beame-gatekeeper
v2.2.5
Published
Gateway TLS (SSL) server for authenticated access to your services
Downloads
95
Readme
Beame Gatekeeper
What is Beame Gatekeeper?
Beame-Gatekeeper is a framework that provides services/tools:
- To create and manage X.509 digital certificates in public domain
- HTTPS tunnels to expose applications running on local network to global internet
- Crypto library to create/manage keys, encrypt/decrypt sign/verify data, create/validate authentication tokens
- X.509 based identity manager for custom MFA
- SSO SAML Identity Provider (IDP)
- User management (invite/create/delete user) with trust-groups capability
- Administrating tools for full Gatekeeper managemnt (html-based console)
Here's a typical usecase for the Gatekeeper (Web-camera connected on local network is accessed from arbitrary laptop through Browser, with mobile authentication & control):
How is it different? We created a new breed of ID - cryptographic identity that lives on a mobile (get Beame Authenticator to your iOS device). Now it's easy to put a super-secure cryptographic identity on mobile and IoT devices. So the device can prove your identity by providing proof of possession of a secret key through the Gatekeeper framework. Keys created and stored on target. The Gatekeeper does not hold databases with sensitive data.
Click on the link below, to see Beame Gatekeeper demo on Youtube
More details (PDF) - The purpose of this paper is to describe the particular beame-gatekeeper use case as a tool for remote access to enterprise networks or IoT devices with mobile authentication. It provides an overview of possible product integration options. The document contains technical overview and description of provisioning and login processes.
User guide (PDF) - how to operate the Gatekeeper.
Continue with instructions below, to get your own Gatekeeper. Install it as a system service to keep your applications accessible. Or, if you want to just try it out first, install it as a standalone application. Go with the guide and in fast and easy process your Gatekeeper will be up and running.
Installing Beame Gatekeeper
Managing StrongSwan VPN using Beame Gatekeeper
Managing StrongSwan VPN using Beame Gatekeeper
What to do next?
Please read User guide (PDF). It describes what and how you can do with Beame-Gatekeeper.
Beame Gatekeeper environment variables
BEAME_AUTH_SERVER_PORT
- auth server local port, default 65000BEAME_BASE_URL
BEAME_DATA_FOLDER
- name of beame-gatekeeper data folder , default .beame_dataBEAME_DISABLE_DEMO_SERVERS
- disable demo apps on server start, default falseBEAME_DISABLE_SNS_VALIDATION
- set toINSECURE
to skip SNS messages validation.BEAME_EMAIL_URL
BEAME_ENV
- Defines the environment profile to run in:prod
ordev
BEAME_EXTERNAL_MATCHING_FQDN
BEAME_FQDN_PATTERN
BEAME_GATEKEEPER_DIR
- defines the base directory relative to which beame-gatekeeper files should be stored, defaultos.homedir()
BEAME_LOAD_BALANCER_URL
- Load balancer urlBEAME_LOGIN_URL
BEAME_LOG_LEVEL
- Can be set to DEBUG or other beame log levelsBEAME_LOG_TO_FILE
- Activates log console to file. Can be true or false.BEAME_OCSP_CACHE_PERIOD
- OCSP result cashing period , default 24 hoursBEAME_SEND_SMS
- When set to0
, disables sending SMS. Useful for debugging SMS invitation flow.BEAME_SERVER_FOLDER
- name of beame-gatekeeper config folder , default .beame_serverBEAME_UNIVERSAL_LINK_URL
BEAME_OIDC_BLOCK_SOCKETIO
- block all socket.io connections as if the client is not authorized. Useful for debugging.BEAME_AUTO_RENEWER
- When set to0
, disables the start of the auto renewer job.DEBUG=*
- Show all debug from nodeNODE_TLS_REJECT_UNAUTHORIZED=0
- disables all tls checks (usefull in some proxy scenarios). If we only need it for one app, then we should configure that one app with the isSecure = false instead.
Developer notes
- xml-encryption is not a dependency of the beame-gatekeeper, but of samlp. Since samlp is not adding it as its own dependency this was temporarely added to package.json of beame-gatekeeper. Remove it or find a better way to handle this in the future
- for applications that are not hosted on the root of the service url ex: https://site.company.com/folder/page.html?param=value, the service needs to be configured as following in the gatekeeper https://site.company.com***/folder/page.html?param=value . The *** will let the app know that is the base url so that proxying can be applied correctly.
- Services "Secure" option means disable TLS check