A library that connects to ams using argo-ams-library and syncs with MITREid, SimpleSAMLphp and Keycloak
Project description
rciam-federation-registry-agent
RCIAM Federation Registry Agent main objective is to sync data between RCIAM Federation Registry and
different identity and access management solutions, such as Keycloak, SATOSA, SimpleSAMLphp and MITREid Connect.
This python library includes a module named ServiceRegistryAms/ to pull and publish messages from ARGO Messaging
Service using the argo-ams-library, an API module named MitreidConnect/ to communicate with the API of the MITREid, an
API module named Keycloak/ to communicate with the API of the Keycloak.
The main standalone scripts that are used to deploy updates to the third party services are under bin/:
deployer_keycloakfor Keycloakdeployer_mitreidfor MITREiddeployer_sspfor SimpleSAMLphp
Installation
First install the packages from the requirements.txt file
pip install -r requirements.txt
Install rciam-federation-registry-agent
pip install rciam-federation-registry-agent
Usage
deployer_keycloak
deployer_keycloak requires the path of the config file as an argument
deployer_keycloak -c example_deployers.config.json
deployer_mitreid
deployer_mitreid requires the path of the config file as an argument
deployer_mitreid -c example_deployers.config.json
deployer_ssp
deployer_ssp requires the path of the config file as an argument
deployer_ssp -c example_deployers.config.json
Configuration
An example of the required configuration file can be found in conf/example_deployers.config.json. The different configuration options are described below.
{
"keycloak": {
"ams": {
"host": "example.host.com",
"project": "ams-project-name-keycloak",
"pull_topic": "ams-topic-keycloak",
"pull_sub": "ams-sub-keycloak",
"token": "ams-token-keycloak",
"pub_topic": "ams-publish-topic-keycloak",
"poll_interval": 1
},
"auth_server": "https://example.com/auth",
"realm": "example",
"client_id": "client ID",
"client_secret": "client secret"
},
"mitreid": {
"ams": {
"host": "example.host.com",
"project": "ams-project-name-mitreid",
"pull_topic": "ams-topic-mitreid",
"pull_sub": "ams-sub-mitreid",
"token": "ams-token-mitreid",
"pub_topic": "ams-publish-topic-mitreid",
"poll_interval": 1
},
"issuer": "https://example.com/oidc",
"refresh_token": "refresh token",
"client_id": "client ID",
"client_secret": "client secret"
},
"ssp": {
"ams": {
"host": "example.host.com",
"project": "ams-project-name-ssp",
"pull_topic": "ams-topic-ssp",
"pull_sub": "ams-sub-ssp",
"token": "ams-token-ssp",
"pub_topic": "ams-publish-topic-ssp",
"poll_interval": 1,
"deployer_name": "1"
},
"metadata_conf_file": "/path/to/ssp/metadata/file.php",
"cron_secret": "SSP cron secret",
"cron_url": "http://localhost/proxy/module.php/cron/cron.php",
"cron_tag": "hourly",
"request_timeout": 100
},
"log_conf": "conf/logger.conf"
}
As shown above there are three main groups, namely Keycloak, MITREid and SSP and each group can have its own AMS
settings and service specific configuration values. The only global value is the log_conf path if you want to use the
same logging configuration for both of the deployers. In case you need a different configuration for a deployer you can
add log_conf in the scope of "MITREid" or "SSP".
ServiceRegistryAms
Use ServiceRegistryAms as a manager to pull and publish messages from AMS
from ServiceRegistryAms.PullPublish import PullPublish
with open('config.json') as json_data_file:
config = json.load(json_data_file)
ams = PullPublish(config)
message = ams.pull(1)
ams.publish(args)
Keycloak
Use Keycloak as an API manager to communicate with Keycloak
- First obtain an access token and create the Keycloak API Client (find client_credentials_grant under
Utilsdirectory)
access_token = client_credentials_grant(issuer_url, client_id, client_secret)
keycloak_agent = KeycloakClientApi(issuer_url, access_token)
- Use the following functions to create, delete and update a service on client_credentials_grant
response = keycloak_agent.create_client(keycloak_msg)
response = keycloak_agent.update_client(external_id, keycloak_msg)
response = keycloak_agent.delete_client(external_id)
MITREid Connect
Use MITREid Connect as an API manager to communicate with MITREid
- First obtain an access token and create the MITREid API Client (find refresh_token_grant under
Utilsdirectory)
access_token = refresh_token_grant(issuer_url, refresh_token, client_id, client_secret)
mitreid_agent = mitreidClientApi(issuer_url, access_token)
- Use the following functions to create, delete and update a service on MITREid
response = mitreid_agent.createClient(mitreid_msg)
response = mitreid_agent.updateClientById(external_id, mitreid_msg)
response = mitreid_agent.deleteClientById(external_id)
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file rciam-federation-registry-agent-3.3.3.tar.gz.
File metadata
- Download URL: rciam-federation-registry-agent-3.3.3.tar.gz
- Upload date:
- Size: 23.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.8.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fd92501301c29cb6878c226ec863620e1992c83df1f3edd2211598f3ea6fb62c |
|
| MD5 | 1ff44e86cff5e96cd25d9c97a8df23e5 |
|
| BLAKE2b-256 | 36ec073fcf8ba3c53b4bd1c679be46cb8130d7029f0ec8db738cf4fe66804cba |
File details
Details for the file rciam_federation_registry_agent-3.3.3-py2.py3-none-any.whl.
File metadata
- Download URL: rciam_federation_registry_agent-3.3.3-py2.py3-none-any.whl
- Upload date:
- Size: 28.3 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.8.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c453e9202cec5a992864067fd1b99bbac0a0c4a493b19d74c57d5a1e82f7a2a1 |
|
| MD5 | 60355e55fc7d334ef34d4c49f66b2460 |
|
| BLAKE2b-256 | dc554e2ef5ba0502f70cfc418fea73d71fadfd1334af6739784338aa1a2bccd9 |
