Support for REMOTE_USER as Authentication (RM #6657)

[dpage]

Issue migrated from Redmine: https://redmine.postgresql.org/issues/6657 Originally created by Tom Schreiber at 2021-08-03 10:05:25 UTC.

Hi,

it would be nice if authentication via the web server (REMOTE_USER) was possible as an additional method. We are using Shibboleth via Apache for Authentication, so the User is already authenticated.

I've writte a small authentication-plugin for myself to user the REMOTE_USER. You may be able to include this simple method as an alternate Authentication-Source. Beside this file, there are two addional changes to the source necessary:

• ./web/pgadmin/init.py : def before_request() --> same processing as "PGADMIN_EXTERNAL_AUTH_SOURCE == KERBEROS"
• ./web/pgadmin/utils/constants.py

I've also add an addional Config-Parameter: REMOTEUSER_MAIL_DOMAIN - if your "REMOTE_USER" is not an valid E-Mail, you can add this string (Default=Emtpy String)

Regards Tom

[dpage]

Attachment migrated from Redmine: https://redmine.postgresql.org/attachments/download/6013 Originally created by Tom Schreiber at 2021-08-03 10:05:09 UTC.

https://pgadmin-archive.postgresql.org/redmine/6657/6013-remoteuser.py

Description: ./web/pgadmin/authenticate/remoteuser.py

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-2 Originally created by Aditya Toshniwal at 2021-08-06 11:12:39 UTC.

Redmine ticket header update:

Name	Old Value	New Value
Sprint changed		EDB Sprint 98

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-3 Originally created by Akshay Joshi at 2021-08-23 13:49:32 UTC.

Redmine ticket header update:

Name	Old Value	New Value
Sprint changed	EDB Sprint 98	EDB Sprint 99
Assigned To changed		Khushboo Vashi

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-4 Originally created by Akshay Joshi at 2021-09-15 10:30:51 UTC.

Redmine ticket header update:

Name	Old Value	New Value
Assigned To changed	Khushboo Vashi

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-5 Originally created by Akshay Joshi at 2021-09-15 10:32:12 UTC.

Redmine ticket header update:

Name	Old Value	New Value
Sprint changed	EDB Sprint 99	EDB Sprint 100

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-6 Originally created by Steve Weber at 2021-09-22 19:24:48 UTC.

Please stop pushing the sprint for this issue. This is important because it opens up most of the HTTP Apache auth methods.

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-7 Originally created by Khushboo Vashi at 2021-09-24 09:32:21 UTC.

Redmine ticket header update:

Name	Old Value	New Value
Assigned To changed		Khushboo Vashi
Status changed	New	In Progress

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-8 Originally created by Akshay Joshi at 2021-09-29 10:31:25 UTC.

Redmine ticket header update:

Name	Old Value	New Value
Sprint changed	EDB Sprint 100	EDB Sprint 101

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-9 Originally created by Khushboo Vashi at 2021-10-12 09:33:52 UTC.

Applied in changeset commit:a726635290a91d26226a0b912806c7767a7db56b.

Redmine ticket header update:

Name	Old Value	New Value
Done Ratio changed	0	90
Status changed	In Progress	In Testing

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-10 Originally created by Akshay Joshi at 2021-10-12 09:36:09 UTC.

Redmine ticket header update:

Name	Old Value	New Value
Fixed Version changed		6.1

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-11 Originally created by Akshay Joshi at 2021-10-13 10:31:18 UTC.

Redmine ticket header update:

Name	Old Value	New Value
Sprint changed	EDB Sprint 101	EDB Sprint 102

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-12 Originally created by Tom Schreiber at 2021-10-13 10:49:24 UTC.

Hi,

my initial patch casues problems for users who store their passwords in pgadmin4. It was necessary to store a key for the password, I've done this in the login-procedure (current_app.keyManager.set)

I used an additional config variable here because I don't really have a secret for encryption. But I am not sure if this is a good idea or if there are other better possibilities.

 def login(self, form):
        username = request.environ.get('REMOTE_USER') + config.REMOTEUSER_MAIL_DOMAIN
        user, msg = self.__auto_create_user(username)
        if user:
            user = User.query.filter_by(username=username).first()
            login_result = login_user(user)
            if login_result:
                current_app.keyManager.set(username + config.SECURITY_PASSWORD_SALT)
            return login_result, None
        return False, msg

Regards Tom

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-13 Originally created by Yogesh Mahajan at 2021-10-18 13:22:31 UTC.

Redmine ticket header update:

Name	Old Value	New Value
Assigned To changed	Khushboo Vashi	Yogesh Mahajan

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-14 Originally created by Yogesh Mahajan at 2021-10-18 13:24:37 UTC.

Redmine ticket header update:

Name	Old Value	New Value
Relationship (relates) changed		RM #6928

[dpage]

Comment migrated from Redmine: https://redmine.postgresql.org/issues/6657#note-15 Originally created by Yogesh Mahajan at 2021-10-20 05:37:14 UTC.

This is working fine. Verified with apache basic auth

Redmine ticket header update:

Name	Old Value	New Value
Status changed	In Testing	Resolved

[dpage]

Issue closed on Redmine.