Command Line API Access
Some Web Applications can also be accessed as RESTful API’s. An example would be Prometheus, Grafana, Kibana, etc.
In this model, you create an ‘application’ in the system, and, when accessing via the Browser, are challenged to sign-in and provide an access token. To make this convenient for command-line access and other programmatic access, there are a set of techniques we can use.
See link to download the appropriate version for your OS and architecture. Place this on the path. There is no need to install nor run as root.
We can now test as follows:
~/bin/agilicus-agent proxify --release-train latest --auto-http-proxy --issuer https://auth.dbt.agilicus.cloud /bin/bash
This will give us a shell with https_proxy set (the –auto-http-proxy) and we can now run
curl -k https://myresource.MYCNAME
. The first time, the user will be prompted with a web browser popup to confirm identity. Subsequent runs will be automatic.
NOTE: In order to use the ‘http proxy’ you must currently disregard TLS identity failure (since it does a local MITM to inject the access token). This restriction will be removed in a subsequent update.
The ‘proxify’ command sets some well-known environment variables and then runs a sub-process. A participating application can either use the AGILICUS_HTTP_PROXY (use this as an HTTP proxy and configure it appropriately), AGILICUS_ACCESS_TOKEN (add this as an HTTP Header ‘Authorization: Bearer $AGILICUS_ACCESS_TOKEN’), use the auto variable (https_proxy, used by many runtimes).
For Java-based runtimes, you may need to set the http.proxyHost and http.proxyPort variables.
agilicus-agent proxify --help Run a sub-process (script etc) with environment variables set to HTTP proxy Environment variables set include: AGILICUS_ACCESS_TOKEN : you can add this in to 'Authorization: Bearer $AGILICUS_ACCESS_TOKEN' AGILICUS_HTTP_PROXY : a URI in the form of http://localhost:port that will accept a CONNECT verb and add bearer-token https_proxy : (if auto-http-proxy is set) if you are using golang, libcurl, etc, proxy will automatically occur. Example: agilicus-agent proxify --issuer https://auth.MYCNAME -- my-script arg1 arg2 Usage: agilicus-agent proxify [flags] Flags: --auto-http-proxy If true, export https_proxy, used by libcurl, golang, … --cfg-file string A path to a file containing the configuration --check-update-time-seconds int Specify the interval to check for a new release (default 14400) --debug Enabled debug logging -h, --help help for proxify --issuer string The OpenID connect server from which to get a token (https://auth.MYCNAME) --no-upgrades Do not try to run upgrades --noauth-local-webserver Log in using a different device --release-train string specify image release train (default "stable")
Return to Product Configuration
- Microsoft ClickOnce
- Agilicus Agent Windows Cluster
- Identity & Authentication Methods
- Content Security Policy
- Sign-In Theming
- Azure Active Directory
- Sign in With Microsoft
- Agilicus Agent (Desktop)
- Zero-Trust SSH Access
- Theory of Operation: CNAME + DOMAIN
- Zero-Trust Desktop Access
- Command Line API Access
- Multi-Factor Authentication
- Authentication Rules
- Application Request Access
- OpenWRT Agent Connector Install
- Synology Agent Connector Install
- Authentication Clients
- Authentication Rules
- Resource Permissions
- Resource Groups
- Legacy Active Directory