6. AA plugin development

The AAPlugin base class enables rapid authentication and authorization plugin development by providing a base class that implements common AA plugin functionality that any AA plugin should possess. There are also helper functions and Python decorators for simplifying frequent tasks. The MFAClient base class can be used together with AAPlugin for simple integration with multi factor authentication services where the user identity and password is enough for a successful authentication.

• 6.1. Common configuration options
• 6.2. Plugin development
  • 6.2.1. Administrative tasks
  • 6.2.2. Basic functionality
  • 6.2.3. Pre-defined attributes on self
  • 6.2.4. Asking the end-user
  • 6.2.5. Using cookies
  • 6.2.6. Setting gateway user and groups
  • 6.2.7. Setting additional meta data
  • 6.2.8. Avoiding costly calculations
  • 6.2.9. Adding to the constructor
  • 6.2.10. Authentication cache
  • 6.2.11. Altering the steps
• 6.3. Plugin response
  • DenyReasons
    • DenyReasons.authentication_failure
    • DenyReasons.communication_error
    • DenyReasons.backend_service_error
  • AAResponse
    • AAResponse.accept()
    • AAResponse.deny()
    • AAResponse.need_info()
    • AAResponse.with_additional_metadata()
    • AAResponse.with_cookie()
    • AAResponse.with_gateway_user()
    • AAResponse.with_session_cookie()
    • AAResponse.with_reason()
• 6.4. Connection information
  • ConnectionInfo
    • ConnectionInfo.connection_name
    • ConnectionInfo.client_ip
    • ConnectionInfo.client_port
    • ConnectionInfo.client_hostname
    • ConnectionInfo.gateway_domain
    • ConnectionInfo.gateway_groups
    • ConnectionInfo.gateway_password
    • ConnectionInfo.gateway_user
    • ConnectionInfo.gateway_username
    • ConnectionInfo.key_value_pairs
    • ConnectionInfo.protocol
    • ConnectionInfo.session_id
    • ConnectionInfo.server_domain
    • ConnectionInfo.target_domain
    • ConnectionInfo.server_ip
    • ConnectionInfo.target_ip
    • ConnectionInfo.target_host
    • ConnectionInfo.target_server
    • ConnectionInfo.server_port
    • ConnectionInfo.target_port
    • ConnectionInfo.server_hostname
    • ConnectionInfo.server_username
    • ConnectionInfo.target_username
• 6.5. AAPlugin
  • 6.5.1. AAPlugin way of working
  • 6.5.2. AAPlugin methods and attributes
  • AAPlugin
    • AAPlugin.connection
    • AAPlugin.cookie
    • AAPlugin.session_cookie
    • AAPlugin.username
    • AAPlugin.mfa_identity
    • AAPlugin.mfa_password
    • AAPlugin.do_authenticate()
    • AAPlugin.do_authorize()
    • AAPlugin.do_session_ended()
    • AAPlugin._authentication_steps()
    • AAPlugin._post_successful_authentication_steps()
    • AAPlugin._authorization_steps()
    • AAPlugin._session_ended_steps()
    • AAPlugin._extract_username()
    • AAPlugin._map_username_explicit()
    • AAPlugin._map_username_ldap()
    • AAPlugin._transform_username()
    • AAPlugin._check_username()
    • AAPlugin._extract_mfa_password()
    • AAPlugin.authenticate()
    • AAPlugin.authorize()
    • AAPlugin.session_ended()
    • AAPlugin._add_gateway_user()