External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-16 05:47:38 -02:30
Code Issues Packages Projects Releases Wiki Activity

Remove social oauth (Azure, Github, Google) (#15549)

Browse Source 
Remove social oauth (Azure, Github, Google)

Co-authored-by: jessicamack <jmack@redhat.com>
This commit is contained in:
Djebran Lezzoum
2024-10-02 16:05:28 +02:00
committed by jessicamack
parent 2c2694ce89
commit bcd006f1a5
16 changed files with 92 additions and 1148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

269
docs/docsite/rst/administration/social_auth.rst
View File

@@ -11,268 +11,6 @@ Authentication methods help simplify logins for end users--offering single sign-
Account authentication can be configured in the AWX User Interface and saved to the PostgreSQL database. For instructions, refer to the :ref:`ag_configure_awx` section.
.. _ag_auth_github:
GitHub settings
----------------
.. index::
pair: authentication; GitHub OAuth2
To set up social authentication for GitHub, you will need to obtain an OAuth2 key and secret for a web application. To do this, you must first register the new application with GitHub at https://github.com/settings/developers. In order to register the application, you must supply it with your homepage URL, which is the **Callback URL** shown in the Details tab for the GitHub default settings page. The OAuth2 key (Client ID) and secret (Client Secret) will be used to supply the required fields in the AWX User Interface.
1. Click **Settings** from the left navigation bar.
2. On the left side of the Settings window, click **GitHub settings** from the list of Authentication options.
3. Click the **GitHub Default** tab if not already selected.
The **GitHub OAuth2 Callback URL** field is already pre-populated and non-editable. Once the application is registered, GitHub displays the Client ID and Client Secret.
4. Click **Edit** and copy and paste GitHub's Client ID into the **GitHub OAuth2 Key** field.
5. Copy and paste GitHub's Client Secret into the **GitHub OAuth2 Secret** field.
6. For details on completing the mapping fields, see :ref:`ag_org_team_maps`.
7. Click **Save** when done.
8. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the GitHub logo to allow logging in with those credentials.
.. image:: ../common/images/configure-awx-auth-github-logo.png
.. _ag_auth_github_org:
GitHub Organization settings
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. index::
pair: authentication; GitHub Org
When defining account authentication with either an organization or a team within an organization, you should use the specific organization and team settings. Account authentication can be limited by an organization as well as by a team within an organization.
You can also choose to allow all by specifying non-organization or non-team based settings (as shown above).
You can limit users who can login to AWX by limiting only those in an organization or on a team within an organization.
To set up social authentication for a GitHub Organization, you will need to obtain an OAuth2 key and secret for a web application. To do this, you must first register your organization-owned application at ``https://github.com/organizations/<yourorg>/settings/applications``. In order to register the application, you must supply it with your Authorization callback URL, which is the **Callback URL** shown in the Details page. Each key and secret must belong to a unique application and cannot be shared or reused between different authentication backends. The OAuth2 key (Client ID) and secret (Client Secret) will be used to supply the required fields in the AWX User Interface.
1. Click **Settings** from the left navigation bar.
2. On the left side of the Settings window, click **GitHub settings** from the list of Authentication options.
3. Click the **GitHub Organization** tab.
The **GitHub Organization OAuth2 Callback URL** field is already pre-populated and non-editable.
Once the application is registered, GitHub displays the Client ID and Client Secret.
4. Click **Edit** and copy and paste GitHub's Client ID into the **GitHub Organization OAuth2 Key** field.
5. Copy and paste GitHub's Client Secret into the **GitHub Organization OAuth2 Secret** field.
6. Enter the name of your GitHub organization, as used in your organization's URL (e.g., https://github.com/<yourorg>/) in the **GitHub Organization Name** field.
7. For details on completing the mapping fields, see :ref:`ag_org_team_maps`.
8. Click **Save** when done.
9. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the GitHub Organization logo to allow logging in with those credentials.
.. image:: ../common/images/configure-awx-auth-github-orgs-logo.png
.. _ag_auth_github_team:
GitHub Team settings
~~~~~~~~~~~~~~~~~~~~~~~~
.. index::
pair: authentication; GitHub Team
To set up social authentication for a GitHub Team, you will need to obtain an OAuth2 key and secret for a web application. To do this, you must first register your team-owned application at ``https://github.com/organizations/<yourorg>/settings/applications``. In order to register the application, you must supply it with your Authorization callback URL, which is the **Callback URL** shown in the Details page. Each key and secret must belong to a unique application and cannot be shared or reused between different authentication backends. The OAuth2 key (Client ID) and secret (Client Secret) will be used to supply the required fields in the AWX User Interface.
1. Find the numeric team ID using the GitHub API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/. The Team ID will be used to supply a required field in the AWX User Interface.
