Presto 2 Directory Provider Guide

A guide to augmenting built-in Presto support for directory service providers.

Table of Contents
Overview
Integrating a Directory Provider

Overview

The Presto system allows administrators to plug in custom directory service providers, which are responsible for looking up users and groups, and authenticating Presto users, to augment built-in Presto support for Microsoft Active Directory and Apple Open Directory.

Presto Directory Provider plugins run as scripts or programs that output their results to stdout as JSON formatted text.

Integrating a Directory Provider

To integrate an additional directory provider into the Presto system, follow these steps:

  1. Edit the agent.conf file, found in the following location:
  2. Windows

    c:\ProgramData\collobos\presto\etc\agent.conf

    Mac

    /Library/Application Support/Collobos/Presto/etc/agent.conf

    Linux

    /etc/collobos/presto/agent.conf

    This file is formatted as JSON text. It describes additional configuration that the Presto service will use to manage users and discover services on the network.

  3. Add a new custom directory provider section by pasting in the following text. After saving changes to the agent.conf file, the Presto service will automatically re-read the file and add the new directory provider to the Presto system.
  4. {
     "plugins":
     {
       "directory":
       [
         {
           "name":   "Test Directory Provider",
          "authenticate_user":
          {
            "path": "C:\Program Files\nodejs\node",
            "args":
            [
            "c:\script.js"
            ]
          }
        }
       ]
     }
    }
    	
  5. Create a script, with a path and file name matching that of c:\script.js in the agent.conf file, that behaves as follows:
    • It will accept a user name as a parameter to the command line (the password is read through stdin and can be null).
    • If authentication succeeds, it will return the following information in JSON formatted text, followed by an exit code of 0:
      • The provider name
      • The name of the user
      • The display name of the user
      • The user's GUID
      • An array of strings representing the groups to which the user belongs
    • If authentication fails, it will print nothing to stdout and return a non-zero exit code. 
      • Example Output

        This example output uses jsmith@example.com as the user to be authenticated.

        {
        	"provider": "Test Directory Provider",
        	"name":  "jsmith@example.com"
        	"display_name": "John Smith",
        	"guid":  "71A5A282-986D-4E3B-A993-C81034517C70",
        	"tags":	[“standard-user”, “teachers” ]
        }
        			

        Note: The plugin can use whatever method it needs to determine if authentication succeeds. However, it must return the result as JSON formatted text. 

        PIN Code Authentication

        Presto supports PIN Code authentication, which allows users to login with a PIN code, in addition to a username and password. To setup a PIN code directory service provider use the key authenticate_user_with_pin in the agent.conf file. The PIN code will be passed to the script via stdin, in the same manner as the password in username/password scripts. 

        IP Address Authentication 

        Presto supports IP address authentication. This is ideal for Single-Sign-On support in conjunction with 802.11x wireless networks. A properly configured directory service provider that implements IP address authentication will allow users to start and use the Presto app without ever having to login. To setup an IP Address directory service provider, use the key authenticate_user_with_address in the agent.conf file. The IP Address will be passed to the script via stdin, in the same manner as the password in username/password scripts. 

Still need help? Contact Us Contact Us