[OOD-users] Open OnDemand with LDAP/Duo auth
Dockendorf, Trey
tdockendorf at osc.edu
Wed Dec 12 09:49:01 EST 2018
While we have not tested Duo with OnDemand there are a few ways I can imagine it working. First would be using Keycloak OpenID Connect for authentication to OnDemand and having Keycloak do the LDAP authentication. There is a plugin someone posted to Keycloak mailing list [1] some time ago that may allow Duo to work with Keycloak. We do use Keycloak for OnDemand but not the Duo portion. Another option that may be possible is using Duo’s LDAP proxy [2] and then configure something like Keycloak to do LDAP authentication through the Duo LDAP proxy.
Keycloak supports 2FA but not using Duo. We have lightly tested basic 2FA with Keycloak at OSC but not something we’ve deployed to production.
- Trey
[1]: https://github.com/mulesoft-labs/keycloak-duo-spi
[2]: https://duo.com/docs/ldap
--
Trey Dockendorf
HPC Systems Engineer
Ohio Supercomputer Center
From: OOD-users <ood-users-bounces+tdockendorf=osc.edu at lists.osc.edu> on behalf of "Lilley, John F. via OOD-users" <ood-users at lists.osc.edu>
Reply-To: "Lilley, John F." <johnbot at caltech.edu>, User support mailing list for Open OnDemand <ood-users at lists.osc.edu>
Date: Tuesday, December 11, 2018 at 5:13 PM
To: "ood-users at lists.osc.edu" <ood-users at lists.osc.edu>
Subject: [OOD-users] Open OnDemand with LDAP/Duo auth
Hello All,
Performing a test installation of Open OnDemand on our central hpc to compare performance and functionality against StarNet FastX. We use ldap along with duo as the second factor. Does OpenOndemand support this type of installation and if so, are there documents/notes/wikis describing this configuration floating around?
Thank You,
John
--
John Lilley
C A L I F O R N I A I N S T I T U T E O F T E C H N O L O G Y
Lead Systems Administrator – Cloud and High Performance Computing | IMSS
johnbot at caltech.edu<mailto:nelsonhs at caltech.edu> | 323.208.1688
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/ood-users/attachments/20181212/1ce21efd/attachment.html>
More information about the OOD-users
mailing list