LDAP
Spinnaker supports using LDAP for authentication.
There are a lot of moving parts involved with getting authentication to work. This page describes the basics and tools that make setup easier to configure and test.
There are three basic systems involved with Spinnaker’s authentication workflow: your identity provider, Gate, and Deck. The changes will primarily be made to either your identity provider or Gate. Deck itself will not require changes or updates, but it’s useful to understand how all three parts interact.
Deck: Spinnaker’s UI. Consists of a set of static HTML, JavaScript, and CSS files. Generally served from an Apache server, but there is nothing special about Apache that makes Deck work. Replace with your favorite HTTP(S) server if you’d like. The Javascript being an SPA Single Page Application is going to do the communication with your identity provider. Which IDP is determined by Gate.
Gate: Spinnaker’s API Gateway. All traffic (including traffic generated from Deck) flows through Gate. It is the point at which authentication is confirmed and one point (of several) where authorization is enforced.
Identity Provider: Your organization’s OAuth 2.0, SAML 2.0, or LDAP service. X.509 client certificates can be used in addition to any of these services, or used standalone.
{:width="50px”}
Getting the authentication working rarely happens on the first try. Each login attempt during configuration (or development) causes a new session to be established in Gate’s session repository. Re-using these sessions is undesirable when testing configuration changes.
We highly recommend using Google Chrome’s Incognito mode when working with configuration changes.
A common issue with Incognito windows is that they all share the same cookie jar. This means that when you want to test a new configuration change, you need to close all Incognito windows. Otherwise, the session cookie will not be deleted.
Set up Authorization .
Learn how to configure Spinnaker to communicate over SSL .
Spinnaker supports using LDAP for authentication.
Use OAuth 2.0 to authenticate users and grant them access to Spinnaker.
Spinnaker supports using a SAML identity provider for single sign-on authentication.
Spinnaker supports using x.509 certificates for authentication.