Rundeck Login module - Google Oauth

[Siva Shanmukh Vetcha]

Hi all,

I am just looking for a rundeck plugin which can let us login using our google login using oauth. I have not found such a plugin. So I want to write it myself. I would like to know if there are any oauth plugins that I can use directly. If there are none, please point me to documentation on what the requirements of a rundeck plugin should be and documentation on the user login part.

Thanks,
Shanmukh.

[Siva Shanmukh Vetcha]

Bumping this.

Can anyone please point me at some direction? I am completely clueless. I want to develop this and share this for everyone's use. If rundeck doesn't even provide a service to build a plugin, I am willing to contribute there too. I can fork the repo and work on it. But I am not sure if this service is available or if it needs developing. And if it needs to be developed, please point me to some documentation or anything where I can start with.

Thanks,

Shanmukh.

[Greg Schueler]

Hi Shanmukh,

Rundeck's authentication/authorization is based on the servlet container. The default launcher jar uses Jetty and automatically configures a JAAS "UserRealm" for auth.  You could also deploy Rundeck as a .war file under Tomcat (or jetty), in which case you can configure the container authentication however you want and Rundeck will use that.

I don't have a simple answer for a JAAS Oath module, I'm not sure how that might work.  You might do a search for Tomcat or Jetty Oath "realm" implementation to see if there is anything already out there.

--
Greg Schueler

--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Siva Shanmukh Vetcha]

Greg,

Thanks a ton for the reply. I will explore on deploying rundeck as war. I found a couple of tuts on authentication for both tomcat and jetty using oauth. This gives me hope that it may work and if it does, I will update here.

Thanks again for the help.

Sent from a mobile device. Please excuse brevity.

You received this message because you are subscribed to a topic in the Google Groups "rundeck-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rundeck-discuss/w35leVAzmJQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rundeck-discu...@googlegroups.com.

[Matthew Gregg]

This is about the only thread I can find related to this(Oauth). I assume you never got it to work?

[Siva Shanmukh Vetcha]

We got this working by putting rundeck behind nginx and using https://github.com/bitly/google_auth_proxy

But I would still say that the best thing to do is to actually dig into the process of creating a rundeck authentication module to support oauth. I didn't have time for it.

Not sent from my iPhone or my Blackberry or anyone else's

To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/a89ca254-851a-42e6-8af0-f2066bb923e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[and...@key.me]

Hi Siva,

I'm trying to do the same thing with Google Oauth and rundeck. How did you get these two working together? I have the oauth2_proxy working, but not sure how to connect rundeck to it...

Thanks for any info,
andrew

[Jason Parmar]

[Jason Parmar]

Hey Siva, 

Clever way of doing it, I am assuming anyone who logs in via google auth has the same access to rundeck, is it possible to set up different permissions based on different gmail account logins?

Kind regards

Jason

[ma...@maglana.com]

Hi Jason,

RunDeck will recognize different users based on what the reverse proxy gives it (see http://rundeck.org/docs/administration/authenticating-users.html#preauthenticated-mode). For the authorization part, you do that in RunDeck's built in RBAC feature.