mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-11 10:14:33 -05:00
[GH-ISSUE #863] Support custom authentication provider per resource #1672
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @JobDoesburg on GitHub (Jun 6, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/863
I would like to be able to choose that I want to protect a resource with login, but from a specific IdP, and not necessarily the pangolin built-in authentication. So that I can choose a different SSO if I would want to
@miloschwartz commented on GitHub (Jun 12, 2025):
You can already attach another IDP if it support OIDC. We're working on a feature to redirect straight to the Idp instead of having to click "Log in with xxxx idp" button.
@JobDoesburg commented on GitHub (Jun 12, 2025):
That's already great!
Will it also be possible to specify specific required claims for a resource?
The use case is namely: I use Authentik as IdP and I would like to be able to manage which users have access to a resource via Authentik groups and policies, not via Pangolin. So I would like to add users to a group in Authentik and in Pangolin only specify the required groups specifically for this resource.
Preferably I would also want to log at my IdP that a user authenticated to a specific resource, which is why I formulated my issue the way I did. This would require using resource-specific OAuth Client IDs. I see that this is much more complex though 😅.
Or do you perhaps happen to know any other solution so my IdP can see which resource a user is authenticating for.
@github-actions[bot] commented on GitHub (Jun 27, 2025):
This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.
@oschwartz10612 commented on GitHub (Jun 27, 2025):
@JobDoesburg sorry for the delay. I think you can do that by selecting roles from the IDP and creating roles within Pangolin to map to who can see what. https://docs.fossorial.io/Pangolin/Identity%20Providers/auto-provision#selecting-roles
Feel free to reopen if this does not solve the issue!