Need private packages and team management tools?Check out npm Teams »


2.2.5 • Public • Published

Beame Gatekeeper

Build Status npm version HitCount

What is Beame Gatekeeper?

Beame-Gatekeeper is a framework that provides services/tools:

  • To create and manage X.509 digital certificates in public domain
  • HTTPS tunnels to expose applications running on local network to global internet
  • Crypto library to create/manage keys, encrypt/decrypt sign/verify data, create/validate authentication tokens
  • X.509 based identity manager for custom MFA
  • SSO SAML Identity Provider (IDP)
  • User management (invite/create/delete user) with trust-groups capability
  • Administrating tools for full Gatekeeper managemnt (html-based console)

Here's a typical usecase for the Gatekeeper (Web-camera connected on local network is accessed from arbitrary laptop through Browser, with mobile authentication & control):


How is it different? We created a new breed of ID - cryptographic identity that lives on a mobile (get Beame Authenticator to your iOS device). Now it's easy to put a super-secure cryptographic identity on mobile and IoT devices. So the device can prove your identity by providing proof of possession of a secret key through the Gatekeeper framework. Keys created and stored on target. The Gatekeeper does not hold databases with sensitive data.

Click on the link below, to see Beame Gatekeeper demo on Youtube
Alt Beame Gatekeeper demo #1

More details (PDF) - The purpose of this paper is to describe the particular beame-gatekeeper use case as a tool for remote access to enterprise networks or IoT devices with mobile authentication. It provides an overview of possible product integration options. The document contains technical overview and description of provisioning and login processes.

User guide (PDF) - how to operate the Gatekeeper.

Continue with instructions below, to get your own Gatekeeper. Install it as a system service to keep your applications accessible. Or, if you want to just try it out first, install it as a standalone application. Go with the guide and in fast and easy process your Gatekeeper will be up and running.

Installing Beame Gatekeeper

Managing StrongSwan VPN using Beame Gatekeeper

Managing StrongSwan VPN using Beame Gatekeeper

What to do next?

Please read User guide (PDF). It describes what and how you can do with Beame-Gatekeeper.

Beame Gatekeeper environment variables

  • BEAME_AUTH_SERVER_PORT - auth server local port, default 65000


  • BEAME_DATA_FOLDER - name of beame-gatekeeper data folder , default .beame_data

  • BEAME_DISABLE_DEMO_SERVERS - disable demo apps on server start, default false

  • BEAME_DISABLE_SNS_VALIDATION - set to INSECURE to skip SNS messages validation.


  • BEAME_ENV - Defines the environment profile to run in: prod or dev



  • BEAME_GATEKEEPER_DIR - defines the base directory relative to which beame-gatekeeper files should be stored, default os.homedir()

  • BEAME_LOAD_BALANCER_URL - Load balancer url


  • BEAME_LOG_LEVEL - Can be set to DEBUG or other beame log levels

  • BEAME_LOG_TO_FILE - Activates log console to file. Can be true or false.

  • BEAME_OCSP_CACHE_PERIOD - OCSP result cashing period , default 24 hours

  • BEAME_SEND_SMS - When set to 0, disables sending SMS. Useful for debugging SMS invitation flow.

  • BEAME_SERVER_FOLDER - name of beame-gatekeeper config folder , default .beame_server


  • BEAME_OIDC_BLOCK_SOCKETIO - block all connections as if the client is not authorized. Useful for debugging.

  • BEAME_AUTO_RENEWER - When set to 0, disables the start of the auto renewer job.

  • DEBUG=* - Show all debug from node

  • NODE_TLS_REJECT_UNAUTHORIZED=0 - disables all tls checks (usefull in some proxy scenarios). If we only need it for one app, then we should configure that one app with the isSecure = false instead.

Developer notes

  • xml-encryption is not a dependency of the beame-gatekeeper, but of samlp. Since samlp is not adding it as its own dependency this was temporarely added to package.json of beame-gatekeeper. Remove it or find a better way to handle this in the future
  • for applications that are not hosted on the root of the service url ex:, the service needs to be configured as following in the gatekeeper***/folder/page.html?param=value . The *** will let the app know that is the base url so that proxying can be applied correctly.
  • Services "Secure" option means disable TLS check




npm i beame-gatekeeper

DownloadsWeekly Downloads






Unpacked Size

40.2 MB

Total Files


Last publish


  • avatar
  • avatar
  • avatar
  • avatar