Configuring (ALB) for Preauthenticated User Setups in Rundeck?

[Alp K]

I am currently setting up Rundeck in a Kubernetes environment and looking to integrate it with an AWS Application Load Balancer (ALB) that uses OpenID Connect (OIDC) for authenticating users. I want the ALB to handle the authentication process and then forward the authenticated user information to Rundeck so that users do not have to log in again in Rundeck.

Here are specific points I need help with:

1. ALB Configuration for (OKTA) OIDC: How do I set up the ALB with OIDC integration to authenticate users?

2. Header Forwarding: After authentication, what headers does the ALB forward by default, and how can I configure it to forward additional user information (such as user roles and email) that Rundeck can use for authorization? I followed this documentation but seems like the the setup differs for alb: https://docs.rundeck.com/docs/administration/security/authentication.html#preauthenticated-mode-using-headers

3. Rundeck Setup for Preauthenticated Sessions: How should I configure Rundeck to accept and trust the user information forwarded by the ALB? What changes are needed in the rundeck-config.properties file to ensure Rundeck recognizes and uses the headers forwarded by ALB? Thanks for your help.

[Alp K]

Hello,

In addition to that, I am running Rundeck in EKS so thought ALB setup would be appropriate. Any help or advice on this would be appreciated.

[rac...@rundeck.com]

Hi,

The SSO is only available for Process Automation product (formerly "Rundeck Enterprise") take a look.

About the Header Forwarding and the preauth mode, this example would help you (also this guide).

Regards.