Skip to content

Docker image implementing a straightforward Single Sign-On authentication for your containers behind a Traefik v2 edge router

License

Notifications You must be signed in to change notification settings

thomaschampagne/traefik-sso

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Version License: MIT

Docker Pulls GitHub Workflow Status

angular ng-boostrap express bcryptjs jsonwebtoken typescript rollup

code style: prettier


Traefik SSO

What'is Traefik-sso?

It's a docker image which implements a straightforward Single Sign-On authentication for containers behind a Traefik v2 edge router.

Authentication sequence to a Portainer container through Traefik v2 + Traefik-sso

Local demo

1 - Run the below docker-compose command locally

docker-compose -f ./docker-compose.yml -f ./docker-compose.local.yml up -d

See docker-compose.yml, docker-compose.local.yml & .env files

2 - When containers are up, open ${PWD}/data/db.json and add the below temporary alice user:

{
    "users": [
        {
            "username": "alice",
            "password": "$2y$10$mNJw6ojRWORz10gDaj602.8auytb58peR/hwdewqFpCershSO7DGm"
        }
    ]
}

The password has been hashed using bcrypt, value is 4lic3.

3 - Open http://iamfoo.domain.localhost in a browser (or http://iambar.domain.localhost).

4 - You should be redirected to http://sso.domain.localhost to logon on the domain domain.localhost

5 - Logon using username: alice and password: 4lic3.

6 - You should be redirected to http://iamfoo.domain.localhost (or http://iambar.domain.localhost)

7 - Logout from sso using http://sso.domain.localhost/logout. This will clear jwt token cookie on domain *.domain.localhost

Note: Environment variables used in demo are defined in .env file.

Environment variables

Name Description
DOMAIN Domain to authenticate through the sso
SECRET Secret used for JWT token signature.
TOKEN_MAX_AGE Set JWT token life time. Must match with regex: https://regex101.com/r/Q9rYJW/2
LOG_LEVEL Log level (DEBUG, INFO, WARN or ERROR). Do not use DEBUG in production.

Manage users

Users can be currently managed by editing json database file ${PWD}/data/db.json through the key users. A user-friendly UI is planned to perform this. The current workflow is temporary.

Add or edit users

To add new or update existing credentials you might use the following curl command on /hash endpoint. This api will hash the account password using bcrypt:

curl -d '{"username":"eve", "password":"3v3"}' -H "Content-Type: application/json" -X POST https://sso.domain.localhost/hash; echo

Result:

{"username":"eve","password":"$2a$10$f1sHYu64iZ0zUX6vXnqj0uLE691O0bQTV.YuHw1At2PGL8CBWk/P6"}

You need to manually add this json output in the db.json database file (users key).

Remove users

Just remove selected users entries in json array.

Configure SSO login page labels and styles

You can change every text and css styles of you sso login page by editing file ${PWD}/data/config.json.

This config.json file is following the AppConfig typescript structure

Here's the UML diagram of this structure:

UML

Note: To configure properly your styles css properties (default, small & large screens) in config.json file, you can refer to the typescript interface CSSStyleDeclaration.

Build production image

docker build -t traefik-sso:yourtag .

Local development

1 - Install npm dependencies

npm install

2 - Build local traefik-sso:dev image through compose

npm run docker:dev:build
# or
docker-compose -f ./docker-compose.yml -f ./docker-compose.dev.yml build

3 - Run local development

npm run docker:dev:up
# or
docker-compose -f ./docker-compose.yml -f ./docker-compose.dev.yml up

4 - Now follow steps from local demo section, you have same environment but in development 😊.

About

Docker image implementing a straightforward Single Sign-On authentication for your containers behind a Traefik v2 edge router

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks