External auth proxy

lukegriffith · February 3, 2020, 12:13pm

Hey All,

I’d like to terminate authentication at an external auth proxy that is being used by multiple other services - This involves the proxy passing a remote user header. Looking at the documentation I can’t seem to find if this is supported with the built in rancher authentication proxy trying to do all the work.

I’d like to remove this responsibility from Rancher, as i don’t want to configure an app in the IDP for each rancher deployment. Has anyone else attempted this, is it possible or will i only find tales of woe?

Thanks,

Luke

vincent · February 3, 2020, 3:49pm

There is no disabling or externalizing auth.

I don’t know how you would really make that work; you don’t always want $externalThing deciding if a request should be passed through, API keys and or token in a kubeconfig still need to work.

Also we need to know what groups you’re a member of, what users and groups exist to allow managing picking those for RBAC, etc.

Topic		Replies	Views
Using Rancher Authentication as a openvpn backend Rancher 1.x	12	3705	August 3, 2016
Nginx-ingress on Rancher, authentication using Oauth2 Rancher 2.x	1	579	April 24, 2020
Configuring External Authentication For Rancher	1	611	October 27, 2019
OAuth2_proxy template? Rancher 1.x	1	1299	February 29, 2016
Rancher Server Stack managed by itself? Rancher 1.x	2	805	July 28, 2016

External auth proxy

Related Topics