Details
-
Feature
-
Status: Released (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Current Situation
- JOC Cockpit supports a number of Identity Service Providers including LDAP, Vault and Keycloak.
- The JOC Cockpit GUI offers a common login screen to authenticate with one of the available Identity Services.
Feature
- JOC Cockpit Web Services offer native support for OIDC authentication with a new OIDC Identity Service type, see
JOC-1370 - The JOC Cockpit GUI offers
- for existing Identity Services the user/password and/or certificate authentication,
- for OIDC based Identity Services the list of Identity Services displayed with the login screen.
- If a user selects to authenticate with one of the OIDC based Identity Services then
- authentication is performed between the browser based JOC Cockpit GUI and the authentication service.
- the JOC Cockpit Web Services verify authentication according to the OIDC protocol.
Maintainer Note
- This feature follows the KISS principle and by design is limited to OIDC with no support for OAuth 2.0.
- OAuth 2.0 offers a too wide attack surface due to its extended capabilities for session management and authorization features that are not required for JOC Cockpit.