npme-auth-oauth2-restricted's Introduction

npme-auth-oauth2

auth strategy for OAuth2 SSO.

Instructions

Note: The whitelist file and plugin should both be saved/installed to the Miscellaneous Data Files folder as you've configured it for your npmE instance.

The default is /usr/local/lib/npme/data

Installation

The change directory command may be different based on your configuration (see note above).

cd /usr/local/lib/npme/data
sudo npm i @bcoe/npme-auth-oauth2-restricted

Configuration

Go to your npm Enterprise admin console (on port 8800 of your server), select the Settings tab and then choose the OAuth2 option under the Authentication section. Fill out the configuration fields for your OAuth provider and click Save to apply your setting.

Next, switch to Custom for Authentication and populate each of the plugin settings as /etc/npme/data/node_modules/@bcoe/npme-auth-oauth2-restricted:

Config Field	Config Value
Authorization plugin	/etc/npme/data/node_modules/@bcoe/npme-auth-oauth2-restricted
Authentication plugin	/etc/npme/data/node_modules/@bcoe/npme-auth-oauth2-restricted
Session plugin	/etc/npme/data/node_modules/@bcoe/npme-auth-oauth2-restricted

Click Save a final time to apply these settings.

Whitelist

Create the whitelist file, user-whitelist.txt in the Misecellaneous Data Files directory (ex: /usr/local/lib/npme/data).

Each user that you want to have access to npmE must be listed on a separate line, by their email address.

Restart Your Instance

Navigate to your instance's dashboard and use the buttons to stop and restart the instance. After the restart, only users in the whitelist file will be permitted to authenticate.

npme-auth-oauth2-restricted's People

Contributors

Stargazers

Watchers

npme-auth-oauth2-restricted's Issues

Module doesn't start correctly

When I run this on our npmE instance and tail npme-auth, I see this:

{"time":"2018-03-21T22:01:47.526Z","hostname":"xxxxxxxxx","pid":5,"level":"info","name":"npme","message":"npm-auth-ws listening at http://0.0.0.0:5000"}
events.js:141
      throw er; // Unhandled 'error' event
      ^

Error: Redis connection to xxxxxxxxx:6379 failed - connect ECONNREFUSED xxxxxxxxx:6379
    at Object.exports._errnoException (util.js:907:11)
    at exports._exceptionWithHostPort (util.js:930:20)
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1078:14)

With the above error appearing in the logs for the auth container, when the plugin is active, going to /login shows a password screen, which takes any username/password. After this, it proceeds to a google oauth screen as hoped, but, it's possible to use any google oauth2 id to sign in, and user-whitelist.txt doesn't appear to have an effect.

edit: A colleague of mine is wondering if this is perhaps due to the redis container starting a little late.

Recommend Projects

npm / npme-auth-oauth2-restricted Goto Github PK

npme-auth-oauth2-restricted's Introduction

npme-auth-oauth2

Instructions

Installation

Configuration

Whitelist

Restart Your Instance

npme-auth-oauth2-restricted's People

Contributors

Stargazers

Watchers

Forkers

npme-auth-oauth2-restricted's Issues

Module doesn't start correctly

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent