Single Sign-on bypassing ShinyProxy login screen


#1

We are using ShinyProxy to host some of our Shiny Apps and they’re doing great. Thanks to its success, we are asked the possibility of integrating our work into a portal and to access ShinyProxy via Single sign-on. We have been experimenting successfully with the different authentication mechanisms supported by ShinyProxy (simple, ldap, social) but it seems as if the only flow possible is to provide the login credentials via the ShinyProxy login page which then is able to delegate authentication via the configuration settings in application.yml. Is the other-way-around scenario possible where the user logs in to a portal general login page and where these credentials can be propagated to the ShinyProxy app bypassing the login page if the user is already authenticated upfront?

Many thanks for your feedback!
Stephane


#2

Hi @Stephane,

You probably want to use the keycloak integration - https://www.shinyproxy.io/configuration/#single-sign-on-keycloak. We have done multiple integrations similar to what you describe.

Best,
Tobias


#3

Hi Tobias,

Thanks for your quick reply! And yes I have read about Keycloak integration on the ShinyProxy configuration page, but just in the event that this integration option with Keycloak wouldn’t be accepted in a given infrastructure, do you have done integrations with other IAM’s too (which ones)?

Best regards,
Stephane


#4

Hi @Stephane,

Indeed, Keycloak is currently the only provider that ShinyProxy supports for a single sign-on experience (besides the social logins).

It might be a good idea to think about a more generic support for OpenID and/or OAuth providers, but we went for Keycloak initially, because it’s a nice off-the-shelf solution for both authentication and authorization.


#5

Hi Frederick

Thanks for your feedback, I really appreciate.

Best regards,
Stephane