cancel
Showing results for 
Search instead for 
Did you mean: 
Disclaimer
JUMPCLOUD EXPRESSLY DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, CONDITIONS, AND LIABILITIES OF ANY KIND ARISING FROM OR RELATED TO THIRD-PARTY SOFTWARE, SCRIPTS, REPOSITORIES, AND APIS. JUMPCLOUD IS NOT REQUIRED TO SUPPORT ANY SUCH THIRD-PARTY MATERIALS AND ALL RISKS RELATED TO THIRD-PARTY MATERIALS ARE YOUR RESPONSIBILITY. PLEASE ALSO REVIEW THE JUMPCLOUD TOS.

[Python] SSSIP - Self Service Software Installation Portal (experimental)

JuergenKlaassen
Rising Star III
Rising Star III

SSSIPlogo.jpg

Hello Community Folks

I'd like to share an (experimental) approach for a Software Self Service Installation Portal (SSSIP) with you. 

My requirements were: 

  • login via JumpCloud User Console
  • queries based on the authenticated user
  • only allow certain applications for a self-serviced installation (this requires more efforts, i.e. a whitelist)

Solution

1. Overview
This software installation portal is a Python-based web application that allows authenticated users to install software on their devices. It integrates with JumpCloud via OIDC for user authentication and API's for device management related actions.
The application provides a simple interface to select software applications and target devices for installation.

2. Setup and Installation
Requirements

  • Python 3.6 or later
  • Flask and Flask-OIDC libraries
  • A JumpCloud tenant with configured OIDC application
  • JumpCloud API-key
  • Ngrok to expose the app externally during development

Installation Steps
- Clone or download the repository to your local machine (not for production, then host it somewhere).
- Navigate to the project directory and install the required Python packages: pip install -r requirements.txt.

 

Flask==2.1.2
Flask-OIDC==1.5.0
requests==2.28.1

 

- Create the app on JumpCloud (Custom OIDC)
SCR-20231102-okcm.png

 


- Update the client_secrets.json file with your JumpCloud OIDC application credentials.

 

{
    "web": {
        "client_id": "your_client_id",
        "client_secret": "your_client_secret",
        "auth_uri": "https://your_auth_uri",
        "token_uri": "https://your_token_uri",
        "issuer": "https://your_issuer",
        "userinfo_uri": "https://your_userinfo_uri",
        "redirect_uris": ["your_redirect_uri"],
        "client_auth_methods": ["client_secret_post"]
    }
}

 


- Set up the environment variables for the JumpCloud API Key.
- Start the application: python app.py.
- Access the portal through a web browser: http://127.0.0.1:5000/.

3. Usage
User Authentication
Users need to authenticate via JumpCloud's User Console to access the portal.
After successful authentication, the user's information is fetched and displayed on the portal.

SCR-20231102-ogqo.png

 

Software Installation
- Select a software application from the list.
- Choose a target device from the dropdown menu. 
- Click the "Install" button to initiate the software installation on the selected device.

Screen Recording 2023-11-02 at 16.12.08.gif

 

4. Configuration
app.py
- Configure the JumpCloud API Key.
- Set the OIDC realm and secret key.

client_secrets.json
Update this file with your JumpCloud OIDC application credentials.

5. Customization
The portal can be customized to filter software applications based on the package manager.
This is achieved by updating the loadApps function in the index.html file.

6. BOM

  • app.py (actual Python application)
  • index.htm (web frontend
  • client_secrets.json (OIDC Config)
  • requirements.txt (PIP Install)

7. Important and final notes

- Don't use this app 'as is' in production. If you intend to do so, please make that the application is updated and secured to your standards. 
- Keep in mind that this is a general demonstration of what is doable with JumpCloud and it's API's. 
- This is a community content and therefore unsupported

As usual, you can find my contributions on my Github

Thanks for reading and I'd like to get feedback and what enhancements and additional features you'd like to see. 
Cheers
- Juergen


 

0 REPLIES 0