From: Ville Ojamo <14869000+bluikko@users.noreply.github.com> Date: Mon, 5 Jan 2026 13:46:26 +0000 (+0700) Subject: doc: Revert "doc: mgr/dashboard: add OAuth2 SSO documentation" X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F66797%2Fhead;p=ceph.git doc: Revert "doc: mgr/dashboard: add OAuth2 SSO documentation" This reverts commit 2af5800f5a20ecc1fd592e024a8d03806ab67f89. The dashboard OAuth2.0 feature was released in Tentacle. Signed-off-by: Ville Ojamo <14869000+bluikko@users.noreply.github.com> --- diff --git a/doc/mgr/dashboard.rst b/doc/mgr/dashboard.rst index f86a7019d1d4..4e0999b97b46 100644 --- a/doc/mgr/dashboard.rst +++ b/doc/mgr/dashboard.rst @@ -43,8 +43,8 @@ The dashboard provides the following features: after the first login or after a configurable time period. See :ref:`dashboard-user-role-management` for details. * **Single Sign-On (SSO)**: The dashboard supports authentication - via an external identity provider using the SAML 2.0 protocol or thse OAuth2 protocol. See - :ref:dashboard-saml2-sso-support and :ref:dashboard-oauth2-sso-support for details. + via an external identity provider using the SAML 2.0 protocol. See + :ref:`dashboard-sso-support` for details. * **SSL/TLS support**: All HTTP communication between the web browser and the dashboard is secured via SSL. A self-signed certificate can be created with a built-in command, but it's also possible to import custom certificates @@ -711,10 +711,10 @@ If no value is set for that option, it will simply fall back to the value of the GRAFANA_API_URL option. If set, it will instruct the browser to use this URL to access Grafana. -.. _dashboard-saml2-sso-support: +.. _dashboard-sso-support: -Enabling SAML2 Single Sign-On (SSO) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Enabling Single Sign-On (SSO) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The Ceph Dashboard supports external authentication of users via the `SAML 2.0 `_ protocol. You need to @@ -775,50 +775,6 @@ To enable SSO: ceph dashboard sso enable saml2 -.. _dashboard-oauth2-sso-support: - -Enabling OAuth2 Single Sign-On (SSO) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The Ceph Dashboard supports external authentication of users via the -`OAuth `_ protocol. You need to -have :ref:`cephadm` enabled as your orchestrator with an active -:ref:`deploy-cephadm-mgmt-gateway` and :ref:`deploy-cephadm-oauth2-proxy` services. - -From the IDP of choice, Keycloak is the current recomendation and tested solution, -configure the IDP's client used in the `oauth2-proxy` service configuration to validate the following redirect URLs -for login_url: `https://|/oauth2/callback` and -the following logout_url: `https://|/ /oauth2/sign_out` - -Again, from the IDP, we will need a user with a valid role, this user will be the one to perform -authorization against, we can create a role like: 'administator' to give admin level access to the user. - -Make certain that the ``enable_auth`` flag has been included in the ``ceph orch -apply mgmt-gateway`` command and that it has been set to ``true`` by running a -command of the following form: - -.. prompt:: bash $ - - ceph orch apply mgmt-gateway --enable_auth=true --placement= - -To disable SSO: - -.. prompt:: bash $ - - ceph dashboard sso disable - -To check if SSO is enabled: - -.. prompt:: bash $ - - ceph dashboard sso status - -To enable SSO: - -.. prompt:: bash $ - - ceph dashboard sso enable oauth2 - .. _dashboard-alerting: Enabling Prometheus Alerting