README ¶
Candid Identity service
The Candid server provides a macaroon-based authentication service.
Installation
To start using the candid service, first ensure you have a valid Go environment, then run the following:
go get github.com/CanonicalLtd/candid
cd $GOPATH/github.com/CanonicalLtd/candid
Go dependencies
The project uses godeps (https://launchpad.net/godeps) to manage Go dependencies. To install this, run:
go get -u github.com/rogpeppe/godeps
After installing it, you can update the dependencies
to the revision specified in the dependencies.tsv
file with the following:
make deps
Use make create-deps
to update the dependencies file.
Development environment
A couple of system packages are required in order to set up a development environment. To install them, run the following:
make sysdeps
At this point, from the root of this branch, run the command::
make install
The command above builds and installs the identity service binaries, and places
them in $GOPATH/bin
. This is the list of the installed commands:
- candidsrv: start the Candid identity server;
Candid server
The server can be started with the following command:
candidsrv -logging-config INFO cmd/candidsrv/config.yaml
The same result can be achieved more easily by running make server
.
Note that this configuration should not be used when running a production
server.
At this point the server starts listening on port 8081 (as specified in the config YAML file).
Testing
Run make check
to test the application.
Run make help
to display help about all the available make targets.
Documentation ¶
Index ¶
Constants ¶
const ( Debug = "debug" Discharger = "discharger" V1 = "v1" )
Versions of the API that can be served.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type HandlerCloser ¶
func NewServer ¶
func NewServer(params ServerParams, serveVersions ...string) (HandlerCloser, error)
NewServer returns a new handler that handles identity service requests and stores its data in the given database. The handler will serve the specified versions of the API.
type ServerParams ¶
type ServerParams struct { // MeetingStore holds the storage that will be used to store // rendezvous information. MeetingStore meeting.Store // ProviderDataStore holds the storeage that can be used by // identity providers to store data that is not associated with // an individual identity. ProviderDataStore store.ProviderDataStore // RootKeyStore holds the root key store that will be used to // store macaroon root keys within the identity server. RootKeyStore bakery.RootKeyStore // Store holds the identities store for the identity server. Store store.Store // AdminPassword holds the password for admin login. AdminPassword string // Key holds the keypair to use with the bakery service. Key *bakery.KeyPair // Location holds a URL representing the externally accessible // base URL of the service, without a trailing slash. Location string // PrivateAddr should hold a dialable address that will be used // for communication between identity servers. Note that this // should not contain a port. PrivateAddr string // IdentityProviders contains the set of identity providers that // should be initialised by the service. IdentityProviders []idp.IdentityProvider // DebugTeams contains the set of launchpad teams that may access // the restricted debug endpoints. // TODO remove this. DebugTeams []string // AdminAgentPublicKey contains the public key of the admin agent. AdminAgentPublicKey *bakery.PublicKey // StaticFileSystem contains an http.FileSystem that can be used // to serve static files. StaticFileSystem http.FileSystem // Template contains a set of templates that are used to generate // html output. Template *template.Template // DebugStatusCheckerFuncs contains functions that will be // executed as part of a /debug/status check. DebugStatusCheckerFuncs []debugstatus.CheckerFunc // RendezvousTimeout holds the time after which an interactive discharge wait // request will time out. RendezvousTimeout time.Duration }
ServerParams contains configuration parameters for a server.
Directories ¶
Path | Synopsis |
---|---|
cmd
|
|
The config package defines configuration parameters for the id server.
|
The config package defines configuration parameters for the id server. |
Package idp defines the API provided by all identity providers.
|
Package idp defines the API provided by all identity providers. |
agent
Package agent is an identity provider that uses the agent authentication scheme.
|
Package agent is an identity provider that uses the agent authentication scheme. |
azure
Package azure is an identity provider that authenticates with azure.
|
Package azure is an identity provider that authenticates with azure. |
google
Package google is an identity provider that authenticates with google.
|
Package google is an identity provider that authenticates with google. |
idputil
Package idputil contains utility routines common to many identity providers.
|
Package idputil contains utility routines common to many identity providers. |
keystone
Package keystone contains identity providers that validate against keystone servers.
|
Package keystone contains identity providers that validate against keystone servers. |
ldap
Package ldap contains identity providers that validate against ldap servers.
|
Package ldap contains identity providers that validate against ldap servers. |
openid
Package openid provides identity providers that use OpenID to determine the identity.
|
Package openid provides identity providers that use OpenID to determine the identity. |
test
Package test contains an identity provider useful for testing other parts of the system.
|
Package test contains an identity provider useful for testing other parts of the system. |
usso
Pacakge usso is an identity provider that authenticates against Ubuntu SSO using OpenID.
|
Pacakge usso is an identity provider that authenticates against Ubuntu SSO using OpenID. |
usso/ussodischarge
Pacakge ussodischarge is an identity provider that authenticates against Ubuntu SSO using Ubuntu SSO's macaroon protocol.
|
Pacakge ussodischarge is an identity provider that authenticates against Ubuntu SSO using Ubuntu SSO's macaroon protocol. |
usso/ussodischarge/cmd/login
login is a simple tool that can be used to test the Ubuntu SSO discharge login protocol.
|
login is a simple tool that can be used to test the Ubuntu SSO discharge login protocol. |
usso/ussooauth
Pacakge ussooauth is an identity provider that authenticates against Ubuntu SSO using OAuth.
|
Pacakge ussooauth is an identity provider that authenticates against Ubuntu SSO using OAuth. |
internal
|
|
Package meeting provides a way for one thread of control to wait for information provided by another thread.
|
Package meeting provides a way for one thread of control to wait for information provided by another thread. |
memstore
Package memstore provides an in-memory implementation of the store.
|
Package memstore provides an in-memory implementation of the store. |
testing
Package testing provides useful tools for testing Store implementations.
|
Package testing provides useful tools for testing Store implementations. |