hansva
commented
11 months ago Hop Web uses tomcat so you should be able to leverage all available tomcat options to limit access to the application.
Open dbron0000 opened 11 months ago
hansva
commented
11 months ago Hop Web uses tomcat so you should be able to leverage all available tomcat options to limit access to the application.
dbron0000
commented
11 months ago Thanks for taking a look Hans. Maybe this is better described as a documentation request or a how to. The basic auth howto provided by hiromuhota for PDI was an easy to follow implementation and discussed some of the challenges with file system permissions. We're working with Okta and I've spent some time evaluating the effort and haven't made great progress (I'm not a Java Dev primarily).
I saw that the Spring framework is well supported for MFA's such as OKTA. Maybe there's an opportunity to provide more direction for what would be a more common task for enterprise adoptions.
hansva
commented
11 months ago We have posted a guide to add authentication to Hop Web here, it also points to the tomcat documentation on how to add other realms.
As far as I can see some extra development would be needed to support OKTA, as it is not part of the default realms supported by tomcat. Unfortunately from a community perspective we do not have access to OKTA making it hard for us to build and test such an implementation.
dbron0000
commented
11 months ago Thanks for the additional resources. I have enabled basic auth (using the guide you mentioned) and it works great.
Maybe a better starting point would be something like Google Auth.
What would you like to happen?
For Hop Web - our team would like to use Hop Web but need to be able to use MFA as a minimum for sufficient platform security. It would be helpful to have configuration options to enable common MFA tools that allow secure logins using these tools.
Issue Priority
Priority: 3
Issue Component
Component: Hop Web