Feature #21605
closed
Make authentication extendable
Description
Plugins can't easily extend authentications with their own means of authentication if SSL is used. The reason is that #authorize_with_ssl_client before block would always fail on SSL if no client is available. In REX there are use cases where REX core worker is authenticated differently (looking at serial number or using token). The authentication methods should not run if other authentication method already succeeded. That will also help to avoid running both trusted hosts and ssl auth methods that are built in proxy.
Updated by Marek Hulán over 6 years ago
- Blocks Bug #17249: All in one setup does not work with regular SSL cert based auth added
Updated by The Foreman Bot over 6 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/smart-proxy/pull/550 added
Updated by Lukas Zapletal about 5 years ago
- Status changed from Ready For Testing to New
- Triaged changed from No to Yes
- Pull request deleted (
https://github.com/theforeman/smart-proxy/pull/550)
The proposal was not considered good enough, the authorization mechanism needs a modular and plugin-friendly approach. https://github.com/theforeman/smart-proxy/pull/550
Updated by Ivan Necas about 5 years ago
- Related to Bug #25001: CVE-2018-14643 rubygem-smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature added
Updated by The Foreman Bot about 5 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/smart-proxy/pull/639 added
Updated by Ivan Necas about 5 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset 56f9095e9d70b6648d45f6754ab7cf4474352c91.
Updated by The Foreman Bot about 5 years ago
- Pull request https://github.com/theforeman/smart-proxy/pull/641 added