Summary
AWX offers Github & Github Enterprise authentication, however I would be able to connect with other OAuth2 system like GitLab (Gitlab.com and self-hosted instances).
You can:
- Add Gitlab.com and self-hosted gitlab instances but further request for others systems can comes in futur
- Maybe create a generic OAuth2 auth that can work with any OAuth2 base auth external system
kakawait
All 12 comments
I believe django uses https://github.com/python-social-auth/social-app-django for that part and it looks like they have an initial part for gitlab https://python-social-auth.readthedocs.io/en/latest/backends/gitlab.html
jlozadad
on 9 Sep 2017
I'm interested on it too.
AlexGluck
on 9 Sep 2017
I believe django uses https://github.com/python-social-auth/social-app-django for that part
This is correct - we'd need to work with that.
wenottingham
on 9 Sep 2017
This would also have a UI component for the SSO link and any relevant update to the tower api config endpoint.
matburt
on 9 Sep 2017
if someone is interested in working on a pr for this, feel free to @ me on the UI side of things, I did the initial implementation of the third-party auth work.
jlmitch5
on 12 Sep 2017
Unfortunately we're going to be blocked on this one until we upgrade our python-social-auth core version. Good news is that we are planning on doing that with the next set of features/mass upgrades.
matburt
on 14 Sep 2017
This is really useful. We use a corporate hosted GitLab (7.14.0) that I would much prefer just to have people login to Ansible Tower with than to create individual users for each person.
rahst12
on 15 Nov 2017
The core social auth system was updated week before last, so if it's something you need then please submit a PR.
matburt
on 27 Nov 2017
Any traction on this one? Is there a way to increase the timeout of a logged-in session?
rahst12
on 11 Jun 2018
@matburt is there a starting point you could push me toward? I'm invested in seeing something like this working, but would need a little help getting into this code base.
rahst12
on 2 Nov 2018
Genericizing it would be a reasonable amount of work.
Copy-pasta-ing the existing code for a new backend would, in theory, not be that complicated.
wenottingham
on 2 Nov 2018
We use python social auth, and it does include a gitlab backend: https://python-social-auth-docs.readthedocs.io/en/latest/backends/gitlab.html
You'll want to look at how our SSO system is implemented:
(as a starting point)
https://github.com/ansible/awx/blob/devel/awx/sso/fields.py#L99-L103
https://github.com/ansible/awx/blob/devel/awx/sso/conf.py#L635-L699
and the social auth docs regarding what is required for the backend:
https://python-social-auth-docs.readthedocs.io/en/latest/backends/gitlab.html
It's probably not too hard, but our built-in settings system means you'll just need to be aware of where you need to make the changes. @rooftopcellist has done a good bit of work around here. You can track us down on irc and the mailing list if you have issues implementing it
We have some architectural docs for the overal auth system:
https://github.com/ansible/awx/tree/devel/docs/auth
matburt
on 2 Nov 2018
Related issues
augabet
路
3Comments
artmakh
路
3Comments
icsm2017
路
4Comments
marshmalien
路
3Comments
FloThinksPi
路
3Comments
Most helpful comment
This is really useful. We use a corporate hosted GitLab (7.14.0) that I would much prefer just to have people login to Ansible Tower with than to create individual users for each person.