Closed jjaraalm closed 4 years ago
Thanks @jjaraalm! This was working for me with AD. I made one change: https://github.com/HDFGroup/hsds/commit/6ad25d31b94375bc371105820528d8eb4074f969 since sometimes the config get evaluates to empty string vs None.
Adds support for authenticating against Google OpenID and potentially other providers. Client support is in https://github.com/HDFGroup/h5pyd/pull/81.
Azure tests should be repeated (I do not have Azure access) and docs need to be updated still.
New settings
openid_provider
- provider to use for OpenID authentication. Valid values areazure
(default) andgoogle
.openid_audience
- The intended audience of the OpenID token. If not set, falls back on theazure_resource_id
variable. For Google, this should be theclient_id
.openid_claims
- List of claims to use when resolving usernames from OpenID token in order of priority. The default is the previously hardcoded Azure settingunique_name,appid
. Neither of these are defined by Google.sub
would be valid for all OpenID configurations, but is opaque and not helpful for setting ACLs.