search

defenseunicorns / uds-core

A FOSS secure runtime platform for mission-critical capabilities
https://uds.defenseunicorns.com
GNU Affero General Public License v3.0
50 stars 21 forks source link

Enable ability to add group auth to Grafana and NeuVector keycloak clients #883

Open brianrexrode opened 1 month ago

brianrexrode commented 1 month ago

Is your feature request related to a problem? Please describe.

I'd the ability to capture authentication failures in a centralized location i.e. Keycloak (IdP). This will allow for me to provide accurate and consistent authentication logs.

Currently, Grafana and NeuVector keycloak clients do not provide group auth, therefore any authentication failures are captured in their respective logs and may not provide the same verbosity or error handling as the Keycloak logging.

Describe the solution you'd like

Describe alternatives you've considered

(optional) A clear and concise description of any alternative solutions or features you've considered.

Additional context

Add any other context or screenshots about the feature request here.

mjnagel commented 1 month ago

On the core side the main changes we would want to make to support this would be adding the groups section to the SSO spec for NeuVector and Grafana (ref docs). We may want to make this configurable in case someone overrides the allowed groups, as well as updating the docs to indicate the configuration if we do expose it.