[OBS-5039] Allow remote auth user management - Observium

Details

Type: New Feature
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Authentication
Labels:
None

Description

See https://jira.observium.org/browse/OBS-4335

We are migrating to remote auth (OIDC) due to several security reasons (and to enable SSO).

Authentication works all fine, but for the authorisation part we would like to have fine grained access, we want to assign user levels, roles, device or port permissions, ... for users provisioned after logged on, identically to how MySQL/RADIUS users are authenticated.

Not sure what is needed but first step would be to allow for a user insertion after authentication (cfr RADIUS), and then allow the permissions to be fetched from it (see function radius_auth_user_level)

We would use the SSO for customers as well so a user level of 1 is needed with a role assigned to each set of customers/departments.

Attachments

Activity

[OBS-5039] Allow remote auth user management

Mike Stupalov made changes - 2025/06/12 09:14 AM

Status

Original: Pending Response [ 10000 ]

New: In Review [ 10101 ]

Mike Stupalov made changes - 2025/06/11 10:21 AM

Status

Original: Open [ 1 ]

New: Pending Response [ 10000 ]

Stef Renders created issue - 2025/06/08 10:38 PM

People

Assignee:: Mike Stupalov

Reporter:: Stef Renders

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2025/06/08 10:38 PM

Updated:: 2025/06/12 09:14 AM