RCIAM Federation Registry Agent main objective is to sync data between RCIAM Federation Registry and
different identity and access management solutions, such as Keycloak, SATOSA, SimpleSAMLphp and MITREid Connect.
This python library includes a module named ServiceRegistryAms/
to pull and publish messages from ARGO Messaging
Service using the argo-ams-library, an API module named MitreidConnect/
to communicate with the API of the MITREid, an
API module named Keycloak/
to communicate with the API of the Keycloak.
The main standalone scripts that are used to deploy updates to the third party services are under bin/
:
deployer_keycloak
for Keycloakdeployer_mitreid
for MITREiddeployer_ssp
for SimpleSAMLphp
First install the packages from the requirements.txt file
pip install -r requirements.txt
Install rciam-federation-registry-agent
pip install rciam-federation-registry-agent
deployer_keycloak requires the path of the config file as an argument
deployer_keycloak -c example_deployers.config.json
deployer_mitreid requires the path of the config file as an argument
deployer_mitreid -c example_deployers.config.json
deployer_ssp requires the path of the config file as an argument
deployer_ssp -c example_deployers.config.json
An example of the required configuration file can be found in conf/example_deployers.config.json. The different configuration options are described below.
{
"keycloak": {
"ams": {
"host": "example.host.com",
"project": "ams-project-name-keycloak",
"pull_topic": "ams-topic-keycloak",
"pull_sub": "ams-sub-keycloak",
"token": "ams-token-keycloak",
"pub_topic": "ams-publish-topic-keycloak",
"poll_interval": 1
},
"auth_server": "https://example.com/auth",
"realm": "example",
"client_id": "client ID",
"client_secret": "client secret"
},
"mitreid": {
"ams": {
"host": "example.host.com",
"project": "ams-project-name-mitreid",
"pull_topic": "ams-topic-mitreid",
"pull_sub": "ams-sub-mitreid",
"token": "ams-token-mitreid",
"pub_topic": "ams-publish-topic-mitreid",
"poll_interval": 1
},
"issuer": "https://example.com/oidc",
"refresh_token": "refresh token",
"client_id": "client ID",
"client_secret": "client secret"
},
"ssp": {
"ams": {
"host": "example.host.com",
"project": "ams-project-name-ssp",
"pull_topic": "ams-topic-ssp",
"pull_sub": "ams-sub-ssp",
"token": "ams-token-ssp",
"pub_topic": "ams-publish-topic-ssp",
"poll_interval": 1,
"deployer_name": "1"
},
"metadata_conf_file": "/path/to/ssp/metadata/file.php",
"cron_secret": "SSP cron secret",
"cron_url": "http://localhost/proxy/module.php/cron/cron.php",
"cron_tag": "hourly",
"request_timeout": 100
},
"log_conf": "conf/logger.conf"
}
As shown above there are three main groups, namely Keycloak, MITREid and SSP and each group can have its own AMS
settings and service specific configuration values. The only global value is the log_conf
path if you want to use the
same logging configuration for both of the deployers. In case you need a different configuration for a deployer you can
add log_conf in the scope of "MITREid" or "SSP".
Use ServiceRegistryAms as a manager to pull and publish messages from AMS
from ServiceRegistryAms.PullPublish import PullPublish
with open('config.json') as json_data_file:
config = json.load(json_data_file)
ams = PullPublish(config)
message = ams.pull(1)
ams.publish(args)
Use Keycloak as an API manager to communicate with Keycloak
- First obtain an access token and create the Keycloak API Client (find client_credentials_grant under
Utils
directory)
access_token = client_credentials_grant(issuer_url, client_id, client_secret)
keycloak_agent = KeycloakClientApi(issuer_url, access_token)
- Use the following functions to create, delete and update a service on client_credentials_grant
response = keycloak_agent.create_client(keycloak_msg)
response = keycloak_agent.update_client(external_id, keycloak_msg)
response = keycloak_agent.delete_client(external_id)
Use MITREid Connect as an API manager to communicate with MITREid
- First obtain an access token and create the MITREid API Client (find refresh_token_grant under
Utils
directory)
access_token = refresh_token_grant(issuer_url, refresh_token, client_id, client_secret)
mitreid_agent = mitreidClientApi(issuer_url, access_token)
- Use the following functions to create, delete and update a service on MITREid
response = mitreid_agent.createClient(mitreid_msg)
response = mitreid_agent.updateClientById(external_id, mitreid_msg)
response = mitreid_agent.deleteClientById(external_id)