Skip to content

accept authenticated remote_user from reverse proxy header #2857

Description

@clarkevans

For deployments in a cloud environment, user authentication is often upstream of OHDSI tools, including Atlas. By convention an HTTP header can be provided by a reverse proxy, containing the email address of the authenticated user. I suggest that 'X-Remote-User' could be the header name used for this purpose, but I'm not being prescriptive; perhaps it should be a configuration option, that, when left unset doesn't enable this feature.

If this is an easy feature to implement, it is high value, especially for institutions that already have validated security procedures that use reverse proxy authentication.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions