The gssapi-wai package

[Tags:bsd3, library]

Basic WAI Middleware allows both SPNEGO and failback to Kerberos username/password authentication.


[Skip to Readme]

Properties

Versions 0.1.0.0, 0.1.0.1, 0.1.1.0, 0.1.2.0, 0.1.2.1
Dependencies base (>=4.8 && <4.10), base64-bytestring, bytestring, case-insensitive, gssapi (>=0.2.0), http-types, vault, wai, wai-extra [details]
License BSD3
Copyright Ondrej Palkovsky
Author Ondrej Palkovsky
Maintainer palkovsky.ondrej@gmail.com
Category Network
Home page https://github.com/ondrap/gssapi-wai
Source repository head: git clone https://github.com/ondrap/gssapi-wai.git
Uploaded Tue May 9 08:39:56 UTC 2017 by ondrap
Distributions NixOS:0.1.2.1
Downloads 228 total (26 in the last 30 days)
Votes
0 []
Status Docs available [build log]
Last success reported on 2017-05-09 [all 1 reports]
Hackage Matrix CI

Modules

[Index]

Downloads

Maintainer's Corner

For package maintainers and hackage trustees

Readme for gssapi-wai

Readme for gssapi-wai-0.1.2.1

Build Status Hackage

GSSAPI and Kerberos bindings for Haskell

See haskell gssapi package for tutorial how to set up kerberos authentication with Windows AD.

This module is modelled after spnego-http-auth-nginx-module. If you are using it to provide auth, it should be reasonably easy to use this module instead.

The application

Generally you need to use TLS, otherwise browsers refuse to use SPNEGO authentication. The library provides wai middleware component to ease use. The username is saved to a vault.

{-# LANGUAGE OverloadedStrings #-}
module Main where
import           Data.ByteString.Lazy.Char8     (fromStrict)
import           Data.Function                  ((&))
import           Data.Maybe                     (fromMaybe)
import           Data.Monoid                    ((<>))
import qualified Data.Vault.Lazy                as V
import           Network.HTTP.Types             (status200)
import           Network.HTTP.Types.Header      (hContentType)
import           Network.Wai                    (Application, responseLBS,
                                                 vault)
import           Network.Wai.Handler.Warp       (defaultSettings, setPort)
import           Network.Wai.Handler.WarpTLS    (runTLS, tlsSettings)

import           Network.Wai.Middleware.SpnegoAuth

app :: Application
app req respond = do
    let user = fromMaybe "no-user-found?" (V.lookup spnegoAuthKey (vault req))
    respond $ responseLBS status200 [(hContentType, "text/plain")] ("Hello " <> fromStrict user)

main :: IO ()
main = do
  let port = 3000
      settings = defaultSettings & setPort port
      tsettings = tlsSettings "cert.pem" "key.pem"
      authSettings = defaultSpnegoSettings{spnegoRealm=Just "EXAMPLE.COM"}
  putStrLn $ "Listening on port " ++ show port
  runTLS tsettings settings (spnegoAuth authSettings app)