Skip to content

Custom SSO drivers

This section covers:

Introduction

For complex SSO connections, Osirium PAM can use custom Python code to sign into a device.

Adding a custom driver to a template

Create a file named <protocol>_<vendor>.py in the template's directory. For example, if you're writing a template for a Bluecoat CAS, you might have a template named bluecoat_cas.xml, and a directory named bluecoat_cas.

If you're making a driver for HTTP, you'll make a file in bluecoat_cas named http_bluecoat.py.

Inside that file, create a class with the name of the device you're using.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
    from osirium.server.proxy.http import HTTPProxy, utilities import urlparse

    class cas(HTTPProxy):
        @utilities.rewrite(host=True)
        def modify(self, transport):
            """ Very simple example - this just redirects any requests from
            / to /cas
            """

            # Grab the request from the client request, request_body = yield

            # Act on the request
            url = urlparse.urlsplit(request.query.path)
            if url.path == '/' and request.query.method == 'GET':
                raise utilities.Redirect('/cas')

            # Send the request to the server and receive a response, response_body = transport(request, request_body)

            # Send the response back to the client yield response, response_body

In your template, configure your access definition to use the driver:

1
    <access type='message' default='yes' protocol='http' driver='bluecoat.cas' />

The directory structure for the template should then look like this:

1
2
3
4
5
6
  |- bluecoat
  |  |~ bluecoat_cas
  |  |  |- http_bluecoat.py
  |  |  `- ...
  |  `- bluecoat_cas.xml
  `- ...

Developing custom drivers

Currently, there is no documentation on developing custom drivers. Sorry! Please get in touch with us if you're interested.