SURF Research Access Management (SRAM) is a service to manage access to research resources, intended for Dutch led research collaborations.

You can add SRAM authentication to your own custom-made catalog item.

To do so, you need to use Nginx as a reverse proxy for your catalog item and make sure that your components are arranged in the following order:

  1. SRC-OS
  2. SRC-CO
  3. SRC-Nginx
  4. SRC-External
  5. <your component>

SRC-Nginx component will install and configure Nginx.  

Then you need to create and configure Nginx location block for your own component. This can be done by including the following block of code to the config  file of your component: 

location <url> {
  error_page 401 = @custom_401;                
  auth_request /validate;  
  auth_request_set $username $upstream_http_username; 
  proxy_set_header <REMOTE_USER> $username;           

Here's what this code block accomplishes:

  • The first line checks whether a user is authenticated and redirects them to the SRAM authentication page if not.
  • The subsequent line ensures the user's session remains valid; if not, the user is redirected to SRAM once more.
  • When user validation is successful, the username is stored in the $username variable.
  • Finally, the $username variable is passed to the REMOTE_USER header. You can customize the header name to match your application's requirements.

To complete the setup, save this configuration file to the following directory on your virtual machine: /etc/nginx/app-location-conf.d/your_application.conf

When all these steps are implemented correctly, you should now be able to access your workspace with your custom-made catalog item, secured with SRAM as the authentication tool.

  • No labels