2. Click **Settings** from the left navigation bar.
3. On the left side of the Settings window, click **GitHub settings** from the list of Authentication options.
4. Click the **GitHub Team** tab.
The **GitHub Team OAuth2 Callback URL** field is already pre-populated and non-editable. Once the application is registered, GitHub displays the Client ID and Client Secret.
5. Click **Edit** and copy and paste GitHub's Client ID into the **GitHub Team OAuth2 Key** field.
6. Copy and paste GitHub's Client Secret into the **GitHub Team OAuth2 Secret** field.
7. Copy and paste GitHub's team ID in the **GitHub Team ID** field.
8. For details on completing the mapping fields, see :ref:`ag_org_team_maps`.
9. Click **Save** when done.
10. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the GitHub Team logo to allow logging in with those credentials.
.. image:: ../common/images/configure-awx-auth-github-teams-logo.png
GitHub Enterprise settings
~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. index::
pair: authentication; GitHub Enterprise
To set up social authentication for a GitHub Enterprise, you will need to obtain a GitHub Enterprise URL, an API URL, OAuth2 key and secret for a web application. To obtain the URLs, refer to the GitHub documentation on `GitHub Enterprise administration <https://docs.github.com/en/enterprise-server@3.1/rest/reference/enterprise-admin>`_ . To obtain the key and secret, you must first register your enterprise-owned application at ``https://github.com/organizations/<yourorg>/settings/applications``. In order to register the application, you must supply it with your Authorization callback URL, which is the **Callback URL** shown in the Details page. Because its hosted on site and not github.com, you must specify which auth adapter it will talk to.
Each key and secret must belong to a unique application and cannot be shared or reused between different authentication backends. The OAuth2 key (Client ID) and secret (Client Secret) will be used to supply the required fields in the AWX User Interface.
1. Click **Settings** from the left navigation bar.
2. On the left side of the Settings window, click **GitHub settings** from the list of Authentication options.
3. Click the **GitHub Enterprise** tab.
The **GitHub Enterprise OAuth2 Callback URL** field is already pre-populated and non-editable. Once the application is registered, GitHub displays the Client ID and Client Secret.
4. Click **Edit** to configure GitHub Enterprise settings.
5. In the **GitHub Enterprise URL** field, enter the hostname of the GitHub Enterprise instance (e.g., https://github.example.com).
6. In the **GitHub Enterprise API URL** field, enter the API URL of the GitHub Enterprise instance (e.g., https://github.example.com/api/v3)
7. Copy and paste GitHub's Client ID into the **GitHub Enterprise OAuth2 Key** field.
8. Copy and paste GitHub's Client Secret into the **GitHub Enterprise OAuth2 Secret** field.
9. For details on completing the mapping fields, see :ref:`ag_org_team_maps`.
10. Click **Save** when done.
11. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the GitHub Enterprise logo to allow logging in with those credentials.
.. image:: ../common/images/configure-awx-auth-github-ent-logo.png
GitHub Enterprise Organization settings
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. index::
pair: authentication; GitHub Enterprise Org
To set up social authentication for a GitHub Enterprise Org, you will need to obtain a GitHub Enterprise Org URL, an Org API URL, an Org OAuth2 key and secret for a web application. To obtain the URLs, refer to the GitHub documentation on `GitHub Enterprise administration <https://docs.github.com/en/enterprise-server@3.1/rest/reference/enterprise-admin>`_ . To obtain the key and secret, you must first register your enterprise organization-owned application at ``https://github.com/organizations/<yourorg>/settings/applications``. In order to register the application, you must supply it with your Authorization callback URL, which is the **Callback URL** shown in the Details page. Because its hosted on site and not github.com, you must specify which auth adapter it will talk to.
Each key and secret must belong to a unique application and cannot be shared or reused between different authentication backends. The OAuth2 key (Client ID) and secret (Client Secret) will be used to supply the required fields in the AWX User Interface.
1. Click **Settings** from the left navigation bar.
2. On the left side of the Settings window, click **GitHub settings** from the list of Authentication options.
3. Click the **GitHub Enterprise Organization** tab.
The **GitHub Enterprise Organization OAuth2 Callback URL** field is already pre-populated and non-editable. Once the application is registered, GitHub displays the Client ID and Client Secret.
4. Click **Edit** to configure GitHub Enterprise Organization settings.
5. In the **GitHub Enterprise Organization URL** field, enter the hostname of the GitHub Enterprise Org instance (e.g., https://github.orgexample.com).
6. In the **GitHub Enterprise Organization API URL** field, enter the API URL of the GitHub Enterprise Org instance (e.g., https://github.orgexample.com/api/v3)
7. Copy and paste GitHub's Client ID into the **GitHub Enterprise Organization OAuth2 Key** field.
8. Copy and paste GitHub's Client Secret into the **GitHub Enterprise Organization OAuth2 Secret** field.
9. Enter the name of your GitHub Enterprise organization, as used in your organization's URL (e.g., https://github.com/<yourorg>/) in the **GitHub Enterprise Organization Name** field.
