diff options
author | Joel Johnson <mrjoel@lixil.net> | 2015-06-29 15:08:25 -0600 |
---|---|---|
committer | Joel Johnson <mrjoel@lixil.net> | 2015-12-09 07:38:41 -0700 |
commit | 0b298b78a7c1fcda7f799af0c045a6c2e829a6bf (patch) | |
tree | de7f7c02a7b5451b63270ea9c40d9680867d9857 /src/site | |
parent | 46f61d3990813d488454ce48596620e9c1cded1a (diff) | |
download | gitblit-0b298b78a7c1fcda7f799af0c045a6c2e829a6bf.tar.gz gitblit-0b298b78a7c1fcda7f799af0c045a6c2e829a6bf.zip |
add site documentation for HTTP header authentication
Diffstat (limited to 'src/site')
-rw-r--r-- | src/site/setup_authentication.mkd | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/site/setup_authentication.mkd b/src/site/setup_authentication.mkd index a3bf4451..71136675 100644 --- a/src/site/setup_authentication.mkd +++ b/src/site/setup_authentication.mkd @@ -8,6 +8,7 @@ Gitblit supports additional authentication mechanisms aside from it's internal o * Windows authentication
* PAM authentication
* Htpasswd authentication
+* HTTP header authentication
* Redmine auhentication
* Salesforce.com authentication
* Servlet container authentication
@@ -101,6 +102,17 @@ Htpasswd authentication allows you to maintain your user credentials in an Apach realm.authenticationProviders = htpasswd
realm.htpasswd.userFile = /path/to/htpasswd
+### HTTP Header Authentication
+
+HTTP header authentication allows you to use existing authentication performed by a trusted frontend, such as a reverse proxy. Ensure that when used, gitblit is ONLY availabe via the trusted frontend, otherwise it is vulnerable to a user adding the header explicitly.
+
+By default, no user or team header is defined, which results in all authentication failing this mechanism. The user header can also be defined while leaving the team header undefined, which causes users to be authenticated from the headers, but team memberships to be maintained locally.
+
+ realm.httpheader.userheader = REMOTE_USER
+ realm.httpheader.teamheader = X-GitblitExample-GroupNames
+ realm.httpheader.teamseparator = ,
+ realm.httpheader.autoCreateAccounts = false
+
### Redmine Authentication
You may authenticate your users against a Redmine installation as long as your Redmine install has properly enabled [API authentication](http://www.redmine.org/projects/redmine/wiki/Rest_Api#Authentication). This user service only supports user authentication; it does not support team creation based on Redmine groups. Redmine administrators will also be Gitblit administrators.
|