You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Enhance Mothership to support passthru authentication and authorization from upstream providers, such as Google Cloud Platform’s Identity-Aware Proxy (IAP).
Description
Currently, Mothership handles its own authentication and authorization mechanisms. This feature request proposes adding the capability for Mothership to delegate authentication and authorization to upstream providers. For instance, integrating with GCP’s IAP would allow Mothership to leverage existing authentication mechanisms and user roles defined in GCP, thereby simplifying user management and enhancing security compliance.
Use Cases
Unified Authentication: Users can authenticate using their existing GCP credentials, avoiding the need to manage multiple sets of credentials.
Centralized User Management: User roles and permissions can be managed centrally within the upstream provider, ensuring consistent access control policies across different services.
Enhanced Security: By delegating authentication to a provider like GCP’s IAP, Mothership can take advantage of advanced security features offered by the provider.
Implementation Details
Integration with Upstream Providers:
Provide configuration options to enable passthru authentication from supported providers.
Implement OAuth/OpenID Connect protocols to handle the authentication flow.
Session Management:
Maintain user sessions based on the tokens received from the upstream provider.
Implement token refresh mechanisms to ensure continuous access.
Authorization Handling:
Extract user roles and permissions from the upstream provider and apply them within Mothership.
Ensure that fine-grained access control is maintained according to the upstream provider’s definitions.
Benefits
Simplifies User Onboarding: Streamlines the process of onboarding users by leveraging existing authentication systems.
Reduces Maintenance Overhead: Decreases the need to handle user authentication and authorization within Mothership.
Improves Security Posture: Enhances overall security by utilizing robust authentication mechanisms from well-established providers.
Dependencies
Dependency on OAuth/OpenID Connect libraries for implementing authentication flows.
Configuration adjustments to allow administrators to specify upstream provider details.
By implementing this feature, Mothership will become more flexible and secure by allowing passthru authentication/authorization from trusted upstream providers like GCP’s IAP.
The text was updated successfully, but these errors were encountered:
Summary
Enhance Mothership to support passthru authentication and authorization from upstream providers, such as Google Cloud Platform’s Identity-Aware Proxy (IAP).
Description
Currently, Mothership handles its own authentication and authorization mechanisms. This feature request proposes adding the capability for Mothership to delegate authentication and authorization to upstream providers. For instance, integrating with GCP’s IAP would allow Mothership to leverage existing authentication mechanisms and user roles defined in GCP, thereby simplifying user management and enhancing security compliance.
Use Cases
Implementation Details
Integration with Upstream Providers:
Session Management:
Authorization Handling:
Benefits
Dependencies
By implementing this feature, Mothership will become more flexible and secure by allowing passthru authentication/authorization from trusted upstream providers like GCP’s IAP.
The text was updated successfully, but these errors were encountered: