Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Research moving API OpenID-Connect/OAuth2 support into Apache configuration #19866

Closed
3 tasks done
jvlcek opened this issue Feb 24, 2020 · 4 comments · Fixed by ManageIQ/manageiq-appliance#282, ManageIQ/manageiq-api#828, #20131 or ManageIQ/manageiq-appliance_console#117
Closed
3 tasks done

Research moving API OpenID-Connect/OAuth2 support into Apache configuration #19866

jvlcek opened this issue Feb 24, 2020 · 4 comments · Fixed by ManageIQ/manageiq-appliance#282, ManageIQ/manageiq-api#828, #20131 or ManageIQ/manageiq-appliance_console#117
Assignees
@jvlcek
Labels
core/authentication refactoring
Milestone
Jansa

Comments

@jvlcek
Copy link
Member

jvlcek commented Feb 24, 2020
edited by Fryguy
Loading

manageiq-api PR 737 added OpenID-Connect/OAuth2 support to the API.

It might be possible to simplify this solution by leveraging OpenID-Connect/OAuth2 setup in the mod_auth_openidc configuration files.

This issue will be used to track this investigation.
@jvlcek
Copy link
Member Author

jvlcek commented Feb 24, 2020

@miq-bot add_label core/authentication
@miq-bot add_label refactoring
@miq-bot assign @jvlcek

@jvlcek jvlcek mentioned this issue Feb 24, 2020
Merged
@chessbyte chessbyte mentioned this issue Feb 24, 2020
Closed
16 tasks
@jvlcek jvlcek mentioned this issue Mar 6, 2020
Merged
@bdunne
Copy link
Member

bdunne commented Mar 13, 2020

If this is not possible, then tests should be added to cover the code moved in #19936

@chessbyte chessbyte changed the title Research moving API OpenID-Connect/OAuth2 support into configuration. Research moving API OpenID-Connect/OAuth2 support into Apache configuration Mar 20, 2020
@abellotti
Copy link
Member

Hi @jvlcek, was peeking at this today, looks like we should be able to protect our /api endpoint Location
using an AuthType of oauth20. There's a good write-up on it at https://github.com/zmartzone/mod_auth_openidc/wiki/OAuth-2.0-Resource-Server

Hopefully we can kick the tire with some of these examples.

@jvlcek
Copy link
Member Author

jvlcek commented Mar 20, 2020

@abellotti Thank you for that pointer. I'm kicking away at the tires on it right now.

jvlcek added a commit to jvlcek/manageiq-appliance that referenced this issue May 6, 2020
@jvlcek
Move API OpenID-Connect support to Apache configuration
6ee6386 
Fixes ManageIQ/manageiq#19866
@jvlcek jvlcek mentioned this issue May 6, 2020
Merged
jvlcek added a commit to jvlcek/manageiq-api that referenced this issue May 6, 2020
@jvlcek
Move API OpenID-Connect support to Apache configuration
10f9684 
Fixes ManageIQ/manageiq#19866
@jvlcek jvlcek mentioned this issue May 6, 2020
Merged
jvlcek added a commit to jvlcek/manageiq that referenced this issue May 6, 2020
@jvlcek
Move API OpenID-Connect support to Apache configuration
a6feb2c 
Fixes ManageIQ#19866
@jvlcek jvlcek mentioned this issue May 6, 2020
Merged
jvlcek added a commit to jvlcek/manageiq-appliance_console that referenced this issue May 8, 2020
@jvlcek
Add support for the oidc introspection endpoint
d95f0c9 
Fixes ManageIQ/manageiq#19866
@jvlcek jvlcek mentioned this issue May 8, 2020
Merged
@Fryguy Fryguy added this to the Jansa milestone May 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jvlcek jvlcek

Labels
core/authentication refactoring
Projects
None yet
Milestone
Jansa
5 participants
@Fryguy @bdunne @jvlcek @abellotti @miq-bot