Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

testrp.security.allizom.org

Mozilla IAM demo reference architectures, configurations, etc. to implement OIDC, SAML in different ways

You can see this in action at https://testrp.security.allizom.org/

What can I do with this?

Supported protocols

  • OpenID Connect (OIDC)
  • SAML

Easy "get a login page in front of my site"

  • Run an Apache reverse-proxy in front of your web-site that requires login and specific group membership to access the site. Session, Login, etc. will be cared for automatically.
  • Run the equivalent Nginx reverse-proxy.
  • All attributes are also passed in HTTP headers to your site.

Future

More advanced login integrations

  • Run Python code that allows you to integrate the login experience better (for example through a sign-in button)
  • Run equivalent NodeJS, etc. code.

Integrate an authorization flow (via OAuth2)

  • Run an Nginx reverse-proxy that passes access tokens to access data on behalf of users/machines.
  • Allow other applications to request tokens from you.

Deployment

This is deployed in the infosec-dev AWS account in the us-west-2 region. It can be accessed with the id_rsa_infosec_us-west-2 EIS shared SSH key in the GPG store.

Accessing the server

ssh -i ~/.ssh/id_rsa_infosec_us-west-2 centos@testrp.security.allizom.org

The Route53 records for testrp.security.allizom.org and *.testrp.security.allizom.org are CNAMEs to the ec2 instance. As a result if the ec2 instance is stopped and started again it will get a new IP and name and these Route53 records will no longer point to the instance.

Logs

Logs for the webserver are located in

/usr/local/openresty/nginx/logs/error.log /usr/local/openresty/nginx/logs/access.log

These logs are not rotated and will eventually fill the 8GB disk.

About

Mozilla IAM demo reference architectures, configurations, etc. to implement OIDC, SAML in different ways

Resources

License

Releases

No releases published

Packages

No packages published