Authentication

OBS uses several strategies to authenticate incoming users:

Basic Authentication
What we call Proxy Mode/Access Manager
Kerberos
LDAP
Local database

Basic Authentication

https://en.wikipedia.org/wiki/Basic_access_authentication

It's found here

Proxy Mode/Access Manager

Its what we have on our reference server.

It works like this:

We have an Auth Proxy sitting in front of the application. So every single requests hits the proxy first.
The Auth Proxy (configured here) with the help of IDP will work out if the user is authenticated or not.
If the IDP finds the user logged in, it will add a header into the request with the user login and redirect the browser to the application.
If the IDP didn't find the user logged in, it will redirect the browser to the IDP login page.

Pasted image 20230601155719

We use it like this

Kerberos

https://en.wikipedia.org/wiki/Kerberos_(protocol)

We use it like this

LDAP

https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol

We use it like this

Future plans

We would like to replace our custom code with something else, probably with the OmniAuth gem, which supports almost all authentications strategies listed here and would support modern authentication strategies like OAuth2, SAML, etc.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Authentication

Basic Authentication

Proxy Mode/Access Manager

Kerberos

LDAP

Future plans

Development

Subsystems

Better SCM/CI Integration

HOWTOs

Software Design Patterns

Operations

Releases

Clone this wiki locally