Support securing barkeep with a whitelist of authorized users #361
Comments
irabinovitch
pushed a commit
to irabinovitch/barkeep
that referenced
this issue
Dec 12, 2012
See ooyala#361 for the full proposal.
|
I was thinking about adding a similar env variable for authorized domains to provide a solution for #207. Thoughts? |
|
From a Barkeep meeting today: our plan is to put the whitelist into the DB, and add an admin UI for modifying the list. At that point, we should remove the environment configuration stopgap solution. |
This was referenced Feb 28, 2013
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Today we support openid logins, but it's not secure unless hosted behind a firewall, since a user from any domain can log in. In addition to regular username/password authorization (#354), ldap (#347), and restricting openid by domain (#207), we should support openid with a whitelist of emails.
The workflow for this should be the admin sets up barkeep, logs in, and can then add users via the /admin section. A nice feature would be to optionally send out an invite email when their name gets added.
We could also configure this list of users by an ENV variable instead of via UI, but I think that's more klunky since it requires editing a file and perhaps deploying. What do you think?
The text was updated successfully, but these errors were encountered: