Nms-authentication

From I Will Fear No Evil
Revision as of 06:20, 6 June 2023 by Chubbard (talk | contribs) (Created page with "=== Notes on Authentication Design === So far no attempt at building an auth system has been implemented 06-06-23. Slim4 has the concept of middleware which appears to be where they want auth to live. As this is on the API side, this should work pretty well. The API and redis will decide who gets to see or do stuff, do not allow overrides on the UI side. Plans: * Redis cache of authed users * guid for apis and automation * guids salted for transfer * planned auth typ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notes on Authentication Design

So far no attempt at building an auth system has been implemented 06-06-23.

Slim4 has the concept of middleware which appears to be where they want auth to live. As this is on the API side, this should work pretty well. The API and redis will decide who gets to see or do stuff, do not allow overrides on the UI side.

Plans:

  • Redis cache of authed users
  • guid for apis and automation
  • guids salted for transfer
  • planned auth types: local db, LDAP, AD?, something oddball?
  • stub out TFA support
  • stub out SAML possibility
  • completely unauth will only go to login no matter what is called. No bypasses for any reason.
  • Think about fail2ban even for secure environments
  • redis auth expiration based on auth type and admin permissions IE admin can hard set an expiration for users
Retrieved from "https://wiki.iwillfearnoevil.com/mediawiki/index.php?title=Nms-authentication&oldid=318"