Comments (1)
havetisyan
commented on July 24, 2024
Currently we do not. The authentication flow is now Browser -> Athenz UI -> Athenz ZMS (REST Server). So in this ZMS does not really trust Athenz UI and it requires the authentication credentials from Browser to be forwarded to the server for verification. This works quite well if you're using OIDC client as UI just forwards the id token the UI received from your IdP to ZMS which validates the token and determines the identity of the user. If the Browser -> Athenz UI auth is done using SAML then there is no standard way to pass the SAML document to the server as such we typically recommend the use of OIDC. Since you need to write the Authority in ZMS and support your IdP in the UI to handle authentication, nothing stopping your to include such support in your implementation.
from athenz.
Related Issues (20)
- do not allow deletion of domain is it's associated with aws/gcp/azure
- review enabled roles/groups - role/group Review api does not force another admin approval
- Cannot update RoleMeta with blank SignAlgorithm HOT 4
- Are there any plans to implement a mechanism to restrict the principals to be added to a group of tenants based on specific conditions? HOT 4
- resource ownership in Athenz HOT 1
- questions regarding ZTS's readOnlyMode HOT 2
- No way to exit PolicyLoader
- Support spiffe trust domain in role certificates
- extend update_members action for role/group review api
- Question Regarding the Specifications of Principal Group HOT 2
- Provide support to enable/disable principals in Athenz
- Support simple domain based filtering for role/group principals.
- How should the Athenz jwk config be distributed? HOT 5
- Error logs output when loading JWS Policy HOT 2
- extend the logic to set the preferred expiry time for service certificates
- provide the capability for system admins to specify host/ssh cert signing key per domain
- option to reject id token request if all roles/groups are not authorized
- postSubDomain supports templates without params HOT 1
- Extend support for authority filter for roles/groups to skip unnecessary checks
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from athenz.