API OAuth¶

There is two legged OAuth protocol added in API allowing request authentication.

Signed request with OAuth (using oauth_consumer_key and oauth_consumer_secret) are trusted by Foreman. If request verification is successful a Foreman user is authenticated. Depending on oauth_map_users option the incoming request is executed as admin or as mapped user. If oauth_map_users is enabled users are mapped by User#login passed in X-FOREMAN-USER header.

Setup¶

1. go to http://foreman.url/settings?utf8=%25E2%259C%2593&search=+category++%253D++Auth
2. enable OAuth authetication oauth_active, set to true
3. set oauth_consumer_key and oauth_consumer_secret
4. optionally set oauth_map_users to true to enable user mapping

Troubleshooting¶

• if you have trouble enabling OAuth authentication watch Foreman log WARN messages.
• or debug OAuth authentication logic, see: source:lib/api/authorization.rb