Strategy to protect the Nomad UI?

sadler · July 12, 2023, 11:40am

The token based access method for the Nomad Web UI is a bit surprising. It encourages copy pasting and sharing of tokens. I would really prefer to hook it up to something like Okta or another directory service so that people can sign in with a username (or email) and password.

Has anyone done this? Where do I start? Looking through the documentation I don’t see much guidance.

phil.renaud · July 12, 2023, 1:26pm

Hey @sadler , great news: Nomad 1.5 added support for SSO and OIDC methods generally.

Check out the Nomad + Vault OIDC tutorial and OIDC/auth-method Nomad documentation for more info.

shantanugadgil · July 12, 2023, 4:21pm

a hack could be … to put some sort of proxy (like HAProxy) which supports HTTP auth from a fixed list of username/password combinations.

NOTE: stress on the above idea being a hack!!