Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
How to configure kubernetes cluster with corporate ldap, for authentication?
I'd not found anything official.
Kismatic is one of the projects that provides a Lightweight Directory Access Protocol (LDAP) authentication webhook for Kubernetes. For Kismatic Enterprise Toolkit (KET) source code check out this link.
According to official documentation as of K8s 1.3, there is no native support for ldap authentication but using keystone can be a way to bridge to an LDAP or AD.
Found this link showing a sample walk through (with Samba):
http://cloudgeekz.com/1128/how-to-setup-active-directory-or-ldap-authentication-for-kubernetes.html
This implies the API server does the authn for the client... a more flexible solution using keystone tokens might soon be implemented here: https://github.com/kubernetes/kubernetes/pull/25391
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
We're checking out Auth Providers and was wondering how FusionAuth compares to the others?
First of, FusionAuth is free. Developers can use it for any application and even deploy to production with any number of users. All of the features of FusionAuth are available for free as well.
FusionAuth provides all of the core features that an identity provider must provide. These include registration, login, SSO, MFA, password hashing, password constraints, password reset, email templates, OAuth, OpenID Connect and others. In addition to the core features, FusionAuth also provides localization features, reporting, analytics, user segmentation, user search and a user management UI.
FusionAuth is single-tenant and downloadable. You can download it to your dev box, deploy it on a bare-metal server, run it in any cloud or deploy it to Docker. This provides a lot flexibility and FusionAuth (the company) can host it for you in an AWS private cloud if you need.
Finally, FusionAuth is built to scale. You can spin up new instances of it to handle large login volumes (because password hashing is expensive). We've tested it with a few hundred million users and it performs nicely.
Here's a quick example of just one of the numerous of APIs that FusionAuth provides.
$ curl -H'Content-Type: application/json' \
-d'{"loginId":"test#fusionauth.io", "password":"password"}' \
https://localhost:9011/api/login
This is the Login API and you can find the full documentation here: https://fusionauth.io/docs/v1/tech/apis/login
There are comparison docs to other common solutions like Auth0 here.
https://fusionauth.io/blog/2018/10/19/auth0-and-fusionauth-a-tale-of-two-solutions
At the bottom are links to comparisons to Active Directory, Cognito, Firebase, Ping Identity, Okta, and OneLogin.
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 days ago.
Improve this question
Is it possible to setup authentication to AWS with Google accounts?
I find out that there is Identity Providers in IAM, with which I can setup OpenID connection, so I start digging in this way, but there is no information about specifics of bonding together Amazon and Google.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
I have seen sometimes the concept of "offline authentication" in slides but I have never been able to map it to specific feature.
Now in Worklight 6.1 I see it in a table of features and the support for each platform:
http://www-01.ibm.com/support/docview.wss?uid=swg27039422
What is offline authentication and how does Worklight implements it? I understand it is not the same as "working offline".
Looks like "Offline authentication" is a reference to Encrypted Offline Cache... and the same can be achieved with JSONStore as well.
Source: Enhancing Your Mobile Enterprise Security with IBM Worklight
Offline authentication
When applications are running on mobile devices
that are not connected to the network, the need for user
authentication still exists. The encrypted cache feature in Worklight
can be used to achieve more offline authentication because only the
correct passwords can unlock the offline cache.
Theoretically you could devise an authentication flow that uses local secure storage for authentication needs.... I don't know how popular that would be...
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I have read the github api docs and I haven't found any streaming api like twitter streaming api.
I want to implement public github repository feed via js on client side without a server.
Is it possible?
Should I create a server and github app and authenticate my server on github so I can make all requests through it?
There is no streaming API for GitHub. I doubt they have plans of adding one either to be frank.
Your initial request can get the last 30 events and then poll with the ETag header of that request for updates. You'll need to be authenticated (somehow, not necessary via an app) to make it work. Considering each request should come from a different IP address I would hazard a guess that the rate-limits wouldn't be applied globally to all visitors regardless of who they're authenticating as. That, however, would be an excellent question for the API support team at GitHub.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Internal to our work group we have a number of services running on our web server including build service, wiki, bug tracker, and some homegrown apps. Currently these all require seperate logins for each service.
The main choice i see to centralize user creation between all these services is LDAP, however i am not interested in doing the full enterprise system, attaching logins and shared directories etc all I want is a way of centralizing users in web services.
From playing with openLDAP this seems complete overkill and is a pain to set up. Is there a simpler method, perhaps speaking LDAP protocol or some other way of centralizing authentication without having to hack up custom external authentication scripts for my services?
A centralized authentication store accessed via LDAP is exactly the solution for which you seek. LDAP is
a small protocol from a wire perspective
most available LDAP servers are extremely fast
the protocol and implemented servers are simple
easy to understand
easy to administrate
easily securable
Add replication for redundancy and increased aggregate throughput and it is hard to imagine a better solution.