search

Netflix / asgard

[Asgard is deprecated at Netflix. We use Spinnaker ( www.spinnaker.io ).] Web interface for application deployments and cloud management in Amazon Web Services (AWS). Binary download: http://github.com/Netflix/asgard/releases
http://netflix.github.com/asgard
Apache License 2.0
2.24k stars 403 forks source link

Configuring Authentication and Authorization is Not Obvious #638

Open grahamc opened 9 years ago

grahamc commented 9 years ago

The current documentation makes it pretty difficult to understand and follow how to use the OneLogin SAML authentication provider. After a few hours of debugging and digging I discovered you need to specify authorizationProviders in order for any pages to be made private.

NOTE: The current AuthorizationProviders only require auth for browser requests, so scripts using the API may not require authorization. YMMV, be careful.

This is the configuration I ended up with which successfully uses OneLogin's SAML authentication mechanism:

grails {
        awsAccounts=['YOURACCTNUMBER']
        awsAccountNames=['YOURACCTNUMBER':'accountnickname']
}

plugin {
        authenticationProvider='oneLoginAuthenticationProvider'
        authorizationProviders=['restrictBrowserAuthorizationProvider','restrictEditAuthorizationProvider']
}

secret {
        accessId='YOURACCESSID'
        secretKey='YOURSECRETKEY'
}

security {
        onelogin {
                url='https://app.onelogin.com/trust/saml2/http-post/sso/...'
                logoutUrl='https://app.onelogin.com/logout'
                certificate = 'certificate-base64-encoded'
        }
}

cloud {
        envStyle='prod'
        accountName='accountnickname'
        publicResourceAccounts=['amazon']
}
thomastheakanath commented 9 years ago

Which are the other SAML AuthenticationProviders supported? Wonder if it is feasible to implement something internally using MS Active Directory.