Improve the troubleshooting of a kerberos deployment

1. output logs when the kerberos proxy crash 2. introduce a new endpoint `/test-headers` to troubleshoot the connector. If you go to http://localhost:port/test-headers it will display the headers that the connector receive AFTER the kerberos authentication and BEFORE fetching the profile from LDAP. 3. introduce a new variable `KERBEROS_DEBUG_USER`. When the connector is started with this variable it will disable kerberos and use always the same user. eg `KERBEROS_DEBUG_USER=john`.
auth0 · Apr 7, 2016 · a6fabf7 · a6fabf7
1 parent d1b3497
commit a6fabf7
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 5 deletions.
diff --git a/endpoints.js b/endpoints.js
@@ -41,14 +41,18 @@ exports.install = function (app) {
     });
   }
 
+  app.get('/test-headers', function (req, res) {
+    res.json(req.headers);
+  });
+
   app.get('/test-iis', function (req, res) {
     res.send(200, 'worked! your iis user is: ' + req.headers['x-iisnode-logon_user']);
   });
 
   app.get('/wsfed',
     function (req, res, next) {
       if (req.session.messages) return next();
-      
+
       var strategies = nconf.get('LDAP_URL') ?
                           (nconf.get('CLIENT_CERT_AUTH') ?
                             ['ClientCertAuthentication'] :

diff --git a/package.json b/package.json
@@ -33,7 +33,7 @@
     "express-passport-logout": "~0.1.0",
     "freeport": "~1.0.2",
     "jsonwebtoken": "5.0.4",
-    "kerberos-server": "*",
+    "kerberos-server": "^1.0.0",
     "ldapjs": "~0.7.1",
     "level-spaces": "~2.0.0",
     "level-ttl": "~2.2.0",

diff --git a/server.js b/server.js
@@ -78,7 +78,8 @@ connectorSetup.run(__dirname, function(err) {
   require('./endpoints').install(app);
 
   var options = {
-    port: nconf.get('PORT')
+    port: nconf.get('PORT'),
+    test_user: nconf.get('KERBEROS_DEBUG_USER')
   };
 
   // client certificate-based authentication
@@ -105,8 +106,13 @@ connectorSetup.run(__dirname, function(err) {
     console.log('Using kerberos authentication');
 
     if (process.platform === 'win32') {
-      var kerberos_server = require('kerberos-server');
-      kerberos_server.createServer(options, app);
+      var KerberosServer = require('kerberos-server');
+      var kerberosServer = new KerberosServer(app, options);
+      kerberosServer.listen(options.port)
+                    .on('error', function (err) {
+                      console.error(err.message);
+                      return process.exit(1);
+                    });
     } else if (nconf.get('WITH_KERBEROS_PROXY_FRONTEND')) {
       var http = require('http');
       http.createServer(app).listen(options.port);