Skip to content
This repository has been archived by the owner on Oct 10, 2020. It is now read-only.

Latest commit

 

History

History
73 lines (55 loc) · 2.8 KB

README.md

File metadata and controls

73 lines (55 loc) · 2.8 KB

About

This repository contains a simple Atlassian Crowd authentication script for nginx, written in Lua, for use with the access_by_lua_file directive.

This is used in production on Debian 7.2, running the latest dotdeb nginx packages. An attempt was made to use as much "off-the-shelf" packaging as possible. This script relies on the use of lua-Spore REST client/library.

Please note there is an actual nginx module available that can accomplish the same, however it requires building your own packages. It is available here. I am making this available as, in all things, it is preferrable (for me, at any rate), to use packages when available over building packages or compiling software directly.

Also, please see the related JIRA Issue.

Installation and Configuration

  • Install related packages for Lua and lua-Spore dependency:
aptitude install lua5.1 luarocks
luarocks install luasec
luarocks install lua-spore
  • Copy the crowd-auth.lua to somewhere accessible by nginx:
mkdir -p /etc/nginx/lua && cp crowd-auth.lua /etc/nginx/lua
  • Add a new application in Crowd, and test the connectivity with the users/groups you wish to authenticate with.

  • Modify the crowd-auth.lua, replacing <CROWD_APP_URL>, <CROWD_APP_NAME>, <CROWD_APP_PASS> with the Crowd base url, the application name and the application password created in the previous step.

  • Add a access_by_lua_file directive in a nginx site stanza, similar to the following:

server {
  listen 80;

  server_name host.example.com;
  root /var/www/host.example.com;

  location ~ ^/protected/ {
    set $cwd_user 'unknown';
    set $cwd_email '[email protected]';

    access_by_lua_file /etc/nginx/lua/crowd-auth.lua;

    fastcgi_param REMOTE_USER $cwd_user;
  }
}

Authenticating against Atlassian JIRA or other REST-enabled App

While untried, modifying this script for use authenticating against Atlassian JIRA (or other app) should be fairly straight forward, as JIRA's REST API is very similar (if not identical) to Crowd's. Should you do that, please email me and/or provide a pull request and I will gladly integrate the changes within this repository.

Similarly, should you find this useful in negotiating authentication against any other apps, please let me know via email, and/or provide a pull request, so that fellow devops teams do not need to continously reinvent the wheel ;).