| title | author | date | tags | slug | category |
|---|---|---|---|---|---|
Seamless single-sign-on |
mvo |
2018-05-28 10:00 |
cockpit |
sso-oauth |
blog |
Organizations who use several machines often run management display software in an attempt to integrate all infrastructure. ManageIQ and Foreman are great examples of this kind of software.
Managing machines from the outside is usually adequate, but sometimes it's best to log into the machine itself and have a look around. Cockpit excels in this task. In fact, both ManageIQ and Foreman have Cockpit integration built-in.
Machine management software already has administrative access over the machines (both virtual and on bare metal), so there should not be a need to type credentials a second time.
Indeed, ManageIQ currently opens Cockpit in a seamless manner, using OAuth and external authentication helpers, all without requiring additional username and passwords.
Foreman currently does not have a seamless handover; it simply provides a standard link. As a result, when Foreman opens Cockpit, you're greeted with the log in page.
It would be ideal for Foreman to also have seamless Cockpit integration.
- As a first step, I have written a prototype based on what I have figured out so far in a
seamless-cockpitgit repo. - Additionally, I have also written a version that uses a reverse proxy on the
nginxedbranch. This approach is altogether nicer — but, before it works, we need to fix a Cockpit bug (#9237){:title="ws: Also strip query from original_path"}.
If you are using Foreman to manage your machines and would seamless credentials handover, we welcome you to try out the above code — and please let us know how it works for you!
*[single pane of glass]: console that provides high-level management of multiple machines, also known as a "single-pane view" *[repo]: repository