API OAuth » History » Version 2
Petr Chalupa, 10/24/2012 06:05 AM
| 1 | 1 | Petr Chalupa | h1. API OAuth |
|---|---|---|---|
| 2 | |||
| 3 | There is two legged OAuth protocol added in API allowing request authentication. |
||
| 4 | |||
| 5 | Signed request with OAuth (using @oauth_consumer_key@ and @oauth_consumer_secret@) are trusted by Foreman. If request verification is successful a Foreman user is authenticated. Depending on @oauth_map_users@ option the incoming request is executed as admin or as mapped user. If @oauth_map_users@ is enabled users are mapped by @User#login@ passed in @X-FOREMAN-USER@ header. |
||
| 6 | |||
| 7 | h2. Setup |
||
| 8 | |||
| 9 | # go to http://foreman.url/settings?utf8=%25E2%259C%2593&search=+category++%253D++Auth |
||
| 10 | # enable OAuth authetication @oauth_active@, set to @true@ |
||
| 11 | # set @oauth_consumer_key@ and @oauth_consumer_secret@ |
||
| 12 | # optionally set @oauth_map_users@ to @true@ to enable user mapping |
||
| 13 | |||
| 14 | h2. Troubleshooting |
||
| 15 | |||
| 16 | * if you have trouble enabling OAuth authentication watch Foreman log WARN messages. |
||
| 17 | * or debug OAuth authentication logic, see: source:lib/api/authorization.rb |
||
| 18 | 2 | Petr Chalupa | |
| 19 | h2. Security |
||
| 20 | |||
| 21 | OAuth does not signs whole request (body and @X-FOREMAN-USER@ are not signed), api should be exposed over HTTPS. |