It's a docker image which implements a straightforward Single Sign-On authentication for containers behind a Traefik v2 edge router.
1 - Run the below docker-compose command locally
docker-compose -f ./docker-compose.yml -f ./docker-compose.local.yml up -dSee docker-compose.yml, docker-compose.local.yml & .env files
2 - When containers are up, open ${PWD}/data/db.json and add the below temporary alice user:
{
"users": [
{
"username": "alice",
"password": "$2y$10$mNJw6ojRWORz10gDaj602.8auytb58peR/hwdewqFpCershSO7DGm"
}
]
}The password has been hashed using bcrypt, value is 4lic3.
3 - Open http://iamfoo.domain.localhost in a browser (or http://iambar.domain.localhost).
4 - You should be redirected to http://sso.domain.localhost to logon on the domain domain.localhost
5 - Logon using username: alice and password: 4lic3.
6 - You should be redirected to http://iamfoo.domain.localhost (or http://iambar.domain.localhost)
7 - Logout from sso using http://sso.domain.localhost/logout. This will clear jwt token cookie on domain *.domain.localhost
Note: Environment variables used in demo are defined in .env file.
| Name | Description |
|---|---|
| DOMAIN | Domain to authenticate through the sso |
| SECRET | Secret used for JWT token signature. |
| TOKEN_MAX_AGE | Set JWT token life time. Must match with regex: https://regex101.com/r/Q9rYJW/2 |
| LOG_LEVEL | Log level (DEBUG, INFO, WARN or ERROR). Do not use DEBUG in production. |
Users can be currently managed by editing json database file ${PWD}/data/db.json through the key users. A user-friendly UI is planned to perform this. The current workflow is temporary.
To add new or update existing credentials you might use the following curl command on /hash endpoint. This api will hash the account password using bcrypt:
curl -d '{"username":"eve", "password":"3v3"}' -H "Content-Type: application/json" -X POST https://sso.domain.localhost/hash; echoResult:
{"username":"eve","password":"$2a$10$f1sHYu64iZ0zUX6vXnqj0uLE691O0bQTV.YuHw1At2PGL8CBWk/P6"}You need to manually add this json output in the db.json database file (users key).
Just remove selected users entries in json array.
You can change every text and css styles of you sso login page by editing file ${PWD}/data/config.json.
This config.json file is following the AppConfig typescript structure
Here's the UML diagram of this structure:
Note: To configure properly your styles css properties (default, small & large screens) in config.json file, you can refer to the typescript interface CSSStyleDeclaration.
docker build -t traefik-sso:yourtag .1 - Install npm dependencies
npm install2 - Build local traefik-sso:dev image through compose
npm run docker:dev:build
# or
docker-compose -f ./docker-compose.yml -f ./docker-compose.dev.yml build3 - Run local development
npm run docker:dev:up
# or
docker-compose -f ./docker-compose.yml -f ./docker-compose.dev.yml up4 - Now follow steps from local demo section, you have same environment but in development 😊.