Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-16694

Determine whether and how to use OAuth2 proxy

    Details

    • Type: Story
    • Status: Done
    • Resolution: Done
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Templates:
    • Sprint:
      Arch 2018-12-03, Arch 2018-12-10, Arch 2019-01-07
    • Team:
      Architecture

      Description

      Should/can we use an off-the-shelf OAuth2 proxy along with Kubernetes ingress to handle the OAuth2 OpenID Connect process for all LSP services, passing the resulting token through? If so, how should it be configured?

      Concretely, the OAuth2 proxy would listen to all LSP endpoints; detect whether an OAuth2 (OpenID Connect) authentication token is present; (reverse) proxy to the appropriate upstream service if so; and conduct the OAuth2 token acquisition process with CILogon, including providing a callback URL, if not. The upstream connection should pass the token along so that authorization can be performed.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bvan Brian Van Klaveren
                Reporter:
                ktl Kian-Tat Lim
                Watchers:
                Brian Van Klaveren, Christopher Clausen, Gregory Dubois-Felsmann, Kian-Tat Lim
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved:

                  Summary Panel