I want to authenticate users using Atlassian Crowd from FreeRADIUS and I've been unable to find a plugin or particularly good examples of how this might be done. Specifically in trying to implement the authorize and authenticate portions using an rlm_python script isn't terribly clear. Is there a more complex example where a RESTful backend is used to authenticate without needing to know the password in the authorize function?
With some experimentation I created a plugin using python-crowd. You need to add a new Auth-Type to the authorize file that I called CROWD and add python as the authenticator and the authorize section of that file. In mod-configs/python make sure to set the module name and enable authorize and authenticate function calls.
#! /usr/bin/env python
import radiusd
import crowd
cs = None
app_url = ''
app_user = ''
app_pass = ''
def instantiate(p):
global cs
cs = crowd.CrowdServer(app_url, app_user, app_pass)
def authorize(p):
reply = None
config = None
result = radiusd.RLM_MODULE_NOTFOUND
values = dict(p)
username = values['User-Name']
success = cs.get_user(username)
if success:
config = ( ( 'Auth-Type', 'crowd' ), )
result = radiusd.RLM_MODULE_OK
return ( result, reply, config )
def authenticate(p):
reply = None
config = None
result = radiusd.RLM_MODULE_REJECT
values = dict(p)
username = values['User-Name']
password = values['User-Password']
success = cs.auth_user(username, password)
if success:
reply = ( ( 'Reply-Message', 'Welcome!'), )
result = radiusd.RLM_MODULE_OK
return ( result, reply, config )