3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-30 02:46:30 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/docs/docs
History
bobby c3e3ed9b50
authenticate: validate origin of signout (#1876) 
* authenticate: validate origin of signout

- add a debug task to kill envoy
- improve various function docs
- userinfo: return "error" page if user is logged out without redirect uri set
- remove front channel logout. There's little difference between it, and the signout function.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
2021-02-11 21:37:54 -08:00
..
community docs: replace httpbin with verify (#1702) 2020-12-22 09:53:08 -08:00
identity-providers Update GitLab provider docs (#1591) 2021-02-01 15:48:06 -08:00
img docs: fix in-action video (#1268) 2020-08-12 19:34:50 -04:00
quick-start docs: replace httpbin with verify (#1702) 2020-12-22 09:53:08 -08:00
topics authenticate: validate origin of signout (#1876) 2021-02-11 21:37:54 -08:00
architecture.md databroker: rename cache service (#1790) 2021-01-21 08:41:22 -07:00
background.md docs: fix links, fix upgrade guide (#1220) 2020-08-05 23:07:49 -07:00
CHANGELOG.md docs: v0.12 upgrade notes and changelog (#1753) 2021-01-08 17:48:22 -05:00
FAQ.md update docs (#1645) 2020-12-03 08:29:17 -08:00
installation.md remove user impersonation and service account cli (#1768) 2021-01-12 09:28:29 -07:00
readme.md update docs (#1645) 2020-12-03 08:29:17 -08:00
upgrading.md authenticate: validate origin of signout (#1876) 2021-02-11 21:37:54 -08:00

readme.md

title lang sidebarDepth meta
What is Pomerium? en-US 0
name content
keywords pomerium overview identity-access-proxy beyondcorp zero-trust reverse-proxy ztn zero-trust-networks

What is Pomerium

Overview?

Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you'd typically reach for a VPN.

Pomerium can be used to:

  • provide a single-sign-on gateway to internal applications.
  • enforce dynamic access policy based on context, identity, and device state.
  • aggregate access logs and telemetry data.
  • perform delegated user authorization for service-based authorization systems:
  • provide unified identity attestation for upstream services:
  • provide a VPN alternative.

Demo

To make this a bit more concrete, click the image thumbnail to see a short youtube demo:

demo

The above video shows the flow for both an unauthorized and authorized user.

  1. An unauthorized user authenticates with their corporate single-sign-on provider.
  2. The unauthorized user is blocked from a protected resource.
  3. The unauthorized user signs out from their session.
  4. An authorized user authenticates with their corporate single-sign-on provider.
  5. Pomerium delegating and granting access to the requested resource.
  6. The authorized user inspecting their user details including group membership.