cacert
/
oidc-idp
8
0
Fork 0
Code Issues Pull Requests Projects Releases 7 Wiki Activity
OpenID Connect Identity Provider (Login and Consent part) using client certificate authentication and ORY Hydra
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43 Commits
1 Branch
7 Tags
317 KiB
Go 98.8%
Makefile 1.2%
 
 
main
0.3.0
0.2.1
0.2.0
0.1.3
0.1.2
0.1.1
0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '44e18ca3a5'
${ noResults }
Go to file
Jan Dittberner 44e18ca3a5 Implement consent management 
The primary change in this commit is the introduction of consent management.

A few minor improvements have been made:

- move common header to ui/templates/base.gohtml
- add an I18NService to unify localization
- add a handlers.getLocalizer function
- fix translation extraction and merging in Makefile
- add a new AuthMiddleware to centralize client certificate authentication
- move client certificate handling to internal/handlers/security.go
- improver error handling, allow localization of HTTP error messages
 		9 months ago
cmd/idp Implement consent management 9 months ago
debian Run deb-systemd-helper in postinst 10 months ago
docs Improve documentation and defaults 10 months ago
internal Implement consent management 9 months ago
translations Implement consent management 9 months ago
ui Implement consent management 9 months ago
.gitignore Implement consent management 9 months ago
.golangci.yml Fix golangci-lint config 10 months ago
.goreleaser.yml Add packaging configuration 10 months ago
LICENSE.txt Add Apache License 2.0 text 1 year ago
Makefile Implement consent management 9 months ago
README.md Minor documentation and code improvements 10 months ago
changelog.md Implement consent management 9 months ago
go.mod Implement consent management 9 months ago
go.sum Implement consent management 9 months ago

README.md

CAcert OAuth2 / OpenID Connect IDP

This repository contains an implementation for an identity provider. ORY Hydra is used for the actual OAuth2 / OpenID Connect operations. The implementation in this repository provides the end user UI components that are required by Hydra to allow login and consent.

The code in this repository is licensed under the terms of the Apache License Version 2.0.

Copyright © 2020-2023 Jan Dittberner

Setup

Certificates

You need a set of certificate and private key and a PEM file with CA certificates used to verify client certificates to run cacert-idp.

An easy way to generate server certificate and key for local testing is mkcert.

  1. Run mkcert to generate idp.cacert.localhost+1.pem and idp.cacert.localhost+1-key.pem:

    mkcert -cert-file idp.cacert.localhost login.cacert.localhost

  2. Copy CA certificate for client certificates

    (curl -s http://www.cacert.org/certs/CAcert_Class3Root_x14E228.crt ; \
 curl -s http://www.cacert.org/certs/root_X0F.crt ) > client_ca.pem

Configure IDP

The Identity Provider application (IDP) requires a strong random key for its CSRF cookie. You can generate such a key using the following openssl command:

openssl rand -base64 32

Use this value to create idp.toml:

[security]
csrf.key = "<32 bytes of base64 encoded data>"

Start

Now you can start the IDP:

make
go run cmd/idp.go

Translations

This application uses go-i18n for internationalization (i18n) support.

The translation workflow needs the go18n binary which can be installed via

go install github.com/nicksnyder/go-i18n/v2/goi18n

To extract new messages from the code run

goi18n extract .

Then use

goi18n merge active.*.toml

to create TOML files for translation as translate.<locale>.toml. After translating the messages run

goi18n merge active.*.toml translate.*.toml

to merge the messages back into the active translation files. To add a new language you need to add the language code to the languages configuration option (default is defined in the configmap in cmd/idp.go).