-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add secondary OIDC provider capability #743
Conversation
Add ability to define more than one OIDC provider in AM. Specific providers can be chosen using HTTP query params passed to the server when authenticating.
Add a new setting to control whether local AMSS authentication is available when OIDC authentication is in use. If local AM authentication is disabled, then users will only be able to authenticate via the OIDC provider. If the new setting is not configured, local AM authentication is available.
2e9c78a
to
e08928e
Compare
If the OIDC_ALLOW_LOCAL_AUTHENTICATION setting denies local authentication, users should not be able to authenticate even if they access the local login form directly.
24eed2e
to
f5365ab
Compare
f5365ab
to
1735764
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great @replaceafill! 👍
Curious why you chose to hard code LOGIN_URL = "/oidc/authenticate/"
?
@sbreker sorry I forgot to include the explanation in the commit. During manual testing I noticed the See
oidc_authentication_init pattern is converted into a string and the middleware redirects you to an nonexistent /oidc_authentication_init URL instead.
The Dashboard doesn't have this problem, but I decided to keep the values consistent for now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you so much for your hard work @sbreker! 🎉
Add ability to define more than one OIDC provider in AM. Specific providers can be chosen using HTTP query params passed to the server when authenticating.