Skip to content

Commit

Permalink
- Clarification of the proxy_pages/saml2 comments in the templates.
Browse files Browse the repository at this point in the history 
- Added an auth-type/auth-configuration specification matrix.
  • Loading branch information
@abellotti
abellotti committed Oct 7, 2017
1 parent a62b7e5 commit b8aa658
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 4 deletions.
13 changes: 13 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -623,6 +623,19 @@ _Examples_:

Binary files can be specified in the configuration map in their base64 encoded format with a basename having a `.base64` extension. Such files are then converted back to binary as they are copied to their target path.

### Auth-type and auth-configuration specification matrix in a configmap:

* auth-type depicts the Identity Provider external authentication is being configured against.
* auth-configuration identifies which Httpd external authentication configuration files to load.

| auth-type | auth-configuration | Note |
|-----------|--------------------|------|
| internal | internal | Database / ManageIQ Ldap(s) / Amazon |
| ldap | external | |
| ipa | external | |
| active-directory | external | Configured against AD via SSSD as an Ldap directory |
| active-directory | active-directory | Configured against AD domain via realm join |
| saml | saml | Keycloak / ADFS / etc. |

### Sample external authentication configuration:

Expand Down
4 changes: 2 additions & 2 deletions templates/miq-template-ext-db.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -440,10 +440,10 @@ objects:
ProxyPass /ws/ ws://${NAME}/ws/
ProxyPassReverse /ws/ ws://${NAME}/ws/
# For httpd, some ErrorDocuments must by served by the front-end httpd
# For httpd, some ErrorDocuments must by served by the httpd pod
RewriteCond %{REQUEST_URI} !^/proxy_pages
# For SAML /saml2 is only served by front-end httpd by mod_auth_mellon
# For SAML /saml2 is only served by mod_auth_mellon in the httpd pod
RewriteCond %{REQUEST_URI} !^/saml2
RewriteRule ^/ http://${NAME}%{REQUEST_URI} [P,QSA,L]
ProxyPassReverse / http://${NAME}/
Expand Down
4 changes: 2 additions & 2 deletions templates/miq-template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,10 +135,10 @@ objects:
ProxyPass /ws/ ws://${NAME}/ws/
ProxyPassReverse /ws/ ws://${NAME}/ws/
# For httpd, some ErrorDocuments must by served by the front-end httpd
# For httpd, some ErrorDocuments must by served by the httpd pod
RewriteCond %{REQUEST_URI} !^/proxy_pages
# For SAML /saml2 is only served by front-end httpd by mod_auth_mellon
# For SAML /saml2 is only served by mod_auth_mellon in the httpd pod
RewriteCond %{REQUEST_URI} !^/saml2
RewriteRule ^/ http://${NAME}%{REQUEST_URI} [P,QSA,L]
ProxyPassReverse / http://${NAME}/
Expand Down

0 comments on commit b8aa658

Please sign in to comment.