Fallback to Basic auth in case OIDC server does not respond? #1327
restena-sw
started this conversation in
General
Replies: 1 comment
-
|
Hi Stefan, I think monitoring would best be done on a separate path, protected just with basic auth. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi!
We are setting up a monitoring application SP, which should be accessible even if some servers it monitors are unavailable.
Our normal SSO workflow would involve OIDC to our IdP, but that has many operational dependencies (IdP web server working (incl.- underlying virtualisation infra + SAN), IdP DB backend working, network between SP and IdP working).
Especially when such components fail, you would want to look at monitoring to figure out where the breakage is. So there must be "some way" of authenticating to the server even in the absence of an OIDC connection.
I'm currently struggling to understand how/if this is possible. If one uses Apache's AuthType Basic, a fallback is built-in possible as the AuthBasicProvider ... directive allows you to specify multiple providers in a row. That needs a user-not-found to trigger the fallback, which is obviously not how it works when delegating auth with OIDC.
And OIDC has its own AuthType, and it's not obvious how it could fallback to something else.
Any ideas about that?
Beta Was this translation helpful? Give feedback.
All reactions