CloudforkSSO on Pharo with stunnel

The latest version of CloudforkSSO (version 1.1.0) on Pharo uses the Zinc-HTTP library. This library contains a good http client. Actually it contains multiple http clients, depending on your requirements you can pick one of them.

One feature Zinc-HTTP doesn’t support (yet?) is secure http. Most of the OAuth and OpenID providers require https connections so this is a problem. There is a good workaround for this: you can use stunnel to handle the https protocol.

I used the following stunnel.conf on OS X:

; protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; security enhancements for UNIX systems
; for chroot a copy of some devices and files is needed within the jail
chroot = /opt/local/var/lib/stunnel/
setuid = nobody
setgid = nogroup
; PID is created inside the chroot jail
pid = /stunnel.pid

; performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib

CAfile = /opt/local/etc/stunnel/cacert.pem

; SSL client mode
client = yes

[google]
accept = 127.0.0.1:20011
connect = http://www.google.com:443

[twitter]
accept = 127.0.0.1:20012
connect = api.twitter.com:443


accept = 127.0.0.1:20013
connect = graph.facebook.com:443

The cacert.pem file is required to validate the server certificates. I downloaded a version from http://curl.haxx.se/ca/cacert.pem.

Now the Smalltalk side of things:

Load the latest CloudforkSSO version:

Gofer new
	squeaksource: 'Cloudfork'; 
	package: 'ConfigurationOfCloudforkSSO';
	load.
(Smalltalk at: #ConfigurationOfCloudforkSSO) project latestVersion load: 'Tests'

Instruct CloudforkSSO to use the tunnels for the secure hosts:

	self default httpClient: ((CFHttpClientTunnelAccess new)
		client: CFHttpClientZincAccess new ;
		tunnel: 'www.google.com' through: 'localhost:20011' ;
		tunnel: 'api.twitter.com' through: 'localhost:20012' ;
		tunnel: 'graph.facebook.com' through: 'localhost:20013' ;
		tunnel: 'open.login.yahooapis.com' through: 'localhost:20014' ;
		tunnel: 'openid.hyves-api.nl' through: 'localhost:20015' ;
		yourself )

Also see the example CFServicePharoUtils class>>setupHttpsTunnels. You can test the connection:

CFPlatformServiceUtils default httpClient httpGet: 'https://www.google.com/'

The demo application at http://sso.doit.st is also using stunnel.

Note that there are alternatives for stunnel. One of them is described here.

About these ads
Explore posts in the same categories: Cloudfork

Tags: , , , ,

Both comments and pings are currently closed.

One Comment on “CloudforkSSO on Pharo with stunnel”


  1. Just a small clarification that self in:

    self default httpClient: ((CFHttpClientTunnelAccess new) …

    should be: CFPlatformServiceUtils


Comments are closed.


Follow

Get every new post delivered to your Inbox.

%d bloggers like this: