search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Install Salt from the Salt package repositories here:
https://docs.saltproject.io/salt/install-guide/en/latest/
Apache License 2.0
14.2k stars 5.48k forks source link

Add oauth and SAML support to salt-api #22046

Open whiteinge opened 9 years ago

whiteinge commented 9 years ago

Single sign-on would be quite useful for salt-api and work well with salt-api's existing session token <-> salt token abstraction.

eliasp commented 8 years ago

:+1: OAuth2.0 support would be great!

DanyC97 commented 8 years ago

:+1:

punkdata commented 8 years ago

👍

guedressel commented 6 years ago

Let's bring this to 2018: username + password auth is hard/impossible to integrate in single-sign-on environments.

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

guedressel commented 5 years ago

Please keep this feature request open.

stale[bot] commented 5 years ago

Thank you for updating this issue. It is no longer marked as stale.

najamansari commented 5 years ago

I'm surprised there hasn't been any headway on this yet!

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

guedressel commented 4 years ago

:-(

stale[bot] commented 4 years ago

Thank you for updating this issue. It is no longer marked as stale.

absmith82 commented 3 years ago

I have no Idea how this would get implemented, but on the AWS CLI they have an SSO login that redirects you to a web browser and grabs the login tokens from there. Would this be possible to implement in something like salt-pepper, or at least an option to implement for someone building a custom webui via the salt-api? the original request was for this to work with the API not necessarily via the ssh cli and you can define what auth method you are using if you have more than one auth method configured in the system when logging in via the API and CLI.

Malte-Wagner commented 3 months ago

Hiho,

I cooked up a way to use OAUTH2 Proxy in front of rest_cherrypy. The credentials are handed to rest_cherrypy via HTTP headers. Please have a thorough look if this helps for your use cases.

Cheers