Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Scope based Host Authorization #24

Open
pfzetto opened this issue Sep 17, 2021 · 1 comment
Open

Feature Request: Scope based Host Authorization #24

pfzetto opened this issue Sep 17, 2021 · 1 comment
Labels
enhancement New feature or request

Comments

@pfzetto
Copy link

pfzetto commented Sep 17, 2021
edited
Loading

Hey,
currently I don't see a good way to Authorize Users to Hosts (with the GW, not the Host). My suggestion would be, that an OpenId Provider like Keycloak can add a Host Claim to the Access Token, which consists of an array of hosts. The user is than only allowed these hosts.
Access Token Snippet:

...
"hosts" : [
  "0.0.0.0:3389",
  "1.1.1.1:3389"
],
...

In Keycloak you could create a role for every host and assign the roles to users. Then you can use a Custom Client Scope to create the host claim.
@bolkedebruin
Copy link
Owner

That isnt a bad idea. Labeling for future work

@bolkedebruin bolkedebruin added the enhancement New feature or request label Aug 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bolkedebruin @pfzetto