Authenticate users with the Tribestream API Gateway
Use an external LDAP as identity store
Docker installed and running
Oracle JDK 8 Installed and running
Apache Maven Installed
You will need to checkout the source locally and then build the project. Here are the steps
git clone https://github.com/tomitribe/oauth2-jwt-ldap-account-source.git cd oauth2-jwt-custom-claims
The first thing is to make sure we have an LDAP to authenticate against. The API Gateway will be configured to connect to this LDAP.
docker run --restart=always -p 389:389 --env LDAP_ORGANISATION="superbiz.com" --env LDAP_DOMAIN="superbiz.com" --env LDAP_ADMIN_PASSWORD="secret" \ --volume `pwd`/src/main/ldifs:/container/service/slapd/assets/config/bootstrap/ldif/custom \ --detach --name ldap osixia/openldap:1.1.9 --copy-service
In order to work, this application requires an STS (Secure Token Service) capable of generating signed JWT tokens. This is what the Tribestream API Gateway is about. It’s also capable of doing routing and while enforcing permissions. If you want to know more, check out the website at https://tribestream.io
The best and simplest way to start the API Gateway is to use Docker as follow
docker run --rm -it --name tag -e LICENSE=accept -e CASSANDRA_EMBEDDED=true -p 8080:8080 tomitribe/tribestream-api-gateway:latest
Once the Tribestream API Gateway is up and running, you can connect to the console with the following URL http://localhost:8080/tag/
To ease configuration, this project comes with necessary configuration and scripts to load the configuration of the API Gateway. You can also navigate through the UI and do it your self.
But as a faster solution, run the following commands
cd src/main/scripts ./load-configuration.sh
|you need to make sure you first started the API Gateway with the previous step.|
Next step consists in starting the demo application. From the project root directory, run the following command.
mvn clean install -DskipTests tomee:run
It should start on port 8181 so it does not clash with the Gateway So what you need is to open a browser and navigate to http://localhost:8181/moviefun/
There are 4 accounts created with the import scripts (See step 2).
alex/password with create, update and delete role
john/password with create role
nick/password with delete role
mark/password with update role
As soon as you get in the application using one of these accounts, checkout the HTTP requests from the application to the remote server. If you are using the Chrome browser, you can open up the developer tools.
Now that everything is up and running, you can now use one of the accounts from the system or use any account from LDAP. Best way to see it is to try it!
Use alex/password credentials to login using system accounts defined in the Tribestream API Gateway. Use ana/password to use an LDAP account.