Skip to content

OIDC authentication support#724

Merged
rezib merged 26 commits into
mainfrom
pr/feat-268
May 26, 2026
Merged

OIDC authentication support#724
rezib merged 26 commits into
mainfrom
pr/feat-268

Conversation

@rezib
Copy link
Copy Markdown
Contributor

@rezib rezib commented May 20, 2026
edited
Loading

Pending tasks:

  • Release RFL v1.8.0 with OIDC authentications support
  • Bump minimal RFL authentication version to 1.8.0
  • Rework and simplify documentation changes
  • Fix configuration reference documentation changes
  • Refactor LDAP authentication routes in specific auth module
  • Move session secret key parameter at service level
  • Add command to generate session secret key on gateway
  • Document secret key setting in quickstart guide
  • Add upgrade guide to document secret key requirement
  • Fix testing in environment where oidc is not available

fix #268

@rezib rezib self-assigned this May 20, 2026
github-advanced-security[bot]
github-advanced-security AI found potential problems May 20, 2026
View reviewed changes
Comment thread dev/lib/devenv/keycloak.py Fixed
@rezib rezib force-pushed the pr/feat-268 branch 12 times, most recently from 71ec9b2 to eb0f1c0 Compare May 22, 2026 15:48
@rezib rezib marked this pull request as ready for review May 22, 2026 15:53
@rezib
chore: bump RFL.authentication dependency version
13b7e81 
Latest version v1.8.0 is required for OIDC support.
@rezib rezib force-pushed the pr/feat-268 branch 3 times, most recently from 5dca537 to 196a226 Compare May 26, 2026 08:58
rezib added 9 commits May 26, 2026 11:02
@rezib
feat(gateway): support OIDC authentication
1de4db3 
Support OpenID Connect SSO authentication based on RFL OIDCClient.

New module conf is introduced with a function to load secret file. It
notably replaces gateway specific load_ldap_password_from_file().

Methods in SlurmwebAppGateway are refactored to setup authentication
backends in dedicated methods.

The session key file is also loaded and required at gateway startup.

The authentication method enabled in gateway is now returned in UI JSON
config file.

fix #268
@rezib
feat(conf): oidc gateway parameters
65cf3b1
@rezib
refactor(gateway): submodule per auth method
7ab2867 
Move LDAP and anonymous authentication view in dedicated submodules,
under the new view.auth package.
@rezib
tests(gateway): cover OIDC auth
00aada5
@rezib
refactor(gateway): return user login in LDAP auth
a5badf2 
Return user login in successful LDAP authentication JSON response, to
make it match response for successful OIDC authentication. This
simplifies response typing in frontend.
@rezib
tests(gateway): login in LDAP auth response
0d3fbcc
@rezib
feat(front): support OpenID Connect SSO auth
ebfffab
@rezib
tests(front): cover OIDC auth
4ce4e9b
@rezib
chore(dev): refactor test dev code with OIDC
48c9c4b
@rezib
feat(gensession): introduce gen-session-key cmd
3ef5045 
This command can be used to generate a random secret session key with
correct permissions for Slurm-web gateway.
rezib added 15 commits May 26, 2026 11:25
@rezib
tests(gensession): cover slurm-web gen-session-key
3b55342
@rezib
feat(lib): add gen-session-key in compat wrapper
4a267c2
@rezib
docs: document LDAP and OIDC authentication setup
38ce25e
@rezib
docs: add manpage for slurm-web gen-session-key
0509593
@rezib
docs: update CONTRIBUTING.md for gensession
0a8a804
@rezib
docs: mention session key in quickstart guide
40691a1
@rezib
docs: mention session key step in upgrade guide
34a0b7c
@rezib
feat(conf): add oidc/ldap sections doc
a6dfd8a
@rezib
chore(pkgs): bump RFL.settings dep to v1.8.0
afcfd07 
This is required to support section-level documentation in settings
definition.
@rezib
docs: update configuration reference documentation
6451d21
@rezib
chore(assets): add OIDC authentication screenshots
9f53669
@rezib
docs: mention OIDC auth feature in overview
955b606
@rezib
docs: mention OIDC auth in architecture docs
de886ac
@rezib
docs: mention OIDC auth feature in README.md
fa91202
@rezib
ci: install oidc deps for integration tests
fc903b5
@rezib rezib merged commit 0c853ce into main May 26, 2026
29 checks passed
@github-actions github-actions Bot locked and limited conversation to collaborators May 26, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@rezib rezib

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SSO authentication

2 participants

@rezib @github-advanced-security