3.3. OAuth Authentication Overview
As an alternative to basic authentication, you can use limited OAuth 1.0 authentication. This is sometimes referred to as 1-legged OAuth in version 1.0a of the protocol.
To view OAuth settings, in the Satellite web UI, navigate to Administer > Settings > Authentication. The OAuth consumer key is the token to be used by all OAuth clients.
Satellite stores OAuth settings in the /etc/foreman/settings.yaml
file. Use the satellite-installer
script to configure these settings, because Satellite overwrites any manual changes to this file when upgrading.
3.3.1. Configuring OAuth リンクのコピーリンクがクリップボードにコピーされました!
To change the OAuth settings, enter the satellite-installer
with the required options. Enter the following command to list all the OAuth related installer options:
satellite-installer --full-help | grep oauth
# satellite-installer --full-help | grep oauth
Enabling OAuth mapping
By default, Satellite authorizes all OAuth API requests as the built-in anonymous API administrator account. Therefore, API responses include all Satellite data. However, you can also specify the Foreman user that makes the request and restrict access to data to that user.
To enable OAuth user mapping, enter the following command:
satellite-installer --foreman-oauth-map-users true
# satellite-installer --foreman-oauth-map-users true
Satellite does not sign the header in an OAuth request. Anyone with a valid consumer key can impersonate any Foreman user.