3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-03 03:12:50 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: add allow_any_authenticated_user policy (#1515)

Browse source
This commit is contained in:
Philip Wassermann 2020-11-05 19:20:50 +01:00 committed by GitHub
parent d1bab414c5
commit 85a5961e5e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 456 additions and 387 deletions
Download patch file Download diff file Expand all files Collapse all files

11
docs/reference/readme.md
View file

@ -1101,6 +1101,17 @@ These options correspond to the envoy route action host related options, which c
If this setting is enabled, no whitelists (e.g. Allowed Users) should be provided in this route.
### Allow Any Authenticated User
- `yaml`/`json` setting: `allow_any_authenticated_user`
- Type: `bool`
- Optional
- Default: `false`
**Use with caution:** This setting will allow all requests for any user which is able to authenticate with our given identity provider. For instance, if you are using a corporate GSuite account, an unrelated gmail user will be able to access the underlying upstream.
Use of this setting means Pomerium **will not enforce centralized authorization policy** for this route. The upstream is responsible for handling any authorization.
### Regex
- `yaml`/`json` setting: `regex`
- Type: `string` (containing a regular expression)