Project

General

Profile

Actions

Feature #8923

closed

Ability to use Negotiate/Kerberos authentication to API and hammer

Added by Jan Pazdziora almost 10 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Hammer core
Target version:
-
Difficulty:
Triaged:
Yes
Team Backlog:
Hammer
Fixed in Releases:
Found in Releases:
In Kanboard:
yes

Description

The support for external authentication tracked via http://projects.theforeman.org/issues/5031 was mainly focused on WebUI authentication so far. It's desirable to bring the external authentication (meaning Negotiate, SAML, certificate-based) to API as well. At least for Negotiate (Kerberos), the primary blocker is that while it might be possible to configure the authentication in Apache, it would mean renegotiation upon every request, making the API operation slow.

The feature requests http://projects.theforeman.org/issues/8852 and http://projects.theforeman.org/issues/8016 talk about authentication using bearer tokens which by itself is mostly an internal capability. This RFE looks at using the external functionality which becomes possible when bearer tokens become available -- using Kerberos authentication once at the start of the session and then using the session token.


Related issues 5 (2 open3 closed)

Related to Foreman - Feature #8852: add token-based authentication feature for APINewActions
Related to Hammer CLI - Feature #11317: Hammer + external authentication via FreeIPAClosedOleh FedorenkoActions
Has duplicate Hammer CLI - Feature #14633: Support for Kerberos AuthenticationDuplicate04/13/2016Actions
Blocked by Hammer CLI - Feature #8016: Ability to use tokenized authentication to hammer in lieu of username/password in configuration file.ClosedTomáš Strachota10/21/2014Actions
Blocks Foreman - Tracker #5031: External authentication supportNew04/02/2014

Actions
Actions

Also available in: Atom PDF