I am currently working on a project where I need to integrate our self-login service, which handles user authentication (including both password and 2FA), with a RESTful API. However, I am encountering some challenges and would greatly appreciate your expertise and guidance.
Specifically, I have the following questions and concerns:
Integration with Open OnDemand (OOD):
Is it possible to merge our self-login service with Open OnDemand? If so, I would like to understand the steps involved in this process.
Implementation Details and Potential Issues:
If integration is feasible, what are the best practices or critical considerations I should be aware of? Are there any potential challenges or issues that might arise during the integration that I should prepare for?
I have a few questions after reviewing the Apache and OOD specifications:
Is it possible to change the authentication type from openid-connect to bearer with the jwt provider in Apache? The reason is that the self-login service provides an access token via the RESTful API. mod_auth_bearer - Apache HTTP Server Version 2.5
What should I be aware of after making the change mentioned in Question 1?
What considerations should I keep in mind if I modify the authentication mechanism from ondemand-dex with LDAP to the self-login service?
Yes, though I’m not familiar with mod_auth_bearer or mod_auth_jwt (I’ve actually never heard of them until now), so I don’t know the specifics.
I don’t know if mod_auth_bearer and/or mod_auth_jwt are what apache considers Basic Authentication. I don’t believe they are because of the AuthType (it’d be AuthType Basic if it were basic). Basic auth types are very insecure, but these don’t appear to be basic, so you may be in the clear.
Given that it’s an authentication mechanism, I’d worry about security. Especially regarding tokens. You wouldn’t want everyone using the same token. But again, I’m not familiar with your self-login service or with those apache auth modules, so I can’t really speak to what security considerations you’d need to take into account. I only mention the fixed token because that’s an example in the documentation. I don’t actually know how these modules work or if the user would ever actually be able to see this token.
Thanks for your reminder.
Actually, the self-login service combines user password and 2FA authentication. After successful authentication, it returns an access token for the logged-in user, with each user receiving their own unique access token. However, I’m unsure how to integrate this service with Open OnDemand (OOD).