mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2025-12-26 15:50:47 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
replaceCIImages
opencloud/services/auth-basic/README.md
André Duffeck c982a81135 Rebrand auth-{basic,bearer,machine,service}
2025-01-16 13:56:16 +01:00

34 lines
2.0 KiB
Markdown
Raw Permalink Blame History

# Auth-Basic
The OpenCloud Auth Basic service provides basic authentication for those clients who cannot handle OpenID Connect. This should only be enabled for tests and development.
The `auth-basic` service is responsible for validating authentication of incoming requests. To do so, it will use the configured `auth manager`, see the `Auth Managers` section. Only HTTP basic auth requests to OpenCloud will involve the `auth-basic` service.
To enable `auth-basic`, you first must set `PROXY_ENABLE_BASIC_AUTH` to `true`.
## The `auth` Service Family
OpenCloud uses serveral authentication services for different use cases. All services that start with `auth-` are part of the authentication service family. Each member authenticates requests with different scopes. As of now, these services exist:
- `auth-app` handles authentication of external 3rd party apps
- `auth-basic` handles basic authentication
- `auth-bearer` handles oidc authentication
- `auth-machine` handles interservice authentication when a user is impersonated
- `auth-service` handles interservice authentication when using service accounts
## Auth Managers
Since the `auth-basic` service does not do any validation itself, it needs to be configured with an authentication manager. One can use the `AUTH_BASIC_AUTH_MANAGER` environment variable to configure this. Currently only one auth manager is supported: `"ldap"`
### LDAP Auth Manager
Setting `AUTH_BASIC_AUTH_MANAGER` to `"ldap"` will configure the `auth-basic` service to use LDAP as auth manager. This is the recommended option for running in a production and testing environment. More details on how to configure LDAP with OpenCloud can be found in the admin docs.
### Other Auth Managers
OpenCloud currently supports no other auth manager
## Scalability
When using `"ldap"` as auth manager, there is no persistance as requests will just be forwarded to the LDAP server. Therefore, multiple instances of the `auth-basic` service can be started without further configuration. Be aware, that other auth managers might not allow that.
Reference in New Issue View Git Blame Copy Permalink