-
Notifications
You must be signed in to change notification settings - Fork 12
PolicyAgent
Kind: global class
Mixes: {events~EventEmitter}
-
PolicyAgent
- new PolicyAgent(options)
-
.options :
object
-
.id :
string
-
.paths :
object
-
.openAMClient :
*
|OpenAMClient
-
.logger :
winston~Logger
|*
-
.sessionCache :
*
|SimpleCache
-
.serverInfo :
Promise
-
.agentSession :
Promise
-
.errorTemplate :
function
- .init()
-
.reRequest(reqFn, attempts, [name]) ⇒
Promise
-
.authenticateAgent() ⇒
Promise
-
.validateSession(sessionId) ⇒
Promise
- .setSessionCookie(res, sessionId)
-
.getSessionIdFromRequest(req) ⇒
Promise
-
.getUserProfile(userId, realm, sessionId) ⇒
Promise
-
.getPolicyDecision(params) ⇒
Promise
-
.registerSessionListener(sessionId) ⇒
Promise
-
.shield(shield) ⇒
function
-
.cdsso([path]) ⇒
expess~Router
-
.getSessionIdFromLARES(lares) ⇒
Promise
-
.getLoginUrl(req) ⇒
string
-
.getCDSSOUrl(req) ⇒
string
- .sessionNotification(notificationSet)
-
.notifications([path]) ⇒
express~Router
Param | Type | Default | Description |
---|---|---|---|
options | object |
||
options.serverUrl | string |
The deployment URI of the OpenAM server, e.g. http://openam.example.com:8080/openam | |
options.username | string |
Agent username (needed for certain operations, e.g. policy decision requests) | |
options.password | string |
Agent password (needed for certain operations, e.g. policy decision requests) | |
options.realm | string |
"/" |
Agent realm (needed for certain operations, e.g. policy decision requests) |
[options.appUrl] | string |
The root URL of the application, e.g. http://app.example.com:8080 (required for notifications) | |
options.errorPage | function |
Callback function; If present, the function's return value will be sent as an error page, otherwise the default error template will be used. The function will be called with a context object as the argument. | |
[options.logger] | winston~Logger |
new Logger() |
A winstonjs logger instance. If undefined, a new Console logger is created. |
[options.logLevel] | string |
"error" |
logging level: see winston's documentation; only used when logger is undefined. |
[options.sessionCache] | Cache |
Custom session cache object (if undefined, a SimpleCache instance will be created with an expiry time of 5 minutes) | |
[options.openAMClient] |
OpenAMClient | *
|
new OpenAMClient() |
Custom OpenAMClient object (mostly for testing purposes) |
Example
var express = require('express'),
openamAgent = require('openam-agent')
MemcachedCache = require('openam-agent-cache-memcached'),
PolicyAgent = openamAgent.PolicyAgent,
CookieShield = openamAgent.CookieShield;
var config = {
serverUrl: 'http://openam.example.com:8080/openam',
appUrl: 'http://app.example.com:8080',
notificationRoute: '/',
notificationsEnabled: true,
username: 'my-agent',
password: 'changeit',
realm: '/',
logLevel: 'info',
cache: new MemcachedCache({url: 'localhost:11211', expiresAfterSeconds: 600}),
errorPage: function (status, message, details) {
return '<html><body><h1>' + status + ' - ' + message + '</h1></body></html>'
}
};
var agent = new PolicyAgent(config);
var app = express();
app.use(agent.shield(new CookieShield()));
app.use('/foo/bar/baz', agent.notifications);
app.listen(8080);
Config options
Kind: instance property of PolicyAgent
Short random ID that lets you differentiate agents in logs, etc.
Kind: instance property of PolicyAgent
Built in routes (cdsso, notifications)
Kind: instance property of PolicyAgent
OpenAM client used by the agent and its shields
Kind: instance property of PolicyAgent
Logger
Kind: instance property of PolicyAgent
Session cache
Kind: instance property of PolicyAgent
Empty Promise (Server info is loaded when init() is called)
Kind: instance property of PolicyAgent
The agent's own OpenAM session. It will only get created when it is needed by some request.
