1) Added support for authentication via the web server (REMOTE_USER). Fixes #6657

2) Fixed OAuth2 integration redirect issue. Fixes #6719

Initial patch for 6657 sent by: Tom Schreiber

docs/en_US/getting_started.rst

@@ -39,6 +39,7 @@ Mode is pre-configured for security.
    ldap
    kerberos
    oauth2
+   webserver
 
 
 .. note:: Pre-compiled and configured installation packages are available for

docs/en_US/release_notes_6_1.rst

@@ -11,6 +11,7 @@ New features
 
 | `Issue #6081 <https://redmine.postgresql.org/issues/6081>`_ -  Added support for advanced table fields like the foreign key, primary key in the ERD tool.
 | `Issue #6529 <https://redmine.postgresql.org/issues/6529>`_ -  Added index creation when generating SQL in the ERD tool.
+| `Issue #6657 <https://redmine.postgresql.org/issues/6657>`_ -  Added support for authentication via the webserver (REMOTE_USER).
 
 Housekeeping
 ************
@@ -20,6 +21,7 @@ Bug fixes
 *********
 
 | `Issue #6754 <https://redmine.postgresql.org/issues/6754>`_ -  Ensure that query highlighting color in the query tool should be less intensive.
+| `Issue #6719 <https://redmine.postgresql.org/issues/6719>`_ -  Fixed OAuth2 integration redirect issue.
 | `Issue #6797 <https://redmine.postgresql.org/issues/6797>`_ -  Remove an extra blank line at the start of the SQL for function, procedure, and trigger function.
 | `Issue #6828 <https://redmine.postgresql.org/issues/6828>`_ -  Fixed an issue where the tree is not scrolling to the object selected from the search result.
 | `Issue #6882 <https://redmine.postgresql.org/issues/6882>`_ -  Ensure that columns should be displayed in the order of creation instead of alphabetical order in the browser tree.

docs/en_US/webserver.rst

@@ -0,0 +1,44 @@
+.. _webserver:
+
+********************************************
+`Enabling Webserver Authentication`:index:
+********************************************
+
+To configure Webserver authentication, you must setup your webserver
+with any authentication plug-in (such as Shibboleth, HTTP BASIC auth)
+as long as it sets the REMOTE_USER environment variable.
+To enable Webserver authentication for pgAdmin, you must configure the Webserver
+settings in the *config_local.py* or *config_system.py* file (see the
+:ref:`config.py <config_py>` documentation) on the system where pgAdmin is
+installed in Server mode. You can copy these settings from *config.py* file
+and modify the values for the following parameters:
+
+
+.. csv-table::
+   :header: "**Parameter**", "**Description**"
+   :class: longtable
+   :widths: 35, 55
+
+   "AUTHENTICATION_SOURCES", "The default value for this parameter is *internal*.
+   To enable OAUTH2 authentication, you must include *webserver* in the list of values
+   for this parameter. you can modify the value as follows:
+
+   * [‘webserver’]: pgAdmin will use only Webserver authentication.
+
+   * [‘webserver’, ‘internal’]: pgAdmin will first try to authenticate the user
+     through webserver. If that authentication fails, then it will return back
+     to the login dialog where you need to provide internal pgAdmin user
+     credentials for authentication."
+    "WEBSERVER_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically
+    create a pgAdmin user corresponding to a successfully authenticated Webserver user.
+    Please note that password is not stored in the pgAdmin database."
+
+
+Master Password
+===============
+
+In the multi user mode, pgAdmin uses user's login password to encrypt/decrypt the PostgreSQL server password.
+In the Webserver authentication, the pgAdmin does not store the user's password, so we need an encryption key to store
+the PostgreSQL server password.
+To accomplish this, set the configuration parameter MASTER_PASSWORD to *True*, so upon setting the master password,
+it will be used as an encryption key while storing the password. If it is False, the server password can not be stored.