PSMDB-1438-OIDC-8.0 #997
Draft
PSMDB-1438-OIDC-8.0 #997
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
new file: docs/_images/OIDC-flow.png modified: docs/authentication.md new file: docs/oidc.md modified: docs/psmdb-pro.md modified: mkdocs-base.yml
| @@ -113,6 +111,19 @@ Kerberos authentication in Percona Server for MongoDB is implemented the same wa | |||
|
|
|||
| MongoDB Documentation: [Kerberos Authentication](https://docs.mongodb.com/manual/core/kerberos/) | |||
|
|
|||
| ## OIDC / OAuth 2.0 authentication and authorization | |||
|
|
|||
| Percona Server for MongoDB supports OpenID Connect (OIDC) as an authentication mechanism which extends the OAuth 2.0 authorization framework. You can configure SSO for Percona Server for MongoDB using an external IP provider so that users and applications are authenticated and authorized without sharing their credentials. As a result you streamline authentication and authorization flow and increase security within your system. | |||
There was a problem hiding this comment.
Suggested change
| Percona Server for MongoDB supports OpenID Connect (OIDC) as an authentication mechanism which extends the OAuth 2.0 authorization framework. You can configure SSO for Percona Server for MongoDB using an external IP provider so that users and applications are authenticated and authorized without sharing their credentials. As a result you streamline authentication and authorization flow and increase security within your system. | |
| Percona Server for MongoDB supports OpenID Connect (OIDC) as an authentication mechanism that extends the OAuth 2.0 authorization framework. You can configure SSO for Percona Server for MongoDB using an external Identity Provider (IdP) so that users and applications are authenticated and authorized without sharing their credentials with MongoDB clients. As a result, you streamline authentication and authorization flow and increase security within your system. |
|
|
||
| Percona Server for MongoDB supports OpenID Connect (OIDC) as an authentication mechanism which extends the OAuth 2.0 authorization framework. You can configure SSO for Percona Server for MongoDB using an external IP provider so that users and applications are authenticated and authorized without sharing their credentials. As a result you streamline authentication and authorization flow and increase security within your system. | ||
|
|
||
| This functionality is available with [Percona Server for MongoDB Pro](psmdb-pro.md). [Reach out to us](https://www.percona.com/about/contact) to become a Percona Customer. |
There was a problem hiding this comment.
Suggested change
| This functionality is available with [Percona Server for MongoDB Pro](psmdb-pro.md). [Reach out to us](https://www.percona.com/about/contact) to become a Percona Customer. | |
| This feature is built only with [Percona Server for MongoDB Pro](psmdb-pro.md). To become a Percona customer, [Reach out to us](https://www.percona.com/about/contact). Alternatively, you can also build PSMDB with OIDC feature from sources without a Percona subscription. |
|
|
||
| OpenID Connect (OIDC) is an identity authentication protocol built on top of the OAuth 2.0 framework. OIDC is designed to verify user identities and provide authentication, ensuring that users are who they claim to be. OAuth 2.0 is used for user authorization to access resources. | ||
|
|
||
| With the OIDC / OAuth 2.0 support in Percona Server for MongoDB, users can authenticate and authorize in your infrastructure without sharing their credentials. To make this happen, you enable a single sign-on (SSO) for Percona Server for MongoDB using an external identity provider (IdP). |
There was a problem hiding this comment.
Suggested change
| With the OIDC / OAuth 2.0 support in Percona Server for MongoDB, users can authenticate and authorize in your infrastructure without sharing their credentials. To make this happen, you enable a single sign-on (SSO) for Percona Server for MongoDB using an external identity provider (IdP). | |
| With the OIDC / OAuth 2.0 support in Percona Server for MongoDB, users can authenticate and authorize your infrastructure without sharing their credentials in the MongoDB client. Single Sign-On (SSO) requires an external Identity Provider (IdP) for Percona Server for MongoDB. |
|
|
||
| * **Authorization code**: a `mongo` client (for example, `mongosh` or Compass) opens a browser and redirects a user to the login portal of an external identity provider to pass authentication. This is the default authentication workflow. | ||
|
|
||
| * **Device authentication**: instead of redirecting a user to authenticate on a login portal directly, a `mongo` client receives the URL of the login portal and the authentication code. The user follows the URL and enters the authentication code. The example use case for such a workflow is when both a `mongo` client and Percona Server for MongoDB run in a cloud environment and the client needs to authenticate in Percona Server for MongoDB without managing long-term credentials like passwords. |
There was a problem hiding this comment.
Suggested change
| * **Device authentication**: instead of redirecting a user to authenticate on a login portal directly, a `mongo` client receives the URL of the login portal and the authentication code. The user follows the URL and enters the authentication code. The example use case for such a workflow is when both a `mongo` client and Percona Server for MongoDB run in a cloud environment and the client needs to authenticate in Percona Server for MongoDB without managing long-term credentials like passwords. | |
| * **Device authentication**: instead of redirecting a user to authenticate on a login portal directly, a MongoDB client receives the URL of the login portal and the authentication code. The user follows the URL and enters the authentication code. The example use case for such a workflow is when a MongoDB client and Percona Server for MongoDB run in a cloud environment, and the client needs to authenticate in Percona Server for MongoDB without managing long-term credentials like passwords. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
new file: docs/_images/OIDC-flow.png
modified: docs/authentication.md
new file: docs/oidc.md
modified: docs/psmdb-pro.md
modified: mkdocs-base.yml