Comments (2)
jrozner
commented on June 16, 2024
Is disabling registration all together preferable to user approval? As written today I don't think it's trivial for us to separate registration from login being enabled for a specific auth provider. If we did it's something that would probably need to be toggled in the config which would then require a restart to enable adding new users again; probably not ideal either. Overall this feature makes sense, we just need to figure out implementation details and timeline. This may end up being a bigger change than it seems just because of how the auth mechanism currently exists and the fact that it wouldn't necessarily make sense for all auth providers (in okta you specifically grant access outside of the app already).
In the mean time, if you need a quicker solution, there are a few stopgaps you could use:
- Setup basic auth on the reverse proxy to avoid people from accessing ashirt who don't know the password
- Put network ACLs in place to disallow ashirt access from the internet and require a VPN or proxy that is on the edge to route to it
- Switch to an OIDC2 provider for auth. Currently it is built around Okta support but I would assume any identity provider that supports OIDC2 would work. We haven't tested this but would be open to implementing changes to ensure this is the case
from ashirt-server.
jrozner
commented on June 16, 2024
@SecPrez not sure if you're still looking for a solution but we're prioritizing this and worked out the details today. Don't have a specific timeline for when we'll have it merged but it's getting worked on and expected to land reasonably soon
from ashirt-server.
Related Issues (20)
- Build support discoverable credentials HOT 1
- Permalink redirects to query with invalid uuid HOT 4
- Project-specific variables HOT 4
- Additional editable timestamp property on Evidence HOT 3
- Metadata search breaks when using multiple terms
- Improve Timeline Image Loading HOT 1
- Prefix access keys and secret keys with a known value
- Container name cleanup
- Improvements to logging
- AISHIRT
- Rebuild main and release branches HOT 1
- Allow optional descriptions for the default operation tags #6
- Add dependencies and health checks to docker compose files
- Code viewer (ace-editor) height is stuck at 6 lines
- Decide on the future of the HTTP stack and plan out changes HOT 1
- .env.web file? HOT 2
- Re-evaluate OIDC2 behavior
- S3 URLs not used in /findings HOT 1
- Setup weekly rebuilds of main HOT 1
- Add validation to the create evidence form
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ashirt-server.