Presto 3 Directory Provider Guide
A guide to augmenting built-in Presto support for directory service providers.
Table of Contents Overview Integrating a Directory Provider |
Overview
The Presto system allows administrators to plug in custom directory service providers, which are responsible for looking up users and groups, and authenticating Presto users, to augment built-in Presto support for Microsoft Active Directory and Apple Open Directory.
Presto Directory Provider plugins run as scripts or programs that output their results to stdout
as JSON formatted text.
Integrating a Directory Provider
To integrate an additional directory provider into the Presto system, follow these steps:
- Edit the
agent.conf
file, found in the following location: - Add a new custom directory provider section by pasting in the following text. After saving changes to the agent.conf file, the Presto service will automatically re-read the file and add the new directory provider to the Presto system.
- Create a script, with a path and file name matching that of
c:\script.js
in theagent.conf
file, that behaves as follows:
- It will accept a user name as a parameter to the command line (the password is read through stdin and can be null).
- If authentication succeeds, it will return the following information in JSON formatted text, followed by an exit code of 0:
- The provider name
- The name of the user
- The display name of the user
- The user's GUID
- An array of strings representing the groups to which the user belongs
- If authentication fails, it will print nothing to
stdout
and return a non-zero exit code.
-
Example Output
This example output uses jsmith@example.com as the user to be authenticated.
{ "provider": "Test Directory Provider", "name": "jsmith@example.com" "display_name": "John Smith", "guid": "71A5A282-986D-4E3B-A993-C81034517C70", "tags": [“standard-user”, “teachers” ] }
Note: The plugin can use whatever method it needs to determine if authentication succeeds. However, it must return the result as JSON formatted text.
PIN Code Authentication
Presto supports PIN Code authentication, which allows users to login with a PIN code, in addition to a username and password. To setup a PIN code directory service provider use the key authenticate_user_with_pin in the agent.conf file. The PIN code will be passed to the script via
stdin
, in the same manner as the password in username/password scripts.IP Address Authentication
Presto supports IP address authentication. This is ideal for Single-Sign-On support in conjunction with 802.11x wireless networks. A properly configured directory service provider that implements IP address authentication will allow users to start and use the Presto app without ever having to login. To setup an IP Address directory service provider, use the key authenticate_user_with_address in the agent.conf file. The IP Address will be passed to the script via
stdin
, in the same manner as the password in username/password scripts.
Windows
c:\ProgramData\collobos\presto\etc\agent.conf
Mac
/Library/Application Support/Collobos/Presto/etc/agent.conf
Linux
/etc/collobos/presto/agent.conf
This file is formatted as JSON text. It describes additional configuration that the Presto service will use to manage users and discover services on the network.
{ "plugins": { "directory": [ { "name": "Test Directory Provider", "authenticate_user": { "path": "C:\Program Files\nodejs\node", "args": [ "c:\script.js" ] } } ] } }