OAuth IDP with NetScaler
NetScaler can act as an OAuth IDP. This describes how a simple Python OAuth client can make use of it.
Step
- Download oauthc.py and save it to a directory named cgi-bin
- Edit the script and adjust these constants to match your environment:
redirect_uri = "http://WEBSERVER:8000/cgi-bin/oauthc.py"
idp_login_url = "https://AUTH_VSERVER/oauth/idp/login"
idp_token_url = "https://AUTH_VSERVER/oauth/idp/token"
idp_info_url = "https://AUTH_VSERVER/oauth/idp/userinfo"
- On the NetScaler, create an OAuth IDP profile under
Security -> AAA - Application Traffic -> Policies -> Authentication -> Advanced Policies -> OAuth IDP -> Profiles with at least these values:
| Name: | my_oauth_idp_profile |
| Client ID: | oauthc |
| Client Secret: | secret |
| Redirect URL: | http://WEBSERVER:8000/cgi-bin/oauthc.py |
- On the tab Policies, create an OAuth IDP policy with these values:
| Name: | my_oauth_idp_policy |
| Action: | my_oauth_idp_profile |
| Expression: | true |
- Bind my_oauth_idp_policy to your authentication vserver along with at least one authentication policy, e.g. an LDAP or local users or such one
- On the NetScaler's command line, bind the authentication vserver's SSL certificate globally:
> bind vpn global -certkeyName Name_of_the_SSL_certificate_bound_to_the_auth_vserver
- In the directory containing cgi-bin, start python's simple cgi webserver, e.g.:
$ python2 -m CGIHTTPServer
Or with Python 3:
$ python3 -m http.server --cgi
- Open the redirect_uri in your webbrowser.