Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificate Authentication #26153

Open
cwchristerw opened this issue Jul 26, 2023 · 3 comments
Open

Certificate Authentication #26153

cwchristerw opened this issue Jul 26, 2023 · 3 comments
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.

Comments

@cwchristerw
Copy link

cwchristerw commented Jul 26, 2023
edited
Loading

Feature Description

I think it would be great if Gitea had a feature to login with certificates.

I would use like this:

  1. Issue device identity (x509) certificates to every server with Hashicorp Vault.
  2. I would automatically login/register in to Gitea with device identity certificate using Ansible.
  3. Adding device identity (ssh) to that specific account to use it with git command.

Important

  • Auto create account during first login.
  • Multiple x509 certificate authentication sources.
  • Allow using API with x509 certificate.
  • Use common name as username
  • No email address
  • User visibility to private as default

Screenshots

No response
@cwchristerw cwchristerw added the type/proposal The new feature has not been accepted yet but needs to be discussed first. label Jul 26, 2023
@cwchristerw
Copy link
Author

In addition it would need to support using request header as client cert from reverse proxy. Similar to hashicorp/vault#17272

@cwchristerw
Copy link
Author

cwchristerw commented Feb 7, 2024
edited
Loading

It would be nice also to be able to login with TLS certificate when using https and git protocol.

@techknowlogick
Copy link
Member

somewhat related: Gitea has support for SSH certificates, and I use vault to manage the certificates to clone and push. I have seen others use a reverse proxy for the behaviour you are looking for in this ticket if you want to achieve this right now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@techknowlogick @cwchristerw