Kind: instance property of PolicyAgent
Compiled Handlebars error page template
Kind: instance property of PolicyAgent
Initializes the agent (gets server info)
Kind: instance method of PolicyAgent
Runs a request-promise type function several times if it fails with a 401 status code; creates a new agent session before sending the request again
Kind: instance method of PolicyAgent
Param | Type | Description |
---|---|---|
reqFn | function |
Function that returns a Promise |
attempts | number |
Number of attempts to retry the function; default: 0 (no retries) |
[name] | string |
Name |
Authenticates the policy agent using the credentials in the config object.
Kind: instance method of PolicyAgent
Validates a given sessionId against OpenAM and adds a session listener if valid.
Kind: instance method of PolicyAgent
Param | Type | Description |
---|---|---|
sessionId | string |
The client's OpenAM session ID |
Sets the session cookie on the response
Kind: instance method of PolicyAgent
Param | Type | Description |
---|---|---|
res | express~Response |
Express Response |
sessionId | string |
OpenAM Session ID |
Gets the session ID from the session cookie in the request
Kind: instance method of PolicyAgent
Returns: Promise
- Session ID
Param | Type | Description |
---|---|---|
req | express~Response |
Express Request |
Fetches the user profile for a given username (uid) and saves it to the sessionCache.
Kind: instance method of PolicyAgent
Param | Type | Description |
---|---|---|
userId | string |
The user's uid |
realm | string |
The user's realm |
sessionId | string |
The user's session ID |
Gets policy decisions from OpenAM for the req.originalUrl resource and the application name specified in the agent config (req must be an instance of IncomingRequest).
Kind: instance method of PolicyAgent
Param | Type | Description |
---|---|---|
params | object |
OpenAM policy request params object |
Constructs a RequestSet document containing a AddSessionListener node for sessionId, and sends it to the SessionService.
Kind: instance method of PolicyAgent
Param | Type | Description |
---|---|---|
sessionId | string |
The user's session ID |
Initializes the shield and returns an express middleware function that evaluates the shield.
Kind: instance method of PolicyAgent
Param | Type | Description |
---|---|---|
shield | Shield |
Shield implementation |
Example
var agent = new PolicyAgent({...}),
cookieShield = new CookieShield(),
app = express();
app.use(agent.shield(cookieShield));
Expressjs Router factory which handles CDSSO (parses the LARES data and sets the session cookie)
Note that in order for CDSSO to work, you must have the following:
- An agent profile in OpenAM of type "WebAgent" with all alternative app URLs listed in the "Agent Root URL for CDSSO" (agentRootURL) property
- The cdsso middleware mounted to the express application
- A CookieShield mounted to a path with the cdsso option set to true
Kind: instance method of PolicyAgent
Returns: expess~Router
- Express middleware
Param | Type | Default | Description |
---|---|---|---|
[path] | string |
"/agent/cdsso" |
The path of the CDSSO endpoint |
Example
var openamAgent = require('openam-agent'),
agent = new openamAgent.PolicyAgent({...}),
app = require('express')();
app.use(agent.cdsso('/my/cdsso/path));
app.get('/', new openamAgent.CookieShield(cdsso: true));
Parses the LARES response (CDSSO Assertion) and returns the Session ID if valid
Kind: instance method of PolicyAgent
Returns: Promise
- Session ID
Param | Type | Description |
---|---|---|
lares | string |
LARES form parameter |
Returns a regular login URL
Kind: instance method of PolicyAgent
Param | Type | Description |
---|---|---|
req | express~Request |
Request |
Returns a CDSSO login URL
Kind: instance method of PolicyAgent
Param | Type | Description |
---|---|---|
req | express~Request |
Request |
Parses notifications in a notification set and emits a 'session' event for each. CookieShield instances listen on this event to delete any destroyed cookies from the agent's session cache.
Kind: instance method of PolicyAgent
Emits: event:session
Param | Type | Description |
---|---|---|
notificationSet | object |
OpenAM notification set (parsed XML document) |
A express router factory for the notification receiver endpoint. It can be used as a middleware for your express application. It adds a single route: /agent/notifications which can be used to receive notifications from OpenAM. When a notification is received, its contents will be parsed and handled by one of the handler functions.
Kind: instance method of PolicyAgent
Param | Type | Default | Description |
---|---|---|---|
[path] | string |
"/agent/notifications" |
The path of the notification endpoint |
Example
var app = require('express')(),
agent = require('openam-agent').policyAgent(options);
app.use(agent.notifications('/my/notification/path'));