A plugin that integrates Kong with an Axiomatics PDP endpoint.
Before proxying the request to an API upstream of Kong, this plugin will send a XACML JSON POST request to an Axiomatics PDP endpoint and based on the response determine whether to proceed or return.
Clone this repo
$ git clone https://github.com/axiomatics/kong-axiomatics-plugin $ cd kong-axiomatics-plugin $ luarocks make *.rockspec
You will also have to add the kong-axiomatics-plugin in your configuration file. If you are starting from the default kong.conf file uncomment the plugins key and add this one
plugins = bundled, kong-axiomatics-plugin
Restart Kong using this configuration file and you're ready to go
kong stop kong start -c /etc/kong/kong.conf
Start Kong
docker-compose up -d
Check the log and make sure that Kong has started
docker-compose logs -f kong
Add the Axiomatics plug-in
./addCustomPlugin.sh
Create a sample service
./createExampleService.sh
Stop Kong as well as remove Docker volume to be able to start from scratch
docker-compose down -v
| Form Parameter | Required | Default | Description |
|---|---|---|---|
config.pdp_url |
yes | The URL to which the plugin will make a JSON POST request before proxying the original request. |
|
config.token_header_name |
yes | Authorization | The name of the header that carries the JWT |
config.claims_to_include |
no | A list of strings that correspond to the claims we are interested in forwarding to the PDP from the JWT | |
config.pdp_username |
yes | The user that is allowed to send a request to the PDP | |
config.pdp_password |
yes | The password for the PDP user | |
config.url_parameter_matching |
no | ||
config.url_parameter_key |
no |
Initial author: Ioannis Iordanidis
Continued work by: Jonas Iggbom
The MIT License (MIT) ===================== Copyright (c) 2019 Ioannis P. Iordanidis The software is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.