Heimdall Authentication Methods
Heimdall supports multiple authentication methods:
- External URL
- LDAP
- OAuth Client ID (Google, GitHub, Okta Domain)
- Custom OIDC Service
- Password-based authentication (Local Authentication)
Local authentication is the minimal and lowest level of authentication, it is accomplished via username password. Strong passwords are enforced. Passwords are encrypted and stored on the application database (only applicable if deployed in server mode).
NOTE: Password encryption is being changed to a FIPS compliant algorithm, for this reason current deployment of Heimdall that make use of Local Authentication must ensure that all users change their passwords during the transition period.
Heimdall Server supports disabling local user logins via environment variables. This means only external authentication providers (such as OpenID Connect or LDAP) can be used to login to the server.
To use this feature set the following environment variables:
LOCAL_LOGIN_DISABLED=trueADMIN_USES_EXTERNAL_AUTH=trueADMIN_EMAIL=<Your admin's email address>
Instead of the standard prompt, you will be given this message and the option to login with your configured authentication providers:
- Home
- How to create a release
- Environment Variables Configuration
- Heimdall Authentication Methods
- Heimdall API Documentation
- Group and User Management
- Heimdall Interface Connections
- Heimdall Architecture Information
- Heimdall Class Diagrams
- Heimdall Development Tips & Tricks
- Heimdall Frontend Components
- Heimdall Processes Documentation
- Heimdall Heroku Documentation
- Developers Code Style
- Troubleshooting
- HDF Converter Mappings
- HDF Converters How Tos
- Manual Attestations
- Control Correlation Identifier (CCI) Converter