inspectit-ocelot icon indicating copy to clipboard operation
inspectit-ocelot copied to clipboard

Published 20 hours ago verified publisher icon inspectIT

Implement proxy authentication for the configuration server

Open mariusoe opened this issue 5 years ago • 3 comments

For easier usage of the configuration server's web-UI, the configuration server should be able to support a proxy authentication.

If the config server is used behind a reverse proxy, which is able to authenticate the current user, it should be possible to pass this information to the configuration server. The config server should be able to login a user which is specified in a specific header field, set by the reverse proxy.

This function should be similar to the "Auth Proxy" function of Grafana. See: https://grafana.com/docs/grafana/latest/auth/auth-proxy/

mariusoe avatar Mar 09 '20 08:03 mariusoe

So there's already support for this in SpringBoot, by using the properly configured RequestHeaderAuthenticationFilter.

Quite an advance example: https://insource.io/blog/articles/stateless-api-security-with-spring-boot-part-2.html

ivansenic avatar Apr 08 '20 09:04 ivansenic

Is there role based access so you would be able to have normal end users and then admins? Thanks.

T

unc1 avatar Oct 15 '20 17:10 unc1

Hi @unc1 ,

This issue has nothing todo with authorization. The configuration server already supports role-based access control, but only if you use LDAP for authentication: https://inspectit.github.io/inspectit-ocelot/docs/config-server/user-authentication#authorization

JonasKunz avatar Oct 19 '20 11:10 JonasKunz