The Wayback Machine - https://web.archive.org/web/20201103195903/https://github.com/Uninett/goidc-proxy
Skip to content

/ goidc-proxy

OpenID Connect proxy

MIT License
17 stars 4 forks
Star
Watch
master
1 branch 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
conf
 
 
.gitignore
 
 
.gitlab-ci.yml
 
 
Dockerfile
 
 
LICENSE
 
 
README.md
 
 
glide.lock
 
 
glide.yaml
 
 
goidc.json.example
 
 
goidc_test.json
 
 
groups.go
 
 
healthz.go
 
 
jwt.go
 
 
main.go
 
 
oidc.go
 
 
oidc_test.go
 
 
proxy.go
 
 
sign.go
 
 
utils.go
 
 
utils_test.go
 
 
websocket.go
 
 
websocket_test.go
 
 

README.md

OpenID Connect Proxy

The proxy is based on coreos/go-oidc package. It supports simple proxying request based on authentication from any OpenID Connect providers. You can forward either OAuth2 Accesstoken (oauth2) or JWT Token (jwt) in Authorization header. The OAuth2 Accesstokenis the default option for sending to downstream target application. This is useful depending upon your target application configured under proxy section.

In addition to that it has support for two factor authentication which is primarily tested for Dataporten. Two factor can be enabled for selected users/groups or for all the users.

Authentication with Dataporten

{
    "proxy": {
        "target": "https://httpbin.org"
    },
    "engine": {
        "client_id": "<client_id>",
        "client_secret": "<client_secret>",
        "issuer_url": "https://auth.dataporten.no",
        "redirect_url": "http://localhost:8888/oauth2/callback",
        "scopes": "userid",
        "signkey": "testtesttesttest",
        "groups_endpoint": "",
        "token_type": "oauth2",
        "jwt_token_issuer": "https://jwt.example.no",
        "twofactor": {
            "all": false,
            "redirect_on_response": false,
            "principals": "",
            "acr_values": "",
        },
        "logging": {
            "level": "info"
        }
    },
    "server": {
        "port": 8888,
        "health_port": 1337,
        "cert": "cert.pem",
        "key": "key.pem",
        "ssl": false,
        "secure_cookie": false
    }
}

You need to copy the client-id and client-sercret from Dataporten Dashboard. Also make sure you have the redirect_url set accordingly as well as other details.

Authentication with Google OpenID Connect

The configuration file for using Google as OpenID provider

{
    "proxy": {
        "target": "https://httpbin.org"
    },
    "engine": {
        "client_id": "<client-id>",
        "client_secret": "<client-sercret>",
        "issuer_url": "https://accounts.google.com",
        "redirect_url": "http://localhost:8888/oauth2/callback",
        "scopes": "email",
        "signkey": "testtesttesttest",
        "groups_endpoint": "",
        "token_type": "oauth2",
        "jwt_token_issuer": "https://jwt.example.no",
        "twofactor": {
            "all": false,
            "redirect_on_response": false,
            "principals": "",
            "acr_values": "",
        },
        "logging": {
            "level": "debug"
        }
    },
    "server": {
        "port": 8888,
        "health_port": 1337,
        "cert": "cert.pem",
        "key": "key.pem",
        "ssl": false,
        "secure_cookie": false
    }
}

You need to copy the client-id and client-sercret from Google API console. Also make sure you have the redirect_url set accordingly as well as other details.

About

OpenID Connect proxy

Topics

dataporten proxy openidconnect

Resources

Readme

License

MIT License

Releases

No releases published

Packages

No packages published

Contributors 6

Languages

You can’t perform that action at this time.