-
-
Notifications
You must be signed in to change notification settings - Fork 265
Authentication
Authentication can be enabled in Script server via configuration (see auth configuration). At the moment the following auth providers are supported:
When authentication is enabled, users are required to login, before accessing script-server.
Security note: script-server does not and will not store any user credentials/tokens locally. However, some identification data is stored on users PC in encrypted form. Encryption key is available on server side only. Passwords or any securiry tokens are not stored anywhere.
If authentication is not enabled, please refer to No Auth section
Script server can authenticate users against your LDAP server. Users would be prompted for username and login. These credentials are used to check if the user have access to the LDAP server and discarded. User login will stay valid in script-server for 1 month (even if he looses access to the LDAP server).
username_pattern
Groups
Script server can fetch user groups from LDAP. These groups can be later used by Authorization.
Groups loading is performed only during user login. After that they will stay cached and unchanged. So, if user needs to update his groups in Script server, he has to relogin.
In order to load user groups base_dn property should be defined in the configuration. Groups are always searched under the Base DN.
base_dn can be automatically resolved for the following username_pattern:
- uid=$username,ou=people,dc=domain1,dc=domain2,dc=domainN
base_dn= "dc=domain1,dc=domain2,dc=domainN" - username@domain1.domain2.domainN
base_dn= "dc=domain1,dc=domain2,dc=domainN"
To be continued...
To be done...
To be done...