Reverse proxy header authentication
Table of contents
Overview
CloudBeaver offers a feature for authorization and authentication using reverse proxy headers. This method allows to authenticate users via specific HTTP header fields.
Configuration Steps
Enabling Reverse proxy authentication
As an administrator, navigate to the Settings -> Server configuration.
Locate the Reverse proxy option and activate this setting to allow reverse proxy authentication.
Save changes.
Reverse proxy identity provider configuration in Community Edition
To configure reverse proxy authentication, follow these steps:
1) Open your .cloudbeaver.runtime.conf
configuration file.
2) Locate the app
section within the file.
3) Add a new entry to the authConfigurations
array with the following structure:
"app": {
...
"authConfigurations": [
{
"id": "your_proxy_id",
"provider": "reverseProxy",
"displayName": "your_proxy_username",
"disabled": true,
"iconURL": "",
"description": "",
"parameters": {
"logout-url": "https://link_if_needed",
"user-header": "",
"team-header": "",
"team-delimiter": "",
"first-name-header": "",
"last-name-header": ""
}
}
]
}
Important: Ensure you include the mandatory fields id, provider, and displayName. The
provider
name must be set toreverseProxy
.Reverse proxy identity provider configuration
To configure reverse proxy authentication in the CloudBeaver using the graphical user interface (GUI), follow these steps:
1) Log in as an administrator. 2) Navigate to Settings -> Server configuration in the CloudBeaver interface. 3) Click on the + Add button to create a new authentication provider. 4) In the Provider dropdown menu, select Reverse Proxy. 5) Enter a unique identifier in the ID field and a name for the configuration in the Configuration name field. 6) Click on Save to apply the changes.
Configuring default HTTP header fields
Configure the standard HTTP header fields as follows:
Header Description X-User
user login X-Team
user teams X-First-name
user profile firstname X-Last-name
user profile lastname X-Full-name
user profile fullname X-Role
user roles, only for DBeaver Team edition Header example
Consider a user named
newuser
, belonging to bothuser
andadmin
teams. To access an application with reverse proxy header authentication enabled, the following HTTP headers should be set in the request to the CloudBeaver application:X-User: newuser X-Team: user|admin X-First-name: John X-Last-name: Smith
Tip: CloudBeaver categorizes users into two default teams:
user
andadmin
. Default delimiter used to separate teams in the header is|
(could be customized inteam-delimiter
parameter, all characters are allowed).