Page MenuHomePhabricator

orchestrator: Support SSO
Open, MediumPublic


Orchestrator supports auth via forwarded headers ( Ideally we can put it behind idp/cas.
Also use SSL

Related Objects


Event Timeline

Kormat triaged this task as Medium priority.Oct 21 2020, 9:05 AM
Kormat created this task.
LSobanski moved this task from Triage to Ready on the DBA board.Oct 21 2020, 9:16 AM

Adding profile::idp::client::httpd, and configuring orchestrator appropriately should work.

11:21:49 <jbond42> kormat: if thats that case i would use the header X-CAS-CN (environment variable HTTP_X_CAS_CN) as the default CAS-User header suffers from the case insensetive issue that icinga has

Configurable here:

Change 635520 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/puppet@production] Add IDP service definition for

Change 635520 merged by Muehlenhoff:
[operations/puppet@production] Add IDP service definition for

Marostegui updated the task description. (Show Details)Fri, Nov 6, 1:18 PM