You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DH-18583: Saml Login
### Test Plan
You can use https://jxn-saml-sanluis.int.illumon.com:8123/ for testing
Google SAML login (Note that Python isn't currently configured on the
server, so you'll have to use Groovy)
e.g.
```json
{
"url": "https://jxn-feature-test-saml.int.illumon.com:8123/",
"experimentalWorkerConfig": {
"heapSize": 0.5,
"scriptLanguage": "Groovy"
}
},
```
Clicking on the DH server node for in VS Code for this server should now
prompt with the option to login with `Google` or `Basic Login`.
Google login should work in the following scenarios.
- Logged out of Google - should prompt to login. Once logged in should
redirect to VS Code and start a worker in the Connections tree
- Logged in with 1 user - should automatically redirect without
requiring login and create worker
- Logged in with multiple users - should redirect to user picker in
Google. Pick DH / illumon user, should redirect back to VS code and
create worker.
Basic Login should work as it always has. You can use iris user on this
server.
---------
Co-authored-by: Mike Bender <mikebender@deephaven.io>
The Deephaven VS Code extension supports multiple authentication methods for Enterprise servers.
3
+
* Basic Login
4
+
* Private / public key pair
5
+
* SAML based single sign-on
6
+
7
+
## Basic Login
8
+
By default, the extension will accept a basic username / password login to authenticate with a Deephaven Enterprise server. To initiate a login, click on a running server node in the servers list or run a script to initiate a connection.
The Deephaven VS Code extension supports generating a private / public key pair that can be used to authenticate with a Deephaven Enterprise server. A generated private key will be stored locally by the extension, and the corresponding public key will be stored on the Deephaven server associated with a username.
14
+
15
+
### Generating Key Pair
16
+
To generate a key pair:
17
+
* Right click on a running server node in the server list and click "Generate DHE Key Pair".
18
+
* You will be prompted to login with the username / password you would like to associate the key pair with.
19
+
* On successful login, the generated public key will be uploaded to the server and associated with the username.
After creating the key pair, clicking on the server node should prompt for a username. If you enter a username associated with a stored key pair, you will be able to login without a password.
To delete all Deephaven private keys managed by the extension from your local machine, you can type "Deephaven: Clear Secrets" in the VS Code command palette. Note that this action is irreversible, but it is easy to regenerate a key pair for any server you still want to keep access to.
29
+
30
+
### Single Sign-On
31
+
Deephaven Enterprise servers can be configured for single sign-on (SSO) using a Security Assertion Markup Language (SAML) identity provider. In order to support the necessary login redirects, the `authentication.samlauth.jetty.redirect.list` server prop will need to include `vscode://deephaven.vscode-deephaven/*`. The VS Code extension will automatically detect what kind of authentication is supported by a Deephaven server. If multiple options are available, the extension will prompt you to chose which one to use.
32
+
33
+
34
+
35
+
If a SAML login flow is initiated, you will be prompted a few times to step through the auth flow and to login to the configured identity provider in the browser. Once complete, the browser should redirect to VS Code with an active connection to the server.
0 commit comments