Authentication

In Athena users are automatically authenticated via user common name in client side certificate.

For example:

Cert CN

Username will be extracted from CN and will be rihards.freimanis

Authorization

On top of authentication user must be authorized to access a particular service. Authorization to access a particular service is added to user by adding a user to the particular group in LDAP, where the LDAP group name matches service name in URL.

For example:

Cert authorization

Will be able to access such services as:

  • https://jenkins-athena-dev.athenapaas.com
  • https://services-athena-dev.athenapaas.com
  • https://redmine-athena-dev.athenapaas.com
  • etc…

Users can be authorized via IPA Web UI or using athena-users command.