Service extensions (Legacy)

ℹ️

This topic refers to legacy service extension syntax. For the current service extension syntax, see Service Extensions.

Integrating identity systems requires extreme configurability. Service Extensions give administrators the ability to customize the behavior of the Maverics Orchestrator to suit the particular needs of their integration.

ℹ️

We recommend not sharing Maverics session cookies with upstream apps, as doing so has security implications that may result in session hijacking or spoofing.

How To Define a Service Extension

Defining a Service Extension in config

It is possible to define a Service Extension completely within a config file, simply by putting the function definition in-line.

Here’s an example of loading a simple attribute via loadAttrsSE in-line.

appgateways:
  - name: Sonar
    basePath: /
    upstream: https://app.sonarsystems.com:8443
    tls: sonar-app

    policies:
    - location: /
      loadAttrsSE: 
        funcName: LoadAttrs
        code: |+
          import (
            "maverics/app"
            "maverics/session"

            "net/http"
            "time"
          )

          func LoadAttrs(ag *app.AppGateway, rw http.ResponseWriter, req *http.Request) error {
            session.Set(req, "loginTime", time.Now().String())
            return nil
          }          

Defining Service Extensions in distinct files

Alternatively, a Service Extension can be defined in a separate file which is simply referenced in the config file.

appgateways:
  - name: Sonar
    basePath: /
    upstream: https://app.sonarsystems.com:8443
    tls: sonar-app

    policies:
    - location: /
      loadAttrsSE: 
        funcName: LoadAttrs
        file: /etc/maverics/LoadAttributes.go

With the separate file LoadAttributes.go containing:

package main

import (
  "maverics/app"
  "maverics/session"

  "net/http"
  "time"
)

func LoadAttrs(ag *app.AppGateway, rw http.ResponseWriter, req *http.Request) error {
  session.Set(req, "loginTime", time.Now().String())
  return nil
}

Service Extension Points

You can customize the identity experience at the following service extension points:

Additional Maverics Packages

Maverics also includes a number of packages that can be used within Service Extensions to help enable the loading of attributes, logging in, returning policy decision results, getting session attributes, providing attributes, logging, and loading secrets.

Details at Maverics Packages.

Examples

Additional Service Extension examples can be found at strata-io/strata-service-extension-examples.

Idioms

Exported Functions

When defining a Service Extension, the function name should be capitalized in order to indicate that the function is exported and will be the entry point called by the orchestrator runtime. Capitalizing extension names helps to differentiate between the public Service Extension API and internal utilities.

Effective Go

The Go language defines a broad set of idioms for writing Effective Go. Service Extensions should generally follow these idioms in order to align with best practices.

Explore

Docs About

Documentation

For more information, visit Hextra.