLS tsettings settings (spnegoAuth authSettings app)