The Authentication Module is the bridge through which ScaleArc authenticates users through an authentication scheme that resides outside ScaleArc.
With such a setup, ScaleArc retains the flexibility to edit the bridge as required to perform authentication with various third-party REST-based authentication products. Contact ScaleArc support if you require specific assistance in editing the authentication module for your environment.
Customizing the Authentication Module
The Authentication Module is used to authenticate ScaleArc UI admin users. The authentication module is user-editable and is Python 2.6 compatible, which can be enhanced by end-users to meet their specific authentication configuration requirements. The UI authentication subsystem of ScaleArc uses this as a plugin module with a pre-defined I/O interface using a method call.
The module requires a Python, new-style, class named rest_admin_auth, with a public method called "authenticate." This method takes two parameters, namely "username" and "password." The response occurs in a dictionary data type format.
Follow these general steps to customize the authentication module:
- Click on the SETTINGS menu > User Management > Authentication Configuration from the ScaleArc dashboard.
- Enable the Edit Authentication Module to edit the source code that controls the authentication logic.
- Edit the authentication module, using the following guidelines.
- Click Test Configuration when done to test the edited authentication module.
- Click Apply when done. In the pop-up, enter a valid username/password to test and validate this authentication.
Default ScaleArc Authentication Module
ScaleArc ships with a default Authentication Module for authentication against the HashiCorp Vault authentication server. However, with minor changes, the module can be used to authenticate against other REST API-based authentication servers.
The default authentication module inherits an abstract base class called rest_auth, with the following methods:
|Used to set up communication to the authentication server or API. In the default authentication module, it is used to unseal the Vault server. This method does not accept any parameters.|
|post_auth ()||Used to destroy any connection with the authentication server during authentication. This method can be used to seal the authentication server after login. It does not accept any parameters.|
|logout ()||Used, if required, to log out of any session. This method does not accept any parameters.|
execute_rest_api (url, method, data, timeout=30, retries=3)
Used to fetch any RESTful API result by providing the following parameters:
|authenticate (username, password)||
Called by the ScaleArc UI authentication sub-system. Here's an example of a sample request and response:
These are additional methods for the Authentication Module:
|__init__()||This is the constructor for the class rest_admin_auth.|
|validate_config()||Validates the authentication configuration data specified by the server.|
Sets various attributes from the authentication configuration which are later used by other methods while authenticating. For example, parameters from META_CONF_INFO such as IP, port, and keys are used to set different attributes like rest_api_url, auth_type, access_token, etc.
|check_vault_seal_status()||Checks the Vault server's seal status.|
|unseal_vault()||Unseals the Vault server.|
|seal_vault()||Seals the Vault server.|
|translate_response(auth_response)||Translates the response provided by the authentication server into a format understood by the ScaleArc authentication sub-system.|
|auth_response||Any data format according to the authentication server. For Vault servers, the response format is JSON/Python dictionary.|