Login
Contents x
Local AAA Adapter
  • 11 Apr 2024
  • Dark
    Light
  • PDF
Contents

Local AAA Adapter

  • Updated on 11 Apr 2024
  • Dark
    Light
  • PDF
Article summary

Local AAA Configuration

A Local AAA adapter may be used in lab and development environments to locally authenticate users against a MongoDB collection inside the local AAA database.

Configure the Local AAA adapter to be a member of the AAA broker. Only one AAA adapter may be configured at a time.

The Local AAA adapter no longer uses the persistence broker; you can point Local AAA to any MongoDB database you choose. You must add the "database" configuration property, as shown in the example below.

Sample Local AAA Configuration

{
  "id": "Local AAA",
  "type": "local_aaa",
  "properties": {
    "database": {
      "db": "LocalAAA",
      "url": "mongodb://127.0.0.1:27017",
      "credentials": {
        "dbAuth": false
      }
    }
  },
  "brokers": [ "aaa" ]
}
Note:

If you are using dbAuth, make sure the username used by Local AAA adapter is created inside the same database set in the db property.

Add Users and Groups

To add more users for testing and development, you can create and import a new user JSON document.

  1. Install the bcrypt-cli node module required to generate a bcrypt hash.

    npm install --global bcrypt-cli

  2. Encrypt the user password using bcrypt-cli to create a hash.

    $ bcrypt-cli password 10
$2a$10$5KXKzv9Ech1w2nOSSPWCMuaqOS6aFCpKZV6IzfaYRRgN/xkwXYso2

  3. Be sure to create group documents for each group referenced by the accounts. After each group is created, configure the group from the Authorization menu by logging in as the IAP administrator.

Sample User Account Document (Local AAA User)

$ mongo db01/pronghorn --ssl -u pronghorn -p
MongoDB shell version v3.6.6
Enter password:
connecting to: mongodb://db01:27017/ph6
MongoDB server version: 3.6.6
$ use LocalAAA
switched to db LocalAAA
$ db.accounts.find();
{
    "_id": ObjectId("5b6f9fc3fe38e3bd73795d4d"),
    "username" : "admin@pronghorn",
    "activeTenant" : "*",
    "firstname" : "admin",
    "groups" : [ "pronghorn_admin" ],
    "password" : "$2a$10$5KXKzv9Ech1w2nOSSPWCMuaqOS6aFCpKZV6IzfaYRRgN/xkwXYso2",
    "tenants": []
}

Sample Group Document (Local AAA Group)

$ mongo db01/pronghorn --ssl -u pronghorn -p
MongoDB shell version v3.6.6
Enter password:
connecting to: mongodb://db01:27017/ph6
MongoDB server version: 3.6.6
$ use LocalAAA
switched to db LocalAAA
$ db.groups.find();
{
    "_id": ObjectId("5b6f9fc3fe38e3bd73795d56"),
    "name": "pronghorn_users",
    "group": "pronghorn_admin"
}

If you need to use local AAA encryption for securing IAP to MongoDB, learning how to encrypt the password for use in an adapter, or obfuscating the password, refer to the Encrypt Passwords in Local AAA section below.

Encrypt Passwords in Local AAA (Optional)

Itential recommends that all passwords are encrypted. This can be achieved by using the encryption script that is included within the pronghorn-core package or by using HashiCorp Vault Encryption.

Was this article helpful?
What's Next
Privacy Policy
Cookie Policy
Terms of Use
EULA
Copyright © 2024 Itential for Developers
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout