birm
commented
3 years ago Hello and thanks for reaching out, @isaackcr
You may have noticed an environment variable called JWK_URL (https://github.com/camicroscope/Distro/blob/4fc6d406de53b98f245e8d6c6aecd9dfd0a0dded/caMicroscope.yml#L36) This is a json web key url. It is used to verify identity tokens, and can be replaced with another jwk url to match your deployment. The only other requirement for identity tokens, currently, is that some email/username/user id is in the email or sub field of the identity jwt.
Regarding the use of a JWK url instead of some other format, that's primarily because we haven't had to use anything else. If you would like us to support other methods of JWT verification, please let us know and we'll at least try to add it in.
Finally, for completeness, we also have a self-contained identity and access management system called pathdb. As far as I'm aware, it's reasonably-easily customized, but I'll have to defer to @ebremer for more on this.
We would like to setup a network-isolated instance of caMicroscope, including Auth/Access Control against our own internal directory. Do you have any examples of how to setup Identity Management with anything other than Google Login?
Some examples might be: Active Directory/JWT Tomcat/JWT OpenLDAP/JWT
Thank you.