XMLWordPrintable

Details

    Description

      Current Situation

      • JOC Cockpit supports a number of Identity Service Providers including LDAP, Vault and Keycloak.

      Feature

      • JOC Cockpit offers native support for OIDC authentication with a new Identity Service:
        • Users register JOC Cockpit with their preferred authentication service that supports OIDC.
        • The JOC Cockpit GUI implements OIDC based authentication.
        • The JOC Cockpit Web Services verify authentication according to the OIDC protocol.
      • OIDC support includes authentication, not authorization.
        • Assignment of roles to users is performed with JOC Cockpit as there is no reason to trust authentication servers to securely assign policies (roles) to users.
        • Users without role assignment in JOC Cockpit can login but cannot perform any operation in the GUI/Web Services.

      Maintainer Note

      • This feature follows the KISS principle and by design is limited to OIDC with no support for OAuth 2.0.
      • OAuth 2.0 offers a too wide attack surface due to its extended capabilities for session management and authorization features that are not required for JOC Cockpit.

      Attachments

        Issue Links

          Activity

            People

              ur Uwe Risse
              ap Andreas PĆ¼schel
              Ajay Kumbhkar Ajay Kumbhkar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: