[OOD-users] Open OnDemand with LDAP/Duo auth

Anderson, Richard O - (ric) ric at email.arizona.edu
Wed Dec 12 11:29:20 EST 2018 

Or use it indirectly via shibboleth, which is how we interface with DUO…
Ric
--
Ric Anderson| Systems Administrator [Description: Description: Description: Description: Description: Description: Description: http://redbar.web.arizona.edu/logos/images/thumb_pawprints.gif]
Research And Discovery Tech | HPC Systems Support
XSEDE Campus Champion
ric at email.arizona.edu<mailto:Ric at email.arizona.edu>         (V):  +1-520-626-1642
[cid:image005.png at 01D01593.CF7DFA60]



From: OOD-users <ood-users-bounces+ric=email.arizona.edu at lists.osc.edu> on behalf of "Dockendorf, Trey via OOD-users" <ood-users at lists.osc.edu>
Reply-To: "Dockendorf, Trey" <tdockendorf at osc.edu>, User support mailing list for Open OnDemand <ood-users at lists.osc.edu>
Date: Wednesday, December 12, 2018 at 7:49 AM
To: "Lilley, John F." <johnbot at caltech.edu>, User support mailing list for Open OnDemand <ood-users at lists.osc.edu>
Subject: Re: [OOD-users] Open OnDemand with LDAP/Duo auth

While we have not tested Duo with OnDemand there are a few ways I can imagine it working.  First would be using Keycloak OpenID Connect for authentication to OnDemand and having Keycloak do the LDAP authentication.  There is a plugin someone posted to Keycloak mailing list [1] some time ago that may allow Duo to work with Keycloak.  We do use Keycloak for OnDemand but not the Duo portion.  Another option that may be possible is using Duo’s LDAP proxy [2] and then configure something like Keycloak to do LDAP authentication through the Duo LDAP proxy.

Keycloak supports 2FA but not using Duo.  We have lightly tested basic 2FA with Keycloak at OSC but not something we’ve deployed to production.

- Trey

[1]: https://github.com/mulesoft-labs/keycloak-duo-spi
[2]: https://duo.com/docs/ldap

--
Trey Dockendorf
HPC Systems Engineer
Ohio Supercomputer Center

From: OOD-users <ood-users-bounces+tdockendorf=osc.edu at lists.osc.edu> on behalf of "Lilley, John F. via OOD-users" <ood-users at lists.osc.edu>
Reply-To: "Lilley, John F." <johnbot at caltech.edu>, User support mailing list for Open OnDemand <ood-users at lists.osc.edu>
Date: Tuesday, December 11, 2018 at 5:13 PM
To: "ood-users at lists.osc.edu" <ood-users at lists.osc.edu>
Subject: [OOD-users] Open OnDemand with LDAP/Duo auth

Hello All,

Performing a test installation of Open OnDemand on our central hpc to compare performance and functionality against StarNet FastX. We use ldap along with duo as the second factor. Does OpenOndemand support this type of installation and if so, are there documents/notes/wikis describing this configuration floating around?

Thank You,
John

--

John Lilley
C A L I F O R N I A  I N S T I T U T E  O F  T E C H N O L O G Y
Lead Systems Administrator – Cloud and High Performance Computing | IMSS
johnbot at caltech.edu<mailto:nelsonhs at caltech.edu> | 323.208.1688




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/ood-users/attachments/20181212/ae83f9b4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 821 bytes
Desc: image001.png
URL: <http://lists.osu.edu/pipermail/ood-users/attachments/20181212/ae83f9b4/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 3495 bytes
Desc: image002.png
URL: <http://lists.osu.edu/pipermail/ood-users/attachments/20181212/ae83f9b4/attachment-0003.png>

More information about the OOD-users mailing list