Authentication

Launching

wazo_auth [-d] [--user <user>] --config <path/to/config/file>
  • -d: Starts wazo-auth in debug mode
  • --user: Specify the OS user to use
  • --config: Path to the configuration file

Docker

The wazopbx/wazo-auth image can be built using the following command:

% docker build -t wazopbx/wazo-auth .

To run wazo-auth in docker, use the following commands:

% docker run -p 9497:9497 -v /conf/wazo-auth:/etc/wazo-auth/conf.d/ -it wazopbx/wazo-auth bash
% wazo-auth [-df] [-u <user>] [-c <path/to/config/file>]

The wazopbx/wazo-auth-db image can be built using the following command:

% docker build -f contribs/docker/Dockerfile-db -t wazopbx/wazo-auth-db .

Bootstrapping

In order to be able to create users, groups and policies you have to be authenticated. The bootstrap process allows the administrator to create a first user with the necessary rights to be able to add other users.

Preparing wazo-auth to be bootstrapped

To be able to bootstrap wazo-auth, you will have to enable the init plugin and create a key file in wazo-auth's HOME directory. This can be done using the wazo-auth-bootstrap command.

wazo-auth-bootstrap setup && systemctl restart wazo-auth

Bootstrapping wazo-auth

Once wazo-auth is ready to be bootstraped, calling the init resource with a username, password and the content of the key file will create a new user. The username and password can then be used to create a token with the auth.# acl. This can be done using the wazo-auth-bootstrap command.

wazo-auth-bootstrap complete

This script will create a configuration file named /root/.config/wazo-auth-cli/050-credentials.yml containing all necessary information to be used from the wazo-auth-cli.

Load testing

To test wazo-auth with ab

Dependencies

  • ab
apt update && apt install apache2-utils

Running the tests

ab -n1000 -c25 -A 'alice:alice' -T 'application/json' "https://localhost:9497/0.1/token"

This line will start 25 process creating 1000 tokens with the username and password alice alice

Configuration

The default config is /etc/wazo-auth/config.yml, you could override in /etc/wazo-auth/conf.d/

Enabling the users registration API

To enable the users registration (/users/register) API endpoint, add a file containing the following lines to the /etc/wazo-auth/conf.d directory and restart wazo-auth

enabled_http_plugins:
  user_registration: true