salt icon indicating copy to clipboard operation
salt copied to clipboard
verified publisher icon saltstack

Add oauth and SAML support to salt-api

Open whiteinge opened this issue 10 years ago • 13 comments

Single sign-on would be quite useful for salt-api and work well with salt-api's existing session token <-> salt token abstraction.

whiteinge avatar Mar 26 '15 15:03 whiteinge

:+1: OAuth2.0 support would be great!

eliasp avatar Dec 04 '15 07:12 eliasp

:+1:

DanyC97 avatar Dec 10 '15 09:12 DanyC97

👍

punkdata avatar Aug 12 '16 18:08 punkdata

Let's bring this to 2018: username + password auth is hard/impossible to integrate in single-sign-on environments.

guedressel avatar Apr 30 '18 21:04 guedressel

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

stale[bot] avatar Aug 13 '19 21:08 stale[bot]

Please keep this feature request open.

guedressel avatar Aug 14 '19 14:08 guedressel

Thank you for updating this issue. It is no longer marked as stale.

stale[bot] avatar Aug 14 '19 14:08 stale[bot]

I'm surprised there hasn't been any headway on this yet!

najamansari avatar Sep 06 '19 11:09 najamansari

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

stale[bot] avatar Jan 07 '20 23:01 stale[bot]

:-(

guedressel avatar Jan 08 '20 06:01 guedressel

Thank you for updating this issue. It is no longer marked as stale.

stale[bot] avatar Jan 08 '20 06:01 stale[bot]

I have no Idea how this would get implemented, but on the AWS CLI they have an SSO login that redirects you to a web browser and grabs the login tokens from there. Would this be possible to implement in something like salt-pepper, or at least an option to implement for someone building a custom webui via the salt-api? the original request was for this to work with the API not necessarily via the ssh cli and you can define what auth method you are using if you have more than one auth method configured in the system when logging in via the API and CLI.

absmith82 avatar Apr 16 '21 16:04 absmith82

Hiho,

I cooked up a way to use OAUTH2 Proxy in front of rest_cherrypy. The credentials are handed to rest_cherrypy via HTTP headers. Please have a thorough look if this helps for your use cases.

Cheers

Malte-Wagner avatar Aug 19 '24 11:08 Malte-Wagner