Recommended authentication method?


#1

The basic authentication is neat, but you have to restart the shinyproxy service (thus kicking users off) if you’re going to add/remove users. I guess this is why a separate authentication server is useful. What do other ShinyProxy users recommend? Is there an easy to use LDAP for Ubuntu that someone can recommend? There appears to be a myriad of options.
Thanks in advance.


#2

Hi,
At my last company, we utilized KeyCloak for authentication to support federation with customers and to manage our own access to applications. I thought that it was a good solution in the cloud. I just setup the KeyCloak authentication on my local Docker-Compose environment with a postgresql database. The nice thing about this is the complete environment including shinyproxy runs on docker so it is easy to reproduce. I’d recommend using Keycloak -though you will have to learn how to add a realm, clients, roles, and users through the Keycloak administration portal that is accessible. The reason I recommend this is that it allows you to migrate to a better capability including multifactor authentication if you need it in the future. You can also easily federate with services like Microsoft Azure AD which gives you existing user id’s and roles that are managed in enterprise. This is my recommendation and I’m sure others would have other recommendations. Note that I think I’m going to publish some of these docker-compose configurations so that others can see how to set the environment up easily.
Good question,
Brett Taylor