Gate One 嵌入web应用并做Api登录校验

环境：ubuntu 18.1
Gate One版本：1.2

一. 生成apikey

sudo python run_gateone.py --new_api_key

在gateone的conf.d目录下会生成30api_keys.conf文件

vim 20authentication.conf 将auth: "none" 改成 auth: "api"

{ 
    // "gateone" server-wide settings fall under "*"
    "*": {
        "gateone": { // These settings apply to all of Gate One
            "api_timestamp_window": "600s",
            "auth": "api",  // 改成api
            "pam_realm": "ubuntu",
            "pam_service": "login",
            "ssl_auth": "none",
            "sso_keytab": null,
            "sso_realm": null,
            "sso_service": "HTTP"
        }
    }
}

如果重新启动，访问浏览器将出现

unauthenticated.png

二.获取gateone.js

• 第一种获取方式
  https://ip:10443/static/gateone.js
• 第二种获取方式
  gateone目录/gateone/static/gateone.js

三.生成api所需要的key-value

1. 查看 vim gateone目录/conf.d/30api_keys.conf

// This file contains the key and secret pairs used by Gate One's API authentication method.
{ 
    "*": {
        "gateone": {
            "api_keys": {
                // 可以随便更改
                "Y2YzZTU4ODcyZDZjNDFkMzk4Y2YyODc5NDE3ZWY0NWMzM": "YjM4OGMzZTExOTY4NGRjNGI4ZTAwZWM4MmM2ODkxMzBjY"  
            }
        }
    }
}

2. 我这用的是java代码根据上面的key-secret生成登录校验所需要的key-value
   普遍情况下这些代码是在springmvc的controller中运行然后通过json或者model方式返回前端

import com.common.utils.JsonUtils;
import com.pazu.monitor.controller.HMacUtils;

import java.util.Calendar;
import java.util.HashMap;
import java.util.Map;

public class Test {
    public static void main(String[] args) {
        String upn = "someone"; //可以随便定义
        String key = "Y2YzZTU4ODcyZDZjNDFkMzk4Y2YyODc5NDE3ZWY0NWMzM"; 
        String secret = "YjM4OGMzZTExOTY4NGRjNGI4ZTAwZWM4MmM2ODkxMzBjY";
        String timeStamp = Calendar.getInstance().getTimeInMillis() + "";
        Map map = new HashMap<>();
        map.put("timestamp", timeStamp);
        map.put("signature", generate(key,secret, upn, timeStamp));
        map.put("api_key", key);
        map.put("upn", upn);

        System.out.println(JsonUtils.toJson(map));
    }

    private static String generate(String apiKey, String secret, String username, String timeStamp) {
        String body = apiKey + username + timeStamp;
        return HMacUtils.hmacSha1Hex(secret, body); //官方文档表明现在支持HMAC-SHA1加密
    }
}

3. html

    
    



  




 // 引入gateone.js，本地或者远程都可以

这样就可以登录了

四：参考

官方配置文档：https://liftoff.github.io/GateOne/About/configuration.html
http://liftoff.github.io/GateOne/Developer/embedding_api_auth.html

https://www.xdty.org/687
https://www.jianshu.com/p/b8123a8178de