The hunchentoot-single-signon Reference Manual

Next: , Previous: , Up: (dir)   [Contents][Index]

The hunchentoot-single-signon Reference Manual

This is the hunchentoot-single-signon Reference Manual, generated automatically by Declt version 4.0 beta 2 "William Riker" on Mon Aug 15 04:51:17 2022 GMT+0.

Table of Contents


1 Introduction

hunchentoot-single-signon

This package implements SPNEGO implementation for Hunchentoot.

The main dependency is on the package cl-gss, which uses is an FFI wrapper around the GSSAPI library.

Usage information

First, make sure you have a keytab file that contains the service credentials for the principal HTTP/domain where domain is the fully qualified domain name of the HTTP server.

Before starting the Hunchentoot server, register the keytab with GSSAPI using the following function:

(cl-gss:krb5-register-acceptor-identity file)

Once this is done, every Hunchentoot handler function needs to be wrapped in a call to SPNEGO-AUTH. Here is a simple example. Assuming the original content of the handler looked like this:

(defun handler-function ()
  (setf (hunchentoot:content-type*) "text/plain")
  "You should be authenticated here")

When enabling single sign-on, the content should look like this:

(defun handler-function ()
  (hunchentoot-single-signon:spnego-auth #'(lambda (name)
                                             (setf (hunchentoot:content-type*) "text/plain")
                                             "You should be authenticated here")))

The callback is called with an instance of CL-GSS:NAME which can be used for authorisation. You can retrieve the name of the princpial using the function CL-GSS:NAME-TO-STRING. Check the cl-gss package for further information.


2 Systems

The main system appears first, followed by any subsystem dependency.


Previous: , Up: Systems   [Contents][Index]

2.1 hunchentoot-single-signon

Implementation of SPNEGO authentication for Hunchentoot

Author

Elias Martenson <lokedhs@gmail.com>

License

BSD

Dependencies
  • hunchentoot (system).
  • cl-gss (system).
  • split-sequence (system).
  • cl-base64 (system).
Source

hunchentoot-single-signon.asd.

Child Component

src (module).


3 Modules

Modules are listed depth-first from the system components tree.


Previous: , Up: Modules   [Contents][Index]

3.1 hunchentoot-single-signon/src

Source

hunchentoot-single-signon.asd.

Parent Component

hunchentoot-single-signon (system).

Child Components

4 Files

Files are sorted by type and then listed depth-first from the systems components trees.


Previous: , Up: Files   [Contents][Index]

4.1 Lisp


4.1.1 hunchentoot-single-signon/hunchentoot-single-signon.asd

Source

hunchentoot-single-signon.asd.

Parent Component

hunchentoot-single-signon (system).

ASDF Systems

hunchentoot-single-signon.


4.1.2 hunchentoot-single-signon/src/package.lisp

Source

hunchentoot-single-signon.asd.

Parent Component

src (module).

Packages

hunchentoot-single-signon.

Internals

*compile-decl* (special variable).


4.1.3 hunchentoot-single-signon/src/spnego.lisp

Dependency

package.lisp (file).

Source

hunchentoot-single-signon.asd.

Parent Component

src (module).

Public Interface

spnego-auth (function).


5 Packages

Packages are listed by definition order.


Previous: , Up: Packages   [Contents][Index]

5.1 hunchentoot-single-signon

Implementation of SPNEGO authentication for Hunchentoot

Source

package.lisp.

Use List

common-lisp.

Public Interface

spnego-auth (function).

Internals

*compile-decl* (special variable).


6 Definitions

Definitions are sorted by export status, category, package, and then by lexicographic order.


Next: , Previous: , Up: Definitions   [Contents][Index]

6.1 Public Interface


6.1.1 Ordinary functions

Function: spnego-auth (body-handler-fn &optional failed-auth-fn)

Performs SPNEGO authentication. This function is intended to be called from a Hunchentoot handler, and the implementation assumes that no further Hunchentoot-related processing will take place after this call.

BODY-HANDLER-FN is a function that will be called after successful authentication. It is called with an instance of CL-GSS:NAME representing the identify of the user.

If given, FAILED-AUTH-FN is a function that will be called when authentication fails. Note that before this function is called, the return code has already been set to the correct value and should not be changed. The purpose of this function is to provide a more useful error message, and also possibly display a normal username and password form to allow users a different method to log in.

Package

hunchentoot-single-signon.

Source

spnego.lisp.


6.2 Internals


Previous: , Up: Internals   [Contents][Index]

6.2.1 Special variables

Special Variable: *compile-decl*
Package

hunchentoot-single-signon.

Source

package.lisp.


Appendix A Indexes


Next: , Previous: , Up: Indexes   [Contents][Index]

A.1 Concepts


Next: , Previous: , Up: Indexes   [Contents][Index]

A.2 Functions

Jump to:   F   S  
Index Entry  Section

F
Function, spnego-auth: Public ordinary functions

S
spnego-auth: Public ordinary functions

Jump to:   F   S  

Next: , Previous: , Up: Indexes   [Contents][Index]

A.3 Variables

Jump to:   *  
S  
Index Entry  Section

*
*compile-decl*: Private special variables

S
Special Variable, *compile-decl*: Private special variables

Jump to:   *  
S