$ make build
$ make run
$ firefox http://127.0.0.1:8080
That should get everything built and running, then get you to the nginx landing site. From there your request should hit the validator, then bounce to the authenticator and prompt for selecting which auth method to use.
See the Makefile for the details of each command.
The basic process for interacting with this product:
- a user makes a request against a protected url
- nginx queries validator with the given jwt token in the request
- if the validator approves the user's token, nginx passes the traffic upstream. done.
- if the validator deny's the user's token, nginx internal redirects to the authenticator
- the authenticator displays an entry field for the userid (typically an email address), and a list of all authenticators plugins that are available to use (IE 'emaildomains', 'yubikey', 'google auth', 'sms', etc). If only one authenticator plugin is active, then no list is shown.
There are several types of plugins to extend and manipulate different functionality within factored.
- finder plugins are responsible for determining whether or not a given subject in a JWT value can be considered a valid user -- IE is the subject in question an actual account and active within the system.
- authenticator plugins are ultimately responsible for providing confirmation and a value to use as a subject when generating a token (jwt).
- template plugins generate the base template used in authenticator plugins
- datastore plugins are used to store access requests and other information through a standared api
- reimplement ATS integration
- (maybe) readd GoogleAuth authenticator
- readd SMSAuth authenticator
- readd SQLUserFinder
- readd LDAPUserFinder
- test coverage
- docs/*