In the ShinyProxy Configurations how can I limit particular apps for a specific user


#1

In the ShinyProxy Configurations how can I limit particular apps for a specific user.

For example I have three apps.
-App1
-App2
-App3.

I only want user: Jack to access App3 and user: Tesla to access: App2 and App3

Thanks.


#2

Hi @Babacar_Diouf,

Authorization is dealt with by using the groups field in the app configuration.

See http://www.shinyproxy.io/configuration/#apps under groups.

The group membership can currently defined in your LDAP directory or specified in the users in case the simple authentication is used.

Best,
Tobias


#3

Hello @tverbeke, So If I wanted to do this via LDAP. Lets say I already have the LDAP access. The filtering of who is an administrator and who has access to particular applications is all handled by the application-demo.yml correct?

I am trying to figure out how the LDAP can connect to the ‘groups’ section of the configuration. I am confused about this process.

Is there a way I can also group people based on LDAP, so that in scalability side of things I can easily add or remove specific user access to particular applications.

Thanks,
Babacar Diouf


#4

Hi @Babacar_Diouf:

It is assumed that the group names you enter in the groups field of a particular app correspond to real groups in your LDAP directory.

The group-search-base and group-search-filter properties in the ldap configuration allow then to check for individual users whether they belong to the right group to get access to a particular application (as per the groups configuration of the app).

Best,
Tobias


#5

@tverbeke is my understanding then correct that the users: part of the config is not used when authenticating via ldap?
It would actually be nice if we can also just enter a list of user names that should get access to an app, since getting new groups approved can take a while, and sometimes we just want to get a prototype out.


#6

Hi @Wligtenberg,

The users section is relevant for the so-called ‘simple’ authention, cf.

https://www.shinyproxy.io/configuration/#simple-authentication

This authentication is activated using

proxy:
  authentication: simple

and is indeed mutually exclusive with the use of

proxy:
  authentication: ldap

Simple authentication allows to define users and passwords inside the application.yml file, primarily for demo or non-production purposes.

That being said the idea to allow for something like access-users instead of access-groups is definitely something we can consider.

Many thanks for the suggestion!

Best,
Tobias


#7

For future reference I created a issue on github to track this: