Configurable/Pluggable OAuth for authentication #1723
Description
Describe the feature.
Is your feature related to a problem? Please describe.
The current version of Service Pulse requires users to standup a reverse proxy to front Service Pulse with an OAuth provider. While this solves the technical issue, it also creates a large amount of burden on the company implementing/installing Service Pulse. They now have to
- standup a reverse proxy in their environment
- acquire/train the expertise to configure it
- consider the security implications of having it in their networks
- determine how this impacts their networking architecture and schema
- and probably some other things in those realms.
As such, this option is costly and, therefore, unpalatable for organizations. That makes adopting Service Pulse an uphill battle for project teams when they could be spending their time delivering business functionality.=
Describe the requested feature
Add configuration points to Service Pulse such that a organization can add the necessary OAuth pointers into Service Pulse and see traffic to the website redirect to a provider for authentication (whatever that is configured to mean with that provider) and return to Service Pulse with a jwt token that is subsequently used to ensure the user trying to access pages within Service Pulse has been authenticated.
Since Service Pulse doesn't provide any level of granular authorizations within the website, the initial build out of this should simply provide a mechanism for redirecting to authenticate and verification of that token when accessing website resources. Subsequent implementation/updates could look at making more granular authorizations within the website.
Describe alternatives you've considered
The only other alternative is to use a reverse proxy solution which is both unpalatable and unattainable in some organizations.
Additional Context
No response