IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2024-11-24 09:40:21 -06:00
Code Issues Packages Projects Releases Wiki Activity
0ca7dbccf6
pgadmin4/docs/en_US/webserver.rst
Khushboo Vashi d4697e8f1c Ensure that users should be able to modify the REMOTE_USER environment 
variable as per their environment by introducing the new config parameter
WEBSERVER_REMOTE_USER.

Fixes #6953
2021-11-10 15:38:41 +05:30

48 lines
2.4 KiB
ReStructuredText
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

.. _webserver:
********************************************
`Enabling Webserver Authentication`:index:
********************************************
To configure Webserver authentication, you must setup your webserver
with any authentication plug-in (such as Shibboleth, HTTP BASIC auth)
as long as it sets the REMOTE_USER environment variable.
To enable Webserver authentication for pgAdmin, you must configure the Webserver
settings in the *config_local.py* or *config_system.py* file (see the
:ref:`config.py <config_py>` documentation) on the system where pgAdmin is
installed in Server mode. You can copy these settings from *config.py* file
and modify the values for the following parameters:
.. csv-table::
:header: "**Parameter**", "**Description**"
:class: longtable
:widths: 35, 55
"AUTHENTICATION_SOURCES", "The default value for this parameter is *internal*.
To enable OAUTH2 authentication, you must include *webserver* in the list of values
for this parameter. you can modify the value as follows:
* [webserver]: pgAdmin will use only Webserver authentication.
* [webserver, internal]: pgAdmin will first try to authenticate the user
through webserver. If that authentication fails, then it will return back
to the login dialog where you need to provide internal pgAdmin user
credentials for authentication."
"WEBSERVER_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically
create a pgAdmin user corresponding to a successfully authenticated Webserver user.
Please note that password is not stored in the pgAdmin database."
"WEBSERVER_REMOTE_USER", "The default value is REMOTE_USER, set this variable to any header
or environemnt variable to get the webserver remote user details. Possible values: REMOTE_USER,
HTTP_X_FORWARDED_USER, X-Forwarded-User."
Master Password
===============
In the multi user mode, pgAdmin uses user's login password to encrypt/decrypt the PostgreSQL server password.
In the Webserver authentication, the pgAdmin does not store the user's password, so we need an encryption key to store
the PostgreSQL server password.
To accomplish this, set the configuration parameter MASTER_PASSWORD to *True*, so upon setting the master password,
it will be used as an encryption key while storing the password. If it is False, the server password can not be stored.
Reference in New Issue View Git Blame Copy Permalink