Thanks for developing shiny proxy it is really great tool.
Successfully did shiny proxy ldap setup to authenticate the application.
But would like to know is there a way to authenticate multiple groups.
My company ldap has all the users from different organisation level, I want to restrict application access based on certain application and then geographical group.
My current configuration
ldap:
url: ldap:///dc=com
manager-dn: CN=admin_user
manager-password: test
user-search-filter: (sAMAccountName={0})
group-search-filter: (member={0})
group-search-base: CN=Users
I was working out way to authenticate application access and then geographical access
[app1_access, app_access_US]
[app1_access, app_access_NonUS]
[app2_access, app_access_US]
In this way application2 access is available only to US group
I tried the following in application.yml
name: app1
.
.
groups: [app_access_US, app1_access]
Logged in with user who has the following group “app_access_US” and "app2_access"
Shinyproxy showed the app1 link.
shinyproxy verifies the group in OR fashion not AND.
I am looking for a solution to authenticate and provide access based to user who are in both groups, in the above example user with group “app_access_us” and “app1_access”
@fmichielssen - Thanks for the reply. I will help as much as I can to implement this.
I have another scenario Ex
authentication: ldap
app:
name: test_app1
.
.
name: test_app2
.
groups: [app2_access]
test_app1 do not have any restrictions it is open to all users
test_app2 have restriction and can access only if authenticated by LDAP
If i send test_app1 link to users they see the login screen, is there a way to bypass authentication to launch application which does not have any groups specified?