Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth proxy to static dashboard #23

Open
gberche opened this issue Apr 8, 2016 · 0 comments
Open

OAuth proxy to static dashboard #23

gberche opened this issue Apr 8, 2016 · 0 comments
Milestone
Later

Comments

@gberche
Copy link

gberche commented Apr 8, 2016
edited by gberche-orange
Loading

The static-creds-broker is designed for returning credentials of existing services already provisionned (e.g. an http cache service configured for a given application). Such existing services might already expose UIs to manage the service.

The static-creds-broker responsibility could therefore be to bridge authentication between CF UAA-based authentication and the remote existing service authentication.

The remote service authentication could be expecting:

  • HTTP basic auth (auth) + HTTPS (confidentiality)

The static-creds broker would then act as an HTTP gateway between the app team identitied in CF and the legacy service UI.

Possible yml expression:

# security properties could be removed, if it's configured in the manifest.yml through environment variable SECURITY_USER_NAME and SECURITY_USER_PASSWORD
security:
    user:
        password: <broker_password>
services:  
    CACHE:
        DESCRIPTION: My existing service
        METADATA:
            LONGDESCRIPTION: A long description for my service
        CREDENTIALS:
            HOSTNAME: http://company.com
        DASHBOARD_GATEWAY:
            url: https://login:[email protected]
        PLAN:
            PLAN1:
                NAME: cache1
                CREDENTIALS:
                    URI: http://mydev-api.org/cache1
                    ACCESS_KEY: AZERT23456664DFDSFSDFDSF
                 DASHBOARD_GATEWAY:
                    url: https://login:[email protected]/cache1
                 HOSTNAME: http://prod.company.com
            PLAN2:
                NAME: cache2
                CREDENTIALS:
                    URI: http://mydev-api.org/cache2
                    ACCESS_KEY: SFFGSFZSF
                 DASHBOARD_GATEWAY:
                    url: https://login:[email protected]/cache2
                 HOSTNAME: http://prod.company.com

In terms of supporting flexible authentication and request mapping the spring-cloud-netflix routing could be a powerfull approachn with rich, expressive routing, filtering ... rules that would be embbeded in the static-creds subtree as sub elements of the DASHBOARD_GATEWAY part.
@gberche-orange gberche-orange changed the title Dashboard support OAuth proxy to static dashboard Nov 3, 2016
@gberche-orange gberche-orange mentioned this issue Nov 3, 2016
Closed
@gberche-orange gberche-orange added this to the Later milestone Nov 3, 2016
@s-bortolussi s-bortolussi mentioned this issue Jan 27, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Later
Development

No branches or pull requests
2 participants
@gberche @gberche-orange