gssapi-wai: WAI Middleware for SPNEGO authentiaction

[ bsd3, library, network ] [ Propose Tags ]

Basic WAI Middleware allows both SPNEGO and failback to Kerberos username/password authentication.


[Skip to Readme]
Versions 0.1.0.0, 0.1.0.1, 0.1.1.0, 0.1.2.0, 0.1.2.1, 0.1.2.2
Dependencies base (>=4.8 && <5), base64-bytestring, bytestring, case-insensitive, gssapi (>=0.2.0), http-types, vault, wai, wai-extra [details]
License BSD-3-Clause
Copyright Ondrej Palkovsky
Author Ondrej Palkovsky
Maintainer palkovsky.ondrej@gmail.com
Category Network
Home page https://github.com/ondrap/gssapi-wai
Source repo head: git clone https://github.com/ondrap/gssapi-wai.git
Uploaded by ondrap at Wed Nov 22 11:34:28 UTC 2017
Distributions NixOS:0.1.2.2
Downloads 1085 total (20 in the last 30 days)
Rating (no votes yet) [estimated by rule of succession]
Your Rating
  • λ
  • λ
  • λ
Status Docs available [build log]
Last success reported on 2017-11-22 [all 1 reports]
Hackage Matrix CI

Modules

[Index]

Downloads

Maintainer's Corner

For package maintainers and hackage trustees


Readme for gssapi-wai-0.1.2.2

[back to package description]

Build Status Hackage

GSSAPI and Kerberos bindings for Haskell

See haskell gssapi package for tutorial how to set up kerberos authentication with Windows AD.

This module is modelled after spnego-http-auth-nginx-module. If you are using it to provide auth, it should be reasonably easy to use this module instead.

The application

Generally you need to use TLS, otherwise browsers refuse to use SPNEGO authentication. The library provides wai middleware component to ease use. The username is saved to a vault.

{-# LANGUAGE OverloadedStrings #-}
module Main where
import           Data.ByteString.Lazy.Char8     (fromStrict)
import           Data.Function                  ((&))
import           Data.Maybe                     (fromMaybe)
import           Data.Monoid                    ((<>))
import qualified Data.Vault.Lazy                as V
import           Network.HTTP.Types             (status200)
import           Network.HTTP.Types.Header      (hContentType)
import           Network.Wai                    (Application, responseLBS,
                                                 vault)
import           Network.Wai.Handler.Warp       (defaultSettings, setPort)
import           Network.Wai.Handler.WarpTLS    (runTLS, tlsSettings)

import           Network.Wai.Middleware.SpnegoAuth

app :: Application
app req respond = do
    let user = fromMaybe "no-user-found?" (V.lookup spnegoAuthKey (vault req))
    respond $ responseLBS status200 [(hContentType, "text/plain")] ("Hello " <> fromStrict user)

main :: IO ()
main = do
  let port = 3000
      settings = defaultSettings & setPort port
      tsettings = tlsSettings "cert.pem" "key.pem"
      authSettings = defaultSpnegoSettings{spnegoRealm=Just "EXAMPLE.COM"}
  putStrLn $ "Listening on port " ++ show port
  runTLS tsettings settings (spnegoAuth authSettings app)