Feature #21605: Make authentication extendable - Smart Proxy - Foreman

Actions

Copy link

Feature #21605

closed

Make authentication extendable

Added by Marek Hulán over 6 years ago. Updated about 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Marek Hulán

Category:

SSL

Target version:

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

https://github.com/theforeman/smart-proxy/pull/639, https://github.com/theforeman/smart-proxy/pull/641

Fixed in Releases:

Foreman - 1.22.0

Found in Releases:

Red Hat JIRA:

Description

Plugins can't easily extend authentications with their own means of authentication if SSL is used. The reason is that #authorize_with_ssl_client before block would always fail on SSL if no client is available. In REX there are use cases where REX core worker is authenticated differently (looking at serial number or using token). The authentication methods should not run if other authentication method already succeeded. That will also help to avoid running both trusted hosts and ssl auth methods that are built in proxy.

Related issues 2 (0 open — 2 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Smart Proxy

Custom queries

Feature #21605

Make authentication extendable

Updated by Marek Hulán over 6 years ago

Updated by The Foreman Bot over 6 years ago

Updated by Lukas Zapletal over 5 years ago

Updated by Ivan Necas about 5 years ago

Updated by The Foreman Bot about 5 years ago

Updated by Lukas Zapletal about 5 years ago

Updated by Ivan Necas about 5 years ago

Updated by The Foreman Bot about 5 years ago

	Related to foreman-tasks - Bug #25001: CVE-2018-14643 rubygem-smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature	Closed	Ivan Necas				Actions
	Blocks Foreman Remote Execution - Bug #17249: All in one setup does not work with regular SSL cert based auth	Closed	Marek Hulán				Actions