Gafaelfawr

Edit on GitHub	/services/gafaelfawr
Type	Helm
Namespace	gafaelfawr

Overview

Gafaelfawr provides authentication and identity management services for the Rubin Science Platform. It is primarily used as an NGINX auth_request handler configured via annotations on the Ingress resources of Science Platform services. In that role, it requires a user have the required access scope to use that service, rejects users who do not have that scope, and redirects users who are not authenticated to the authentication process.

Gafaelfawr supports authentication via either OpenID Connect (often through CILogon) or GitHub.

Gafaelfawr also provides a token management API and (currently) UI for users of the Science Platform.

Guides

• Debugging authentication issues
• Configuring storage
  • Ephemeral
  • Dynamic provisioning
  • Existing PersistentVolumeClaim
• Recreating Gafaelfawr service tokens
• Releasing GitHub organization data

See also

• DMTN-234: Identity management design

• DMTN-224: Identity management implementation

• SQR-069: Identity management history and decisions

• Gafaelfawr documentation