Support for Linux PAM authenication and authorization using Linux group memberships
Opened this issue · 3 comments
It would be super awesome if ShinyProxy could support user authentication and authorization using native authentication mechanisms on Linux, just like the Shiny Server Pro version.
These days it's very easy to configure Linux systems to use remote identify services like FreeIPA, LDAP or Active Directory using the SSSD and/or Samba packages.
ShinyProxy could benefit from this because it would be very easy for ShinyProxy administrators to configure and it would provide a great alternative to the more advanced ShinyProxy authentication backends but be just as powerful
Inspirational links:
https://sssd.io/
https://www.adelton.com/apache/mod_authnz_pam/
https://www.adelton.com/apache/mod_lookup_identity/
https://ubuntu.com/engage/microsoft-active-directory
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/sssd
Hi @ipimpat
Unfortunately this is currently not supported and we don't have this feature on our roadmap.
Note that ShinyProxy can authenticate using OpenID and SAML, maybe there is some application/service that can bridge SSSD to OpenID? In that case you connect ShinyProxy using OpenID to that extra service.
Hi @LEDfan
Thx for your reply and suggestions.
I hope you guys will add PAM to the roadmap, because it is so much easier to deal with than the current supported.
+1 for this.