Skip to content
This repository was archived by the owner on Feb 12, 2026. It is now read-only.

MCMLLC/mcm-auth

BranchesTags

Repository files navigation

mcm-auth

This creates stacks for each environment supporting the APIs needed for basic user authorization/authentication

SAML Service Provider Setup

When an environment is first deployed, certificates need to be generated in order to initialize the SAML 2.0 service provider for that environment. To do that, do the following:

  1. Generate a strong password for signing key: save this offline someplace safe, and save it as a 'SecureString' in SSM Parameter Store in the environment as '/mcm-v1/saml/signingPrivateKeyPassword'.
  2. Run command:

openssl req -x509 -sha256 -days 3650 -newkey rsa:2048 -keyout signingPrivateKey.key -out signingCert.crt

Enter, when prompted, the strong password from above as the PEM pass phrase, and the common name matching the hostname api.<env>.mirificsystems.com. 3) Save the content of the signingPrivateKey.key file offline someplace safe, and save it as a 'SecureString' in SSM Parameter Store in the environment as '/mcm-v1/saml/signingPrivateKey'. 4) Save the content of the signingCert.crt file offline someplace safe, and save it as a 'String' in the SSM Parameter Store in the environment as '/mcm-v1/saml/signingCert'. 5) Run command:

openssl req -x509 -sha256 -days 3650 -newkey rsa:2048 -nodes -keyout encPrivateKey.key -out encCert.crt

Enter, when prompted, the common name matching the hostname api.<env>.mirificsystems.com. 6) Save the content of the encPrivateKey.key file offline someplace safe, and save it as a 'SecureString' in SSM Parameter Store in the environment as '/mcm-v1/saml/encPrivateKey'. 7) Save the content of the encCert.crt file offline someplace safe, and save it as a 'String' in the SSM Parameter Store in the environment as '/mcm-v1/saml/encCert'.

DAV digest encryption setup

  1. Generate a strong 64 character hex string (must be hex, and must be 64 characters) for AES 256 key: save this offline someplace safe, and save it as a 'SecureString' in SSM Parameter Store in the environment as '/mcm-v1/dav/digestKey'.

Dependencies

This stack requires that the mcm-app infrastructure has been properly deployed (see https://github.com/MCMLLC/mcm-infrastructure/blob/develop/mcm-apps/README.md). In addition, the folllowing stacks must be present:

  • mcm-apigw
  • mcm-cognito
  • mcm-postgres
  • mcm-ddb

Standard named lambda functions published by this stack

Lambda name Definition
mcm-auth-AuthAPI Lambda API for interacting with permissions and authentication info

Standard exported symbols to be used by apps within the given account

Symbol Definition

Standard SSM Parameters published by this stack

Symbol Definition

Stack removal

No special considerations.

About

Authentication/authorization microservice for MCM v1

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

31 tags

Packages

 
 
 

Contributors

Languages