Skip to content

KappaEtaKappa/the.delta.khk.org-auth

BranchesTags

Repository files navigation

KHK Single Sign-on Access

by Joseph Dailey

Purpose

There are several services for KHK member use hosted on our public IP. This service serves as a sort of nexus for these services. It also handles user authentication and service permissions. Its final responsibility is to perfrom SAML (single sign-on) interfacing with Google Drive for Work.

If you are looking to install the whole KHK platform please follow this guide.

KHK-SSA Installation

$ git clone [email protected]:/KappaEtaKappa/khk-ssa.git
$ ./build.sh

The build script will install all core components and enalbe/start the service. This is only a few simple steps.

  • Pull git updates from master
  • Install or update all NPM modules
  • Copy NGINX configuration files the nginx sites folder
  • Test the NGINX changes
  • Copy systemd service files into the system folder
  • Enable, start, and print the status of the service.

Running the Server

Development Mode

During development you will want to run this service just like any other node server.

$ node home.js

Release (Running as Daemon)

$ systemctl start khk-ssa.service

This systemd service file is located at ./cp/khk-ssa.service However, the local ./build script will move this file into the correct location.

To persist the server across reboots and to auto-restart on failure, enable the service.

$ systemctl start khk-ssa-daemon.service

(Sub) Domain Resolution

This server is managed by NGINX. The main NGINX configuration is here. (See this guide for more)

Application Database

For services to integrate with KHK-Access, each will need to register themselves via their .application.sh script.

Example

#!/bin/bash
sqlite3 ../khk-ssa/khk-access/db.sqlite "INSERT INTO apps (name, privilegeRequired, subdomain, icon) values (\"Drive\", 1, \"drive\", \"fa-file-text\");"

Current Privileges

  • 0 Public
  • KHK General
  • 2 KHK Admin

KHK-Access

This module is used by many other services to authenticate the user as well as limit access depending on user privileges.

Require the Module

var access = require("../khk-ssa/khk-access/index.js")();

Using khk-access

- logIn 
-- name
-- pass
-- callback
--- On successful login `token` will be returned and may be used as a browser cookie.
- getApplications
-- token
-- callback
- isLoggedIn
-- token
-- callback
- getSessionByToken
-- token
-- callback
- getPriviledgeLevel
-- token
-- callback
- canUserAccessApplication
-- token
-- subdomain
-- callback
- getUserInformation
-- token
-- callback
- logOut
-- token
-- callback

Navbar Injection

KHK-Access provided a unified navbar. Your service must be registered in the applications database. (see .application.sh)

var access = require("../khk-ssa/khk-access/index.js")();
access.use(ssa.navbar("Your app name"));

In EJS you can now include the navbar...

<% navbar %>

In Handlebars...

{{{ navbar }}}

Google Drive for Work (G Suite) Single Sign-On

Fucking magic

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

11 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages