Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #23919: One note section is not rendered in auth-backend plugin #621

Merged
merged 1 commit into from
Dec 15, 2023
Merged

Fixes #23919: One note section is not rendered in auth-backend plugin #621

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
21 changes: 11 additions & 10 deletions auth-backends/README.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ other general information.

= Authentication backends

This plugins allows to use alternative authentication backends for Rudder: *OAuth 2.0*, *OpenID Connect*, and *LDAP or Active Directory (AD)*.
This plugin allows using alternative authentication backends for Rudder: *OAuth 2.0*, *OpenID Connect*, and *LDAP or Active Directory (AD)*.
The old *radius module is deprecated* and will be totally removed in a future version.

Each authentication method is detailed below. Users are expected to know how an authentication system works independently of Rudder to configure it in Rudder: you will likely need authentication token, URLs, and other properties provided by your company.
Expand Down Expand Up @@ -40,7 +40,7 @@ Rudder try to give you helpful information for that task:

== Centralized user authorization management with OIDC

In addition to alternative authentication provider, the OIDC backends allow to provide Rudder roles through the OIDC token so that you can control your Rudder user authorisation directly from your identity provider.
In addition to alternative authentication provider, the OIDC backends allow providing Rudder roles through the OIDC token so that you can control your Rudder user authorisation directly from your identity provider.
See OIDC chapter below for more information.

== Configure login form rendering
Expand All @@ -55,7 +55,7 @@ Possible values are:

* `show` [default]: show Rudder login form as usual
* `hide`: hide the login form below a toggle button. This is a good option if you want to let your user only see SSO links by default, but still have access to the login form for special cases (like, typically, for emergency admin access when the SSO or network to it is down)
* `remove`: completly remove Rudder login form.
* `remove`: completely remove Rudder login form.

For example, with an OpenID Connect service configured and the `hide` value chosen, your login form will be updated to look like:

Expand Down Expand Up @@ -96,7 +96,7 @@ systemctl restart rudder-jetty
When set to external provider like 'ldap', passwords in rudder-users.xml are ignored and the
authentication is delegated to the LDAP or radius server configured.

By convention, when LDAP authentication is enable, 'password' field in
By convention, when LDAP authentication is enabled, 'password' field in
`rudder-users.xml` are set to 'LDAP'.


Expand Down Expand Up @@ -444,10 +444,11 @@ These protocols delegate the actual authentication to an identity provider (IdP)

Rudder support plain old `OAUTHv2` and `OpentID Connect`. They have several normalized scenario and Rudder supports the most common for a web application server side authentication: https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth[Authentication using Authorization Code Flow].

[notice]
[NOTE]

====

We advise to use OIDC over OAuth 2.0 if possible.
We advise using OIDC over OAuth 2.0 if possible.

====

Expand Down Expand Up @@ -605,8 +606,8 @@ You can use the log level for `auth-backends` in `/opt/rudder/etc/logback.xml`:

==== Common Oauth2/OIDC error cases

It can be a bit challenging to understand what is not correct in a Oauth2 or OIDC configuration.
Here are some guide lines to help address possible configuration problems.
It can be a bit challenging to understand what is not correct in an Oauth2 or OIDC configuration.
Here are some guidelines to help address possible configuration problems.

*I don't see the list of Identity Provider in login form*

Expand All @@ -633,7 +634,7 @@ set for property `rudder.auth.oauth2.provider.${registrationKey}.client.id`

*After login on Identity Provider, I get a "login error" message in Rudder login page*

This can have several cause and we will need to analyse Rudder log to understand what happened.
This can have several cause, and we will need to analyse Rudder log to understand what happened.

**Bad token URL**

Expand Down Expand Up @@ -731,7 +732,7 @@ authentication backend.
For convenience, the part under "---- add in rudder-web.properties----" can
be directly added in your `/opt/rudder/etc/rudder-web.properties` file.

Note that key `rudder.auth.provider` is likelly to already exists. In
Note that key `rudder.auth.provider` is likely to already exists. In
that case, just update it with the sequence of authentication backend
you want to try.

Expand Down