Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

need a login authentication system also with ui that connected with backend registry, as in docker hub #272

Open
arunk-tx opened this issue Oct 7, 2022 · 3 comments
Open

need a login authentication system also with ui that connected with backend registry, as in docker hub #272

arunk-tx opened this issue Oct 7, 2022 · 3 comments
Labels
enhancement wontfix

Comments

@arunk-tx
Copy link

arunk-tx commented Oct 7, 2022
edited

need a login authentication system also with ui that connected with backend registry, as in docker hub, so that to track more info on the user that pushed the image,

only logged in user should push image-> docker login {ip} ... where its hosted
user can register with email id to create account for login purpose
@faust64
Copy link

faust64 commented Oct 7, 2022

You could use some oauth-proxy sidecar, or whatever reverse proxy you would like with whatever auth mechanism suits you.
oidc, saml, lemonldap-ng, okta, specific endpoints, custom certificates, ... handling just all use cases is quite a vast topic. Maybe out of scope here (?)

@Joxit
Copy link
Owner

Joxit commented Oct 7, 2022

Hi @arunk-tx and thank you for using my project 😄

I agree with @faust64 my project, this is out of the scope of the project. I created this project in order to have a simple UI to manage my docker registry servers. An interface that requires nothing more than the docker registry server.

But, if you need to connect a base of users (from LDAP or whatever), since 2.0.0 I do support Docker Token Authentication Specification which is supported by Keycloak (see #167)

As an option you can also, as @faust64 says, use some great projects such as oauth2-proxy in front of your UI and registry.

Now, if you really want something more powerful with insights and stats from your users, this requires a new project that I could start only by having monthly sponsors that cover the time spent on the project.

Note, the description of the project:

The simplest and most complete UI for your private registry

@alexanderwolz
Copy link
Contributor

alexanderwolz commented May 18, 2023
edited

Hi @arunk-tx, @Joxit

I have created a token mapper plugin for keycloak 21+ that works on the docker v2 protocol in Keycloak (OIDC provider).
You can setup groups and roles for users which the mapper checks against the registry scope. I use it in combination with docker-registry-ui and group my users into admin, editor and user. I can also let my users access the catalog scope, so they can browse my registry with docker-registry-ui but are only allowed to check details if they belong to the repository (e.g. registry.com/mycompany/alpine:2.1-custom) by being assigned to a group called registry-mycompany

Check this out if it suits your needs:
https://github.com/alexanderwolz/keycloak-docker-group-role-mapper

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@faust64 @Joxit @alexanderwolz @arunk-tx