Project

General

Profile

Actions

Architecture #6912

closed

Update Rudder authentication to allows plugins

Added by François ARMAND almost 6 years ago. Updated over 5 years ago.

Status:
Released
Priority:
1
Category:
Architecture - Refactoring
Target version:
Effort required:

Description

We need to update the way Rudder does authentication to allows authentication plugin to be build.

The mainly implies:

- having a way to specify which authentication type(s) to use in rudder.properties config file;
- have a fallback root user that is alway here (so that there is always somebody able to connect to Rudder for admin task)
- do a lot of gore things to make Spring Security do what we want (charge properties for each plugins, load correct authentication providers, etc).


Subtasks 2 (0 open2 closed)

Architecture #7315: Add migration scripts to authentication providers configurationReleasedBenoît PECCATTE2015-11-02Actions
Bug #7354: The upgrade script always add rudder.auth.providerReleasedFrançois ARMAND2015-11-02Actions
Actions #1

Updated by François ARMAND almost 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/886
Actions #2

Updated by François ARMAND over 5 years ago

Some details about the implementation:

- each modules is identified in the properties file,
- there is two standards module: "file" and "ldap"
- there is a new, always enabled module, even if not: rudder.auth.admin (with two properties: rudder.auth.admin.login and rudder.auth.admin.password)
- we have a new "authentication type" selector to configure in the file: rudder.auth.type = comman,separated,list,of,auth,module

Then, we can add a new plugin just by adding a jar in the path :
- its properties can be added in the config file with the format: rudder.auth.AUTH_NAME.prop1, etc
- we also automatically look for an XML config file with name: applicationContext-security-auth-AUTH_NAME.xml

So compared with old property file, we need to:
- remove rudder.auth.ldap.enabled,
- add rudder.auth.admin.login and rudder.auth.admin.password,
- add rudder.auth.type=[here, if rudder.auth.ldap.enabled was true, set "ldap" else "file" - when not in a migration, it will be "file"]

Actions #3

Updated by François ARMAND over 5 years ago

  • Status changed from Pending technical review to Pending release
Actions #5

Updated by Vincent MEMBRÉ over 5 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.2.0~beta1 which was released today.

Actions

Also available in: Atom PDF