Limit availabilty of all MyUSA deployments to Federal staff

18F / myusa

MyUSA was a single sign-on project for government, now deprecated. (More info: https://18f.gsa.gov/2015/05/18/myusa/)

Other

42 stars 8 forks source link

Limit availabilty of all MyUSA deployments to Federal staff #704

Open yozlet opened 9 years ago

yozlet commented 9 years ago

As @NoahKunin has pointed out, no MyUSA deployment should be publicly accessible until ATO is given. So we need to limit availability of production, staging and any other deployments to Federal agency staff, authenticating with IP whitelist and HTTP auth.

Is there an easy Cloud Foundry way of doing this? If not, we can put a before_filter on the ApplicationController.

esgoodman commented 9 years ago

Please remember to throw a good error message for the (admittedly, now infrequent) case of an integrator with users who are not federal employees!