New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mgr/dashboard: SSO - SAML 2.0 support #24489

Merged
merged 1 commit into from Nov 9, 2018

Conversation

Projects
None yet
7 participants
@ricardoasmarques
Member

ricardoasmarques commented Oct 9, 2018

This PR adds support for SSO, based on SAML 2.0 protocol.

Ceph Dashboard will integrate with an existing Identity Provider (IdP) for user authenticatication.

User creation and role assignment should be managed in Ceph Dashbord.

For more information on how to configure SSO see dashboard.rst.

Fixes: https://tracker.ceph.com/issues/24268

Signed-off-by: Ricardo Dias rdias@suse.com
Signed-off-by: Ricardo Marques rimarques@suse.com

@ricardoasmarques ricardoasmarques requested review from rjfd and LenzGr Oct 9, 2018

@ricardoasmarques ricardoasmarques force-pushed the ricardoasmarques:wip-saml2 branch 8 times, most recently from f29ce3a to 79d3679 Oct 9, 2018

@callithea

This comment has been minimized.

@ricardoasmarques ricardoasmarques force-pushed the ricardoasmarques:wip-saml2 branch from 79d3679 to 65d610b Oct 12, 2018

@callithea

This comment has been minimized.

Member

callithea commented Oct 15, 2018

@ricardoasmarques ricardoasmarques force-pushed the ricardoasmarques:wip-saml2 branch from 65d610b to 7b311df Oct 15, 2018

@ricardoasmarques

This comment has been minimized.

Member

ricardoasmarques commented Oct 15, 2018

@callithea QA tests should be fixed now

@ricardoasmarques ricardoasmarques force-pushed the ricardoasmarques:wip-saml2 branch from 7b311df to 45a35c1 Oct 15, 2018

@callithea

This comment has been minimized.

Member

callithea commented Oct 16, 2018

jenkins test dashboard

@callithea

This comment has been minimized.

Member

callithea commented Oct 16, 2018

@callithea QA tests should be fixed now

Okay, thanks for letting me know. Will trigger a new QA run. :)

configureTestBed({
providers: [AuthService, AuthStorageService],
imports: [HttpClientTestingModule]
imports: [HttpClientTestingModule, [RouterTestingModule.withRoutes(routes)]]

This comment has been minimized.

@tspmelo

tspmelo Oct 16, 2018

Contributor

Please remove the extra [ ].

This comment has been minimized.

@ricardoasmarques

@ricardoasmarques ricardoasmarques force-pushed the ricardoasmarques:wip-saml2 branch 3 times, most recently from 003d64c to fd19d82 Oct 17, 2018

@ricardoasmarques ricardoasmarques force-pushed the ricardoasmarques:wip-saml2 branch from 7b9c231 to 335305c Oct 31, 2018

``$ pip3 install python3-saml``
Ceph Dashboard supports the `SAML 2.0 <https://en.wikipedia.org/wiki/SAML_2.0>`_
protocol to integrate with an existing Identity Provider (IdP).

This comment has been minimized.

@LenzGr

LenzGr Nov 2, 2018

Contributor

Reading this paragraph again, I wonder if it would make sense to emphasize that it's still required to create the user accounts locally and assign the appropriate roles to them? We should describe that the current SSO implementation is only used for authentication, while the authorization is still performed by the dashboard.

This comment has been minimized.

@LenzGr

LenzGr Nov 2, 2018

Contributor

Also, I think this paragraph should be moved on top of this section, before the note about the python-saml dependency. How about extending it as follows?

The Ceph Manager Dashboard supports external authentication of users via the
`SAML 2.0 <https://en.wikipedia.org/wiki/SAML_2.0>`_ protocol. You need to create
the user accounts and associate them with the desired roles first, as authorization
is still performed by the Dashboard. However, the authentication process can be
performed by an existing Identity Provider (IdP).

This comment has been minimized.

@ricardoasmarques

ricardoasmarques Nov 5, 2018

Member

@LenzGr I've applied your documentation improvement suggestion, much better now. Thanks.

@callithea

This comment has been minimized.

Member

callithea commented Nov 2, 2018

QA run was successful: http://pulpito.ceph.com/laura-2018-11-02_14:25:22-rados:mgr-wip-lpaduano-testing-sso-distro-basic-smithi/

But I guess we have to schedule another QA run after all requested changes have been addressed.

@ricardoasmarques ricardoasmarques force-pushed the ricardoasmarques:wip-saml2 branch from 335305c to a0cdc09 Nov 5, 2018

@LenzGr

This comment has been minimized.

Contributor

LenzGr commented Nov 5, 2018

jenkins render docs

@ceph-jenkins

This comment has been minimized.

Collaborator

ceph-jenkins commented Nov 5, 2018

Doc render available at http://docs.ceph.com/ceph-prs/24489/

@ricardoasmarques ricardoasmarques force-pushed the ricardoasmarques:wip-saml2 branch from a0cdc09 to a7822cf Nov 5, 2018

@LenzGr

This comment has been minimized.

Contributor

LenzGr commented Nov 5, 2018

jenkins render docs

@ceph-jenkins

This comment has been minimized.

Collaborator

ceph-jenkins commented Nov 5, 2018

Doc render available at http://docs.ceph.com/ceph-prs/24489/

@votdev

votdev approved these changes Nov 6, 2018

@ricardoasmarques ricardoasmarques force-pushed the ricardoasmarques:wip-saml2 branch from a7822cf to 0d22a8f Nov 6, 2018

@ricardoasmarques ricardoasmarques force-pushed the ricardoasmarques:wip-saml2 branch from 0d22a8f to 2940b82 Nov 8, 2018

mgr/dashboard: SAML 2.0 support
Fixes: https://tracker.ceph.com/issues/24268

Signed-off-by: Ricardo Dias <rdias@suse.com>
Signed-off-by: Ricardo Marques <rimarques@suse.com>

@ricardoasmarques ricardoasmarques force-pushed the ricardoasmarques:wip-saml2 branch from 2940b82 to 04f4d50 Nov 8, 2018

@LenzGr LenzGr merged commit 3ba8740 into ceph:master Nov 9, 2018

4 of 6 checks passed

ceph dashboard tests ceph dashboard tests failed
Details
make check (arm64) make check failed
Details
Docs: build check OK - docs built
Details
Signed-off-by all commits in this PR are signed
Details
Unmodified Submodules submodules for project are unmodified
Details
make check make check succeeded
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment