Hi everyone,
I'm desperately trying to implement a login with uibuilder and Microsoft Azure, so far without success.
Has anyone managed to get this working? The login/logout doesn't work on the uibuilder pages.
Here's my flow that works:
1 Like
Hi, how are you trying this? Generally, the sensible approach is to handle the IdM tasks in a proxy. The IdM will add appropriate headers to web requests that uibuilder can then use if needed but the main principal is that the proxy will not allow access at all unless the request comes from a suitable authenticated user.
1 Like
That seems like a good general suggestion, although it would also be nice if there was a way to integrate SSO with OAuth2/OIDC at the app level in a way that's reusable across multiple pages, without having to go the reverse proxy/session injection route.
Can I ask why you would not use radius ?
I could be wrong.. I dont know the whole scope of your project BUT it seems that your banging your head against a wall when there are other options?
The issue here is that it would be a far more complex and fragile approach, especially across multiple end points with potentially different security settings. It is actually easier to maintain a secure stance using more dedicated tools that have been battle tested.
Using a proxy offloads several workloads to a more appropriate infrastructure and also introduces some potentially significant performance boosts along with the better security and reliability.
This would be the case on any infrastructure, but if you are using Microsoft based Azure infrastructure, this is even more the case since you could, if desired, use a Microsoft Active Directory as the IdM core along with IIS and a simple extension as the proxy to link everything together. This is, indeed, Microsoft's recommended architecture.
There is really no need to add this complexity to either UIBUILDER or Node-RED. There are really only downsides.
Having said that, it is possible to add OAuth to Node-RED since you can leverage its use of ExpressJS. However, personally I don't recommend that and I have no experience of doing it.
