Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
Bookmark
|
Subscribe
1415
Views
0
Helpful
2
Comments

NSO external authentication python script example - for demo purpose

faayvaz
Cisco Employee
Cisco Employee
‎09-03-2020 01:10 AM
Dear All,
 
Referring to "NSO Access Control - Role-based and Resource-based Access" session, which was presented in Cisco NSO Developer Days 2020 (Virtual) event, I share the external authentication script that was used for the actual NSO demonstrations shared within the presentation and follow-up discussions.
 
NSO Access Control – Role-based and Resource-based Access On-Demand Session

https://youtu.be/hnoueH0vI8k

Please let me know if you will have any comments/questions on it.

Kind Regards
Fatih Ayvaz
Solutions Architect, Cisco CX
0 Helpful
2 Comments
faayvaz
Cisco Employee
Cisco Employee
‎09-03-2020 01:12 AM
‎09-03-2020 01:12 AM
#!/usr/bin/env python

import sys, re

# please modify below as per your NSO_LOG directory
f=open("<some_dir>/external-authentication.log", "a+")
f.write("\nCalled\n")

credentialstring = sys.stdin.readline()[:-2][1:]

if credentialstring.endswith(';'):
newcreds = credentialstring[:-1]
else:
newcreds = credentialstring

credentials = newcreds.split(';')
stringcount = len(credentials)
if stringcount == 1:
token = credentials[0]
elif stringcount == 2:
user = credentials[0]
password = credentials[1]
elif stringcount == 5:
token = credentials[0]
extraip = credentials[1]
extraport = credentials[2]
extracontext = credentials[3]
extraproto = credentials[4]
else:
f.write("Number of fields in stdin is not recognised:\n" + "counted: " + str(stringcount) + ": in: " + newcreds + "\n")
exit()

if stringcount == 1:
f.write("Token based authentication\n" + "TOKEN: " + token + "\n")
if user == 'tokenfatih':
print "accept group_ayvaz 1000 1000 /var/python/homes/ fatih\n"
elif user == 'tokendemouser1':
print "accept demogroup1 demogroupN 1000 1000 /var/python/homes/ demouser1\n"
f.close()
exit()
elif stringcount == 5:
f.write("External-validation with extra fields(token;ip;port;context;proto)\n")
f.write("TOKEN: " + token + ": IP: " + extraip + ": PORT: " + extraport + ": CONTEXT: " + extracontext + ": PROTO: " + extraproto + "\n")
if token == 'tokenfatih':
print "accept group_ayvaz 1000 1000 /var/python/homes/ fatih\n"
elif token == 'tokendemouser1':
print "accept demogroup1 demogroupN 1000 1000 /var/python/homes/ demouser1\n"
f.close()
exit()
else:
f.write("\n" + "user: " + user + ": password: " + password + "\n")
#f.write("\n" + "user0: " + user0 + ": password0: " + password0 + "\n")
if user == 'fatih' and password == 'cisco':
print "accept group_ayvaz 1000 1000 /var/python/homes/\n"
elif user == 'demouser1' and password == 'cisco':
print "accept demogroup1 demogroupN 1000 1000 /var/python/homes/\n"
elif user == 'demouser2' and password == 'cisco':
print "accept demogroup2 demogroupN 1000 1000 /var/python/homes/\n"
elif user == 'demouser3' and password == 'cisco':
print "accept demogroup3 demogroupN 1000 1000 /var/python/homes/\n"
elif user == 'demouser4' and password == 'cisco':
print "accept demogroup4 1000 1000 /var/python/homes/\n"
else:
print "reject\n"
f.close()
exit()
0 Helpful
faayvaz
Cisco Employee
Cisco Employee
‎09-03-2020 01:18 AM
‎09-03-2020 01:18 AM 
#!/usr/bin/env python

import sys, re

# please modify below as per your NSO_LOG directory
f=open("<some_dir>/external-authentication.log", "a+")
f.write("\nCalled\n")

credentialstring = sys.stdin.readline()[:-2][1:]

if credentialstring.endswith(';'):
   newcreds = credentialstring[:-1]
else:
   newcreds = credentialstring

credentials = newcreds.split(';')
stringcount = len(credentials)
if stringcount == 1:
    token = credentials[0]
elif stringcount == 2:
    user = credentials[0]
    password = credentials[1]
elif stringcount == 5:
    token = credentials[0]
    extraip = credentials[1]
    extraport = credentials[2]
    extracontext = credentials[3]
    extraproto = credentials[4]
else:
    f.write("Number of fields in stdin is not recognised:\n" + "counted: " + str(stringcount) + ": in: " + newcreds + "\n")
    exit()

if stringcount == 1:
    f.write("Token based authentication\n" + "TOKEN: " + token + "\n")
    if user == 'tokenfatih':
       print "accept group_ayvaz 1000 1000 /var/python/homes/ fatih\n"
    elif user == 'tokendemouser1':
       print "accept demogroup1 demogroupN 1000 1000 /var/python/homes/ demouser1\n"
    f.close()
    exit()
elif stringcount == 5:
    f.write("External-validation with extra fields(token;ip;port;context;proto)\n")
    f.write("TOKEN: " + token + ": IP: " + extraip + ": PORT: " + extraport + ": CONTEXT: " + extracontext + ": PROTO: " + extraproto + "\n")
    if token == 'tokenfatih':
        print "accept group_ayvaz 1000 1000 /var/python/homes/ fatih\n"
    elif token == 'tokendemouser1':
        print "accept demogroup1 demogroupN 1000 1000 /var/python/homes/ demouser1\n"
    f.close()
    exit()
else:
    f.write("\n" + "user: " + user + ": password: " + password + "\n")
    #f.write("\n" + "user0: " + user0 + ": password0: " + password0 + "\n")
    if user == 'fatih' and password == 'cisco':
        print "accept group_ayvaz 1000 1000 /var/python/homes/\n"
    elif user == 'demouser1' and password == 'cisco':
        print "accept demogroup1 demogroupN 1000 1000 /var/python/homes/\n"
    elif user == 'demouser2' and password == 'cisco':
        print "accept demogroup2 demogroupN 1000 1000 /var/python/homes/\n"
    elif user == 'demouser3' and password == 'cisco':
        print "accept demogroup3 demogroupN 1000 1000 /var/python/homes/\n"
    elif user == 'demouser4' and password == 'cisco':
        print "accept demogroup4 1000 1000 /var/python/homes/\n"
    else:
        print "reject\n"
    f.close()
    exit()
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the NSO Developer community:

Popular Articles
Customers Also Viewed These Support Documents
Top