10. For details on completing the mapping fields, see :ref:`ag_org_team_maps`.
11. Click **Save** when done.
12. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the GitHub Enterprise Organization logo to allow logging in with those credentials.
.. image:: ../common/images/configure-awx-auth-github-ent-org-logo.png
GitHub Enterprise Team settings
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. index::
pair: authentication; GitHub Enterprise Team
To set up social authentication for a GitHub Enterprise teams, you will need to obtain a GitHub Enterprise Org URL, an Org API URL, an Org OAuth2 key and secret for a web application. To obtain the URLs, refer to the GitHub documentation on `GitHub Enterprise administration <https://docs.github.com/en/enterprise-server@3.1/rest/reference/enterprise-admin>`_ . To obtain the key and secret, you must first register your enterprise team-owned application at ``https://github.com/organizations/<yourorg>/settings/applications``. In order to register the application, you must supply it with your Authorization callback URL, which is the **Callback URL** shown in the Details page. Because its hosted on site and not github.com, you must specify which auth adapter it will talk to.
Each key and secret must belong to a unique application and cannot be shared or reused between different authentication backends. The OAuth2 key (Client ID) and secret (Client Secret) will be used to supply the required fields in the AWX User Interface.
1. Find the numeric team ID using the GitHub API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/. The Team ID will be used to supply a required field in the AWX User Interface.
2. Click **Settings** from the left navigation bar.
3. On the left side of the Settings window, click **GitHub settings** from the list of Authentication options.
4. Click the **GitHub Enterprise Team** tab.
The **GitHub Enterprise Team OAuth2 Callback URL** field is already pre-populated and non-editable. Once the application is registered, GitHub displays the Client ID and Client Secret.
5. Click **Edit** to configure GitHub Enterprise Team settings.
6. In the **GitHub Enterprise Team URL** field, enter the hostname of the GitHub Enterprise team instance (e.g., https://github.teamexample.com).
7. In the **GitHub Enterprise Team API URL** field, enter the API URL of the GitHub Enterprise team instance (e.g., https://github.teamexample.com/api/v3)
8. Copy and paste GitHub's Client ID into the **GitHub Enterprise Team OAuth2 Key** field.
9. Copy and paste GitHub's Client Secret into the **GitHub Enterprise Team OAuth2 Secret** field.
10. Copy and paste GitHub's team ID in the **GitHub Enterprise Team ID** field.
11. For details on completing the mapping fields, see :ref:`ag_org_team_maps`.
12. Click **Save** when done.
13. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the GitHub Enterprise Teams logo to allow logging in with those credentials.
.. image:: ../common/images/configure-awx-auth-github-ent-teams-logo.png
.. _ag_auth_google_oauth2:
Google OAuth2 settings
-----------------------
.. index::
pair: authentication; Google OAuth2
To set up social authentication for Google, you will need to obtain an OAuth2 key and secret for a web application. To do this, you must first create a project and set it up with Google. Refer to https://support.google.com/googleapi/answer/6158849 for instructions. If you already completed the setup process, you can access those credentials by going to the Credentials section of the `Google API Manager Console <https://console.developers.google.com/>`_. The OAuth2 key (Client ID) and secret (Client secret) will be used to supply the required fields in the AWX User Interface.
1. Click **Settings** from the left navigation bar.
2. On the left side of the Settings window, click **Google OAuth 2 settings** from the list of Authentication options.
The **Google OAuth2 Callback URL** field is already pre-populated and non-editable.
3. The following fields are also pre-populated. If not, use the credentials Google supplied during the web application setup process, and look for the values with the same format as the ones shown in the example below:
- Click **Edit** and copy and paste Google's Client ID into the **Google OAuth2 Key** field.
- Copy and paste Google's Client secret into the **Google OAuth2 Secret** field.
.. image:: ../common/images/configure-awx-auth-google.png
4. To complete the remaining optional fields, refer to the tooltips in each of the fields for instructions and required format.
5. For details on completing the mapping fields, see :ref:`ag_org_team_maps`.
6. Click **Save** when done.
7. To verify that the authentication was configured correctly, logout of AWX and the login screen will now display the Google logo to indicate it as a alternate method of logging into AWX.
.. image:: ../common/images/configure-awx-auth-google-logo.png
.. _ag_org_team_maps:
Organization and Team Mapping
@@ -329,12 +67,6 @@ Organization mappings may be specified separately for each account authenticatio
::
SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP = {}
SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP = {}
SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP = {}
SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP = {}
Team mapping
~~~~~~~~~~~~~~
@@ -374,7 +106,6 @@ Team mappings may be specified separately for each account authentication backen
::
SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP = {}
SOCIAL_AUTH_GITHUB_TEAM_MAP = {}
SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP = {}
SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP = {}