The okta2anything from pmcdowell-okta

okta2anything's Introduction

Description

Okta2Anything is a simple LDAP Proxy which allows someone to have the Okta IDAAS Service authenticate against almost anything.

This code is based on the great work by: https://github.com/vjeantet/ldapserver

Disclaimer

Although it is not uncommon for companies to use LDAP Proxies for authentication, this code is developed for Pilots, Proof of Concepts, and testing. Anyone using this code for production is doing so at thier own risk

Would you be interested in a Commercially available product that can offer LTS (Long Term Support) ?

As much as I enjoyed developing this program, it has become more popular that I would have imagined, and many folks have me for an alternative with support I just don't have the time to keep up with this project.

Beyond ID provides a product with the same capability and can provide Support and Services to run this in production. The link below with provide you with all of the details.

https://www.beyondid.com/solutions/application-integration-gateway/

How does it work ?

Okta2Anything acts like an LDAP Service. Using the Okta LDAP Agent, and pointing the LDAP Agent to Okta2Anything. Okta2Antyhing will delete the authentication to a local node.js script that will perform the Authentication

Configuration

Prerequisites

An Okta LDAP Agent is required, and node.js and any required artifacts needed for your authentication scripts to run need to be installed.

Here is a Direct Link to the Okta LDAP Agent:

Linux Agent (RPM) https://companyx-admin.okta.com/static/ldap-agent/OktaLDAPAgent-05.03.12.x86_64.rpm
Windows Agent (exe) https://companyx-admin.okta.com/static/ldap-agent/OktaLDAPAgent-05.03.12_x64.exe

Node.js is required, Node is basically be using as a Shell Script.

Downlaod Node.js https://nodejs.org/en/

You will need to download the binary for the Operating System you are running on

OS	Download Link
	Linux
	MacOS
	Windows

Configuring you Okta LDAP Agent

Follow Okta's guides for configuring LDAP, an example of the settings for the LDAP Agent that are compatible for Okta2Anything are available here.

Select OpenDJ Directory from the LDAP Directory drop-down
Set User Search Base to: ou=People,dc=example,dc=com
Set Passwore Attribute to: userpassword
Set Group Search Base to: ou=groups,dc=example,dc=com
Set Group Object Class to: groupofnames
Set Group Object Filter to: (objectclass=groupofnames)
Set Member Attribute to: member
Under Validate Configuration Select Email

LDAP Settings Screenshot

LDAP Settings import Screenshot

Test the settings, use username of [email protected]

Running the LDAP Proxy

Running Examples:

Okta2anything defaults to Port 389

On Many Systems, you Must run that as root. sudo ./okta2anything ...

Command line Switches:

switch	Description
-w	Set Password for cn=Directory manager (If not specified, anything is accepted)
-plugin	Specify Plugin used for Authentication (node.js Script)

Running in Promiscuous mode for testing, all users are accepted
./okta2anything -plugin=promiscuous

Running with Directory Manager password set to Password1, and Authenticate against another Okta Tenant ./okta2anything -w Password1 -plugin=okta2okta

okta2anything's People

Contributors

Stargazers

Watchers

okta2anything's Issues

No Okta2Anything (binaries) documentation

Looking for any documentation for the Okta2Anything binaries.

Specifically, is there anything else you can return from the plug-in back to Okta2Anything to fill in the LDAP response (e.g first and last name). I only see {"Active":"true"} or {"Active":"false"} in the examples.

Issue on login

I am able successfully add LDAP on my okta tenant through okta2anything service but could not able be login through service tried with csv, mongodb okta2okta plugin . it request did get into okta2anything service but could not execute its plugin got exit status as 1.

CSV Plugin not working

Hello.
Thanks for this contribution. I was able to do basic setup and get the Test configuration validated from Okta. However there are two issues.

OS : Windows.

If I use promiscuous plugin, the configuration is successful as shown in screen shot. However when I run a sample app, Okta logs show user is imported but does not appear anywhere. Okts support mentioned that might be because user does not exists in any store.
I tried to use CSV plugin. When using the Test configuration option in LDAP configuration at okta I get error
Validation failed!
Error while processing LdapAgentAction. Please review your configuration and retry validation.

Below is log generated at okta2anything end. After Bind response, UnbindRequest is shown. I validated the csv structure and by running the plugin separately.

F:\okta\okta2anything>okta2anything -plugin=csv
Okta2Anything, For more command line options use the --help switch
Directory Manager set to cn=Directory Manager
2019/01/14 07:36:41 Listening on 0.0.0.0:389
2019/01/14 07:36:47 Connection client [1] from 192.168.2.104:55666 accepted
2019/01/14 07:36:47 <<< 1 - BindRequest - hex=&{301a0201016015020103040475736572800a506561726c4032303138}
2019/01/14 07:36:47 HIT handleBind Function #188 !
2019/01/14 07:36:47 Bind Attempt User=user, Pass=XXXXXXXXX
2019/01/14 07:36:47 >>> 1 - BindResponse - hex=300c02010161070a013104000400
2019/01/14 07:36:47 <<< 1 - UnbindRequest - hex=&{30050201024200}
2019/01/14 07:36:47 client 1 close()
2019/01/14 07:36:47 client 1 close() - stop reading from client
2019/01/14 07:36:47 client 1 close() - Abandon signal sent to processors
2019/01/14 07:36:47 client [1] request processors ended
2019/01/14 07:36:47 client [1] connection closed

Recommend Projects

pmcdowell-okta / okta2anything Goto Github PK