You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a user runs kargo server, they should be able to use the UI served from there without further authn. (The API server will already be running using the user's own kubeconfig.)
Currently, if a server is configured with neither the admin account enabled nor OIDC enabled, the login page says logins are disabled and you should contact the system administrator.
The UI determines whether admin account, ODIC, both, or neither are supported by making a call to the public config endpoint. This is an endpoint that requires no authn and basically advertises the API server's capabilities.
I'd love if the results from that endpoint returned a new option that says no authn is desired. We'd only set this when a launching a server locally from the CLI.
If the UI could respect that new option, causing the login screen to be completely bypassed, that would be awesome.
This is related to #1728
When a user runs
kargo server
, they should be able to use the UI served from there without further authn. (The API server will already be running using the user's own kubeconfig.)Currently, if a server is configured with neither the admin account enabled nor OIDC enabled, the login page says logins are disabled and you should contact the system administrator.
The UI determines whether admin account, ODIC, both, or neither are supported by making a call to the public config endpoint. This is an endpoint that requires no authn and basically advertises the API server's capabilities.
I'd love if the results from that endpoint returned a new option that says no authn is desired. We'd only set this when a launching a server locally from the CLI.
If the UI could respect that new option, causing the login screen to be completely bypassed, that would be awesome.
@rpelczar @rbreeze lmk what you guys think about this.
Edit: When running in this manner, the UI's API client would also not need to pass credentials of any kind to the local API server.
The text was updated successfully, but these errors were encountered: