warp-tech / warpgate

Smart SSH, HTTPS and MySQL bastion that requires no additional client-side software
Apache License 2.0
3.94k stars 122 forks source link

Auto-create users when using SSO Login #952

Open M0ustach3 opened 9 months ago

M0ustach3 commented 9 months ago

Hi,

I wonder If It would be possible to auto-create users when they first login via an SSO provider ? I'm currently using a custom one, but it should not matter much.

This would allow dynamic user creation, thus avoiding manual account creation and manual linking to SSO email.

What do you guys think ?

Cheers

budachst commented 8 months ago

Nice feature, but you'd still have to fetch the SSH keys for that account as well. SSHPortal, which we used before, utilized a kind of "invitation" scheme for that. It would send a mail message to the new user and provide a special SSH user token. Once the new account connected via SSH to the portal, the public ssh key would be stored for that user account.

M0ustach3 commented 7 months ago

Hi,

Apologies for the late answer, been busy lately.

The idea I had in mind was to leverage Warpgate's ability to NOT require additional client-side software to generate dynamically an SSH certificate if the SSO request was granted. (I'm using Vault to generate SSH certificates) That way, there would be no need to store public keys anywhere, as the certificate would be injected into the backend SSH connection.

This would enable the dynamic creation of short-lived SSH certificates, thus greatly enhancing security in a corporate-wide context.

Cheers,

badsmoke commented 2 months ago

I also find the automatic creation of users via SSO very practical

johannwagner commented 1 month ago

I put together a working commit over at https://github.com/wobcom/warpgate/commit/15956425ff9fdcde80fa7e2a8e9202124ff0655d and I am planning on upstreaming this feature.