Open shvepsy opened 3 years ago
@shvepsy Currently OIDC sits at the same level as DB/LDAP as an auth method.
If we need to support multiple auth mode, we'll have to introduce a concept like auth domain
so each user get to choose the domain when he logs in.
Introducing the domain
concept requires a few decisions being made, for example:
1) We also need to consider how to reflect the domain in username in CLI case. 2) A further issue is whether a project should belong to a domain. Can we add different users from different domains into the project as members. etc,etc...
Give Harbor's focus being artifact management, we wanna refrain from adding too much complexity in ID management area until we really have to.
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
According the documentation we can't create a local user while the Auth mod is switched to OIDC - https://goharbor.io/docs/1.10/administration/configure-authentication/oidc-auth/
It's the final architecture decision or could be changed soon? Or may any possibility to use a both types at the same time? Thanks