Skip to content

axiomatics/kong-axiomatics-plugin

Repository files navigation

Kong Axiomatics

A plugin that integrates Kong with an Axiomatics PDP endpoint.

Description

Before proxying the request to an API upstream of Kong, this plugin will send a XACML JSON POST request to an Axiomatics PDP endpoint and based on the response determine whether to proceed or return.

Installation

With a local instance of Kong

Clone this repo

$ git clone https://github.com/axiomatics/kong-axiomatics-plugin
$ cd kong-axiomatics-plugin
$ luarocks make *.rockspec

You will also have to add the kong-axiomatics-plugin in your configuration file. If you are starting from the default kong.conf file uncomment the plugins key and add this one

  plugins = bundled, kong-axiomatics-plugin

Restart Kong using this configuration file and you're ready to go

  kong stop
  kong start -c /etc/kong/kong.conf

With docker

Start Kong

  docker-compose up -d

Check the log and make sure that Kong has started

  docker-compose logs -f kong

Add the Axiomatics plug-in

  ./addCustomPlugin.sh

Create a sample service

  ./createExampleService.sh

Stop Kong as well as remove Docker volume to be able to start from scratch

  docker-compose down -v

Configuration

Form Parameter Required Default Description
config.pdp_url yes The URL to which the plugin will make a JSON POST request before proxying the original request.
config.token_header_name yes Authorization The name of the header that carries the JWT
config.claims_to_include no A list of strings that correspond to the claims we are interested in forwarding to the PDP from the JWT
config.pdp_username yes The user that is allowed to send a request to the PDP
config.pdp_password yes The password for the PDP user
config.url_parameter_matching no
config.url_parameter_key no

Author

Initial author: Ioannis Iordanidis
Continued work by: Jonas Iggbom

License

  The MIT License (MIT)
  =====================

  Copyright (c) 2019 Ioannis P. Iordanidis

  The software is provided "as is", without warranty of any kind, express or
  implied, including but not limited to the warranties of merchantability,
  fitness for a particular purpose and noninfringement. In no event shall the
  authors or copyright holders be liable for any claim, damages or other
  liability, whether in an action of contract, tort or otherwise, arising from,
  out of or in connection with the software or the use or other dealings in
  the software.

Releases

No releases published

Packages

No packages published