Open M0ustach3 opened 9 months ago
Nice feature, but you'd still have to fetch the SSH keys for that account as well. SSHPortal, which we used before, utilized a kind of "invitation" scheme for that. It would send a mail message to the new user and provide a special SSH user token. Once the new account connected via SSH to the portal, the public ssh key would be stored for that user account.
Hi,
Apologies for the late answer, been busy lately.
The idea I had in mind was to leverage Warpgate's ability to NOT require additional client-side software to generate dynamically an SSH certificate if the SSO request was granted. (I'm using Vault to generate SSH certificates) That way, there would be no need to store public keys anywhere, as the certificate would be injected into the backend SSH connection.
This would enable the dynamic creation of short-lived SSH certificates, thus greatly enhancing security in a corporate-wide context.
Cheers,
I also find the automatic creation of users via SSO very practical
I put together a working commit over at https://github.com/wobcom/warpgate/commit/15956425ff9fdcde80fa7e2a8e9202124ff0655d and I am planning on upstreaming this feature.
Hi,
I wonder If It would be possible to auto-create users when they first login via an SSO provider ? I'm currently using a custom one, but it should not matter much.
This would allow dynamic user creation, thus avoiding manual account creation and manual linking to SSO email.
What do you guys think ?
Cheers