You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, only PAM and LDAP authentication methods are supported, but there are cases where these methods are not flexible enough,
for example, in the demo server (https://codechecker-demo.eastus.cloudapp.azure.com), only a few predefined users exist, the viewing and administration must be done by using those, instead of using the proper users and permissions.
It should be possible to authenticate the user using the GitHub/Google (user-selectable) accounts over the web login screen.
Two-factor authentication should be supported if required by GitHub, or Google.
After successful authentication the user should be let in based on server settings (see below).
If the user authenticates once with GitHub, and in another case with Google, the same (user entity) should be used based on the email address.
If the user is not allowed to log in yet, bring the user to a landing page where she/he is informed that she/he must ask for permission to access the CodeChecker server. The CodeChecker admin can add the user manually to the allowed_users list.
The user entry should be restricted in two methods:
Let in everyone after successful authentication. (Phase I.)
Only let in those who are members of the predefined allowed_users group (Phase II.)
Phase II.
Requirements:
It should be possible to add users (by an admin) in the web GUI of CodeChecker.
It should be possible to add groups too.
It should be possible to assign users to groups.
It should be possible to list users with the last login date also showing.
It should be possible to list group memberships.
A built-in predefined group should be added, named allowed_users.
The server should be configured in the server_config.json to restrict users based on allowed_users,
Minimum required fields for user addition:
Username
Email address (unique identifier of a user)
The last login date should be also collected and stored in the database.
The text was updated successfully, but these errors were encountered:
Authentication with OpenID Connect (OIDC) would be a useful addition to CodeChecker authentication methods.
https://openid.net/developers/how-connect-works/
Currently, only PAM and LDAP authentication methods are supported, but there are cases where these methods are not flexible enough,
for example, in the demo server (https://codechecker-demo.eastus.cloudapp.azure.com), only a few predefined users exist, the viewing and administration must be done by using those, instead of using the proper users and permissions.
Phase I.
Requirements:
allowed_users
list.The user entry should be restricted in two methods:
allowed_users
group (Phase II.)Phase II.
Requirements:
allowed_users
.server_config.json
to restrict users based onallowed_users
,Minimum required fields for user addition:
The text was updated successfully, but these errors were encountered: