![]() To create a new application for the instance, click on the "Admin Area" link in the menu bar and then select "Applications" in the sidebar. In production environments, it is recommended to create an "Instance" or "Group" application. If you are following the steps in this tutorial, but do not have administrative access to a GitLab instance, instructions for creating a "User" application are included. ![]() It's possible to restrict access to an application by also creating a "Group" application instance. In this article we will be using an "instance wide application" that is available to all users of GitLab and then inspecting which GitLab groups the user is a member of from Airflow. GitLab supports creating applications that are specific to a user, members of a particular group, or to all users. ![]() The first step in configuring GitLab as an SSO provider is to create an "application" that will be used by Airflow to request a user's credentials. Step 1: Configure a GitLab OpenID Application Create a Docker Compose "orchestration" file that allows for the Docker image and SSO configuration to be tested.Create a secrets file that provides Airflow the application configuration from GitLab and the URLs need for authentication, retrieving user data, and for notifying the IdP that a user has logged out.Implement a security manager that supports OIDC.Build a Dockerfile which can package Airflow and the dependencies required by OpenID Connect (OIDC).Create a directory to organize the files required by Airflow for SSO.Creating an application within GitLab creates a "trust" between the two systems that is verified using a special "ID" and token prevents attackers from being able to steal credentials that would allow them access to Airflow. Create and configure an "application" in GitLab which registers Airflow as a system authorized to use GitLab as an IdP.Here are the steps we will follow to implement SSO: Because it is often desirable to limit access to a subset of users within an IdP, we will show how GitLab groups can further be leveraged as a way of allowing members of only one group to access the AirFlow instance. This article focuses on the OpenID method of authentication (specifically the OpenID Connect) using GitLab as an IdP. This makes it ideal for use by intranet sites or when the web server is configured to use the Kerberos Authentication Protocol. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |