allow user by subdomain #114
Comments
|
@artagel has documented how to accomplish this using OpenResty... It's not quite as simple as a whitelist per domain but it can be done. |
|
As a work around, i'm running 2 vouch servers on one instance but using different ports. So 9090 will map to x.domain.com and a config with its own whitelist while 9091 will be for y.domain.com but the config has a different white list. I found this pretty easy to set up. the only other thing i had to do was tell nginx which subdomains should use which ports |
|
@bnfinet Are you interested in a PR adding this functionality? I personally need this feature and don't want to switch my whole stack from Nginx to OpenResty because of it. |
|
The 'vouch.domains' option is a whitelist provided the configured idp
returns an email address. The email is checked to be within a domain.
The original use case was/is that anyone who can authenticate to a Google
Apps for business group (configured by domain) is authorized.
Are you proposing something different than this?
…On Mon, Mar 23, 2020, 12:02 PM Mahdi Mohaveri ***@***.***> wrote:
@bnfinet <https://github.com/bnfinet> Are you interested in a PR adding
this functionality? I personally need this feature and don't want to switch
my whole stack from Nginx to OpenResty because of it.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJUV2ZXCAJUJTMO5LL3MIDRI6W45ANCNFSM4HJKFMMA>
.
|
|
sorry @mmohaveri I was replying via email and didn't realize you were responding into an old thread. Are you saying you need the subdomain functionality? Each user would be associated with a specific subdomain (or host)? |
|
Yes, I would prefer to have the option to whitelist specific users for specific domains while using Nginx. |
|
What IdP are you using?
You could use multiple VP instances side by side, using one whitelist per
instance, pointing each nginx `server{}` stanza at the appropriate instance.
…On Tue, Mar 24, 2020 at 2:41 AM Mahdi Mohaveri ***@***.***> wrote:
Yes, I would prefer to have the option to whitelist specific users for
specific domains while using Nginx.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJUV2YPXPPPAZ2Y42ZFLDLRJB56LANCNFSM4HJKFMMA>
.
|
|
related #175 |
|
Currently I'm using Gitea Yeah, that's definitely possible, but a little too much for a simple whitelisting. |
|
We'd like to transition away from |
|
If client_id/client_secret would be configurable per (sub)domain, different clients for each site can be configured at the IdP. Another option would be to make the auth provider configurable per subdomain and allow multiple entries in oauth. This would be a clean solution regarding #302. |
|
The elegance of @moritan's original suggestions would still be a welcomed addition to Vouch from my knot hole. |
Hello,
Is it possible to define user whitelist by subdomain ? or do i need to do a docker instance ( and a config by subdomain ?
if i set domain to example.com.
I would be great to define a spécific whitelist for app1.example.com and another one for app2.example.com
maybe something like that (but better ;-) )
What could be great, is to define whitelist in a separate file whitelist.lst by example and be able to have filename like whitelist.{subdomain}.lst
The text was updated successfully, but these errors were encountered: