Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for OIDC based SSO #6966

Closed
wants to merge 5 commits into from
Closed

Add support for OIDC based SSO #6966

wants to merge 5 commits into from

Conversation

ktbartholomew
Copy link

This addresses #6616.

  • Adds configuration fields for OIDC provider URL, client ID, and client secret
  • Adds core API endpoints to facilitate an access token OAuth flow with an OIDC-compliant provider (like Dex, see Dex for authentication #5358)
  • Creates user (in database) from OIDC claims if not present, or authenticates as that user if present.

Feedback welcome, as I'm sure there will be lots of opinions from more experienced contributors about things that I haven't done correctly 😄

Keith Bartholomew added 3 commits February 19, 2019 17:28
rough pass at OIDC functionality
f12e66d 
Signed-off-by: Keith Bartholomew <keith.bartholomew@rackspace.com>
add admin config fields for OIDC settings
507885d 
Signed-off-by: Keith Bartholomew <keith.bartholomew@rackspace.com>
clean up debug noise
f6925e0 
Signed-off-by: Keith Bartholomew <keith.bartholomew@rackspace.com>
Keith Bartholomew added 2 commits February 19, 2019 17:53
update configmgr calls
daa555f 
Signed-off-by: Keith Bartholomew <keith.bartholomew@rackspace.com>
add comments for exported methods
fc26f6b 
Signed-off-by: Keith Bartholomew <keith.bartholomew@rackspace.com>
@steven-zou
Copy link
Contributor

steven-zou commented Feb 21, 2019
edited
Loading

@ktbartholomew

Thanks a lot for submitting PR to cover the fantastic OIDC supporting which the whole community is looking forward to. However, based on the Harbor governance model, the changes should be summarized as a proposal and submitted to the community for a widely discussed before raising code PRs. Only the proposal is accepted after review and voting by maintainers, the related code changes (PRs) can be accepted.

Is it ok to draft a proposalto describe your main ideas and let the community have a review? @ktbartholomew

Moreover, a suggestion, many other community users have interested in this feature, maybe you can have a try to contact them to set up an OIDC workgroup to discuss and deliver the feature together? @ktbartholomew

@reasonerjt
Copy link
Contributor

@ktbartholomew
Thanks for the valuable work!
Actually we do plan to provide oidc support in 1.8.0 timeframe (Before end of April).
The proposal was delayed and planned to be submitted by the end of Feb, if you are interested we can work together to define the scenarios in the proposal and implement the feature.

@ktbartholomew
Copy link
Author

@steven-zou It looks like a proposal had been made, but a revised draft is being worked on privately (see goharbor/community#17 (comment)). I'm happy to review and contribute to the proposal, but want to make sure I'm helping in the right place.

@reasonerjt
Copy link
Contributor

@ktbartholomew
Do you have a preferred way to more interactive communication in addition to this PR? Email? Slack(cloud-native.slack.com)?

@ktbartholomew
Copy link
Author

@ktbartholomew
Do you have a preferred way to more interactive communication in addition to this PR? Email? Slack(cloud-native.slack.com)?

Slack is good, didn't know you had a workspace. Joining now!

@reasonerjt reasonerjt closed this Apr 22, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ktbartholomew @steven-zou @reasonerjt