[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

OpenShift Authentication alternative options?



Hi all,

I've been experimenting options to integrate openshift authentication
with other alternatives, plus add another option that pesky no logout
button that seems to be asked a lot.

I've so far found two methods, which 'should' work in theory. I
haven't tested it on an openshift install yet.. So let me throw some
ideas in the pit

- Using mod_authnz_external, it's possible to query a php/perl/python
file for a simple exit (0) or exit (1). The script could query a
remote API or database, easy enough and works well. I've used this for
MySQL queries before, redmine, etc. It works, but sometimes has some
weird selinux issues depending on the backend. For most cases with
querying a PHP file, it works great!

- Using httpd24, mod_auth_form is an option. Pretty much, it allows
you to create a full style'd HTML form which can do a POST for
user/password. The way I could see this working, is creating a
dedicated 'authserver' which would accept these auths and then reverse
proxy that over the openshift broker. Short of, modifying all of the
config to work with httpd24.

Both seem to support a 'logout derivative' ie,
http://httpd.apache.org/docs/current/mod/mod_auth_form.html#authformlogoutlocation

If I understand correctly, as openshift origin relies on httpd to do
auth. We don't have to create users? Previously when using kerberos, I
never had to register user accounts. I assume that would be the same
for these methods.

Alternatively, any hints on how the production deployments like
getupcloud and rh's openshift doing it?

Thanks,
Andrew


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]