Implement proxy authentication for the configuration server

[mariusoe]

For easier usage of the configuration server's web-UI, the configuration server should be able to support a proxy authentication.

If the config server is used behind a reverse proxy, which is able to authenticate the current user, it should be possible to pass this information to the configuration server. The config server should be able to login a user which is specified in a specific header field, set by the reverse proxy.

This function should be similar to the "Auth Proxy" function of Grafana. See: https://grafana.com/docs/grafana/latest/auth/auth-proxy/

[ivansenic]

So there's already support for this in SpringBoot, by using the properly configured RequestHeaderAuthenticationFilter.

Quite an advance example: https://insource.io/blog/articles/stateless-api-security-with-spring-boot-part-2.html

[unc1]

Is there role based access so you would be able to have normal end users and then admins? Thanks.

T

[JonasKunz]

Hi @unc1 ,

This issue has nothing todo with authorization. The configuration server already supports role-based access control, but only if you use LDAP for authentication: https://inspectit.github.io/inspectit-ocelot/docs/config-server/user-authentication#authorization