RFE: Configure SAML with Metadata Upload

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.

Other

14.11k stars 3.43k forks source link

RFE: Configure SAML with Metadata Upload #2047

Open jamesmarshall24 opened 6 years ago

jamesmarshall24 commented 6 years ago

ISSUE TYPE

Feature Idea

COMPONENT NAME

SUMMARY

Ability to upload IdP metadata and auto-configure SAML providers through the UI/API rather than manual JSON input.

ENVIRONMENT

AWX version: latest

wenottingham commented 6 years ago

The IdP metadata does not contain all information used to configure SAML. It could potentially be used for some of it.

This is dependent on https://github.com/ansible/awx/issues/342

one-t commented 6 years ago

Rather than uploading the data, being able to define the metadata endpoint of the IdP would be a more scalable solution since it would allow for dynamically refreshing the certificate when it changes.

wenottingham commented 6 years ago

... I wonder how that would work in a multi-container/server environment, given that that would be done on the backend. You obviously don't want all nodes doing it.

one-t commented 6 years ago

I was thinking it could probably be handled similarly to the way we do cache timeouts- if a user tries to log in and the metadata timeout has expired, fetch metadata first and update configuration.