Open OnDemand supports most authentication modules that work with Apache HTTP Server version 2.4. The following Overview section provides an introduction to setting up these generic authentication modules with an Open OnDemand installation. Tutorials will also be provided with the focus on setting up some of the more common authentication modules (e.g., OpenID Connect with KeyCloak).
After installing Open OnDemand you must add authentication of some kind to generate the correct Apache configuration. When no authentication is supplied Apache will only serve a static page that directs you here.
No Open OnDemand functionality is available without authentication.
If you managed to install an Apache authentication module at your center that currently does not have a tutorial listed below we would greatly appreciate it if you could take the time to contribute a detailed walkthrough.
Dex is a very good starting option if you can connect to LDAP or Active Directory and not an institutional Single Sign-On service.
- OpenID Connect
- OpenID Connect with Dex
- OpenID Connect with KeyCloak on RHEL7
- Two Factor Auth using Duo with Keycloak
- SAML Authentication with Active Directory Federated Services (ADFS) and mod_auth_mellon
- NSF ACCESS
- Other Insecure Options