openanalytics / containerproxy

Manage HTTP proxy routes into Docker containers
Apache License 2.0
45 stars 66 forks source link

Support for Linux PAM authenication and authorization using Linux group memberships #58

Open ipimpat opened 3 years ago

ipimpat commented 3 years ago

It would be super awesome if ShinyProxy could support user authentication and authorization using native authentication mechanisms on Linux, just like the Shiny Server Pro version.

These days it's very easy to configure Linux systems to use remote identify services like FreeIPA, LDAP or Active Directory using the SSSD and/or Samba packages.

ShinyProxy could benefit from this because it would be very easy for ShinyProxy administrators to configure and it would provide a great alternative to the more advanced ShinyProxy authentication backends but be just as powerful

Inspirational links:

https://sssd.io/ https://www.adelton.com/apache/mod_authnz_pam/ https://www.adelton.com/apache/mod_lookup_identity/ https://ubuntu.com/engage/microsoft-active-directory https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/sssd

LEDfan commented 3 years ago

Hi @ipimpat

Unfortunately this is currently not supported and we don't have this feature on our roadmap. Note that ShinyProxy can authenticate using OpenID and SAML, maybe there is some application/service that can bridge SSSD to OpenID? In that case you connect ShinyProxy using OpenID to that extra service.

dtufood-kihen commented 3 years ago

Hi @LEDfan

Thx for your reply and suggestions.

I hope you guys will add PAM to the roadmap, because it is so much easier to deal with than the current supported.

Danoontjes commented 2 years ago

+1 for this.