지금 지원 담당자와 채팅
지원 담당자와 채팅

One Identity Safeguard for Privileged Sessions 7.5.1 - Creating Custom Credential Store Plugins

Introduction

The following sections provide an overview on creating custom Credential Store plugins that can be used to authenticate on the target servers using an external Credential Store server (for example, a password manager or SSH private key store). For details on using an existing plugin, see Integrating external authentication and authorization systems in the Administration Guide.

This document is a general overview of plugin requirements. If you want to write your own custom plugin, make sure to use the not officially supported Plugin SDK. For details, see: https://oneidentity.github.io/safeguard-sessions-plugin-sdk/latest/

Caution:

Using custom plugins in SPS is recommended only if you are familiar with both Python and SPS. Product support applies only to SPS: that is, until the entry point of the Python code and passing the specified arguments to the Python code. One Identity is not responsible for the quality, resource requirements, or any bugs in the Python code, nor any crashes, service outages, or any other damage caused by the improper use of this feature, unless explicitly stated in a contract with One Identity. If you want to create a custom plugin, contact our Support Team for details and instructions.

The Credential Store plugin is a Python module.One Identity Safeguard for Privileged Sessions (SPS) invokes the module to request the password or the SSH private key of the target user. The plugin processes the request, returns the result to SPS, and exits. SPS then processes the result.

The backup and restore functionality of SPS handles the uploaded Credential Store plugin as part of SPS's configuration. You do not need to create separate backups of your Credential Store plugin.

Plugin packaging

An SPS plugin is a .zip file that contains a MANIFEST file (with no extension) and a Python module named main.py in its root directory. The plugin .zip file may also contain an optional default.cfg file that serves to provide an example configuration, which you can use as a basis for customization if you wish to adapt the plugin to your site's needs. The size of the .zip file is limited to 20 megabytes.

Including additional modules

You can invoke additional Python modules from main.py, provided that the total size of the .zip bundle does not exceed 20 megabytes and all calls are executed within the plugin timeout.

The modules must be compatible with the selected Python environment. For more information, see The available Python environments in the Creating Custom Authentication and Authorization Plugins.

The MANIFEST file

The MANIFEST file is a YAML file and should conform to version 1.2 of the YAML specification.

It must contain the following information about the plugin:

  • name: The identifier of the plugin during the upload to SPS. The initial character must be an alphabetical character, while the rest may be alphabetical characters, numerals or '_'. While case sensitivity is supported, special characters (for example, '@' or '&') are not permitted.
  • description: The description of the plugin. This description is displayed on the SPS web interface.
  • version: The version number of the plugin. It must begin with a numeral (for example, 2.0.3).
  • type: The type of the plugin. It must be credentialstore for a Credential Store plugin and aa for an Authentication and Authorization plugin.
  • api: The version number of the required SPS API. The current version number is 1.2.

It may contain the following elements:

  • entry_point: main.py: The custom entry point of the plugin.
  • scb_min_version: The minimum SPS product version compatible with the plugin. For example, 5.10.0 means 5F10.
  • scb_max_version: The maximum compatible SPS product version. To allow any version below a certain value, add the ~charater. For example, 5.11.0~ means "any version up till, but not including, 5.11.0".
Example
name: name: SPS_TPAM
description: OneIdentity TPAM plugin
version: 2.0.1
type: credentialstore
api: 1.1
entry_point: main.py
셀프 서비스 도구
지식 기반
공지 및 알림
제품 지원
소프트웨어 다운로드
기술 설명서
사용자 포럼
비디오 자습서
RSS 피드
문의처
라이센싱 지원가져오기
기술 지원
모두 보기
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택