thanks for your replybefore read the code to understand the logic of remote-user auth, here i have one question:if i hack to use the auth proxy, aka, remote-user, will the basic auth still applied? i mean if i hack to put my admin token in the remote-user, if the user's basic auth not applied, how can i know it's a valid user?Thanks & Best Regards!
| Nick Tan |
------------------------------------On Wed, Jun 19, 2013 at 9:32 PM, Clayton Coleman <ccoleman redhat com> wrote:
That's tunable to admins - can set an arbitrary expiration in OSE or origin
On Jun 19, 2013, at 8:35 AM, Andy Goldstein <agoldste redhat com> wrote:
> On Jun 19, 2013, at 4:36 AM, Brenton Leanhardt wrote:
>> +++ XuQing Tan [19/06/13 16:26 +0800]:
>>> hi, Krishna
>>> i'm working on a PoC to integrate openshift origin with our existing system
>>> (it's kind of a ticket system, that user can request to create app etc).
>>> as the system admin, now i want to programmatically create the app on
>>> openshift for the user.
>>> note that, as system admin, i don't have the user's credentials (they are
>>> in LDAP, i don't have access). but for now, i found that openshift rest API
>>> request the user's credentials to create the app.
>>> so, have can I use my system admin account, to create the app for that user?
>> I'm betting the proper way to do this would be to somehow generate an
>> authorization token that would give all you to create applications on
>> behalf of another user.
> Our tokens expire after 24 hours, right? That could be a bit of a wrinkle if you go that route… ?
>> A hackish way to do this is to use the remote-user authentication
>> plugin. All requests coming in to the SSL-termination proxy require
>> authentication. However if you have access to localhost:8080 on the
>> Broker machine you can set the REMOTE_USER header to whatever user you
>> wish. Then you could create applications using curl or anything that
>> can generate the appropriate request.
>>> Thanks & Best Regards!
>>> (. .)
>>> | Nick Tan |
>>> dev mailing list
>>> dev lists openshift redhat com
>> dev mailing list
>> dev lists openshift redhat com
> dev mailing list
> dev lists openshift redhat com
dev mailing list
dev lists openshift redhat com