Comments (7)
+1 for g-suite auth :)
from clearml-server.
@GolfDeltaFox thank you for clarifying, I totally understand now. Although adding SSO is doable, from a security point of view, I would not recommended putting a TRAINS-server open on the web. Firewall and load-balancer to prevent DDOS and other brute-force attacks is a must these days...
With the above said, I would recommend to do as you suggested, and put everything behind a VPN/VPC.
I'm also tagging this thread as 'user management feature request', and again I have to stress TRAINS-server should be deployed as internal access only :)
from clearml-server.
First, the compliment is greatly appreciated :)
When we designed trains-server, we thought of it as an internal infrastructure system. This is why we thought user/pass login is unnecessary, since we wanted to encourage visibility, instead of limiting it with a defined set of credentials.
The main use case for individual web-app login is in the "admin" page (which will soon be renamed to profile), where you create your specific key/secret credentials pair, to put into your trains.conf file.
Once you have configured your trains.conf file, any task/experiment created from your machine will be created with your user-name, so everyone knows who trained which model, etc.
Login to the web-app by itself, is kind of meaningless as, it will mostly give you read access to the ongoing development of the project. In other words, great way to create transparency between: research, engineering and management.
It was also quite convenient to store fixed credentials per remote machine. Every time someone logged into the machine, it automatically used their credentials, so we immediately knew who was running on which machine.
Quick FYI, you can also set these key/secret credentials from OS environment, so it can be part of the login .bashrc script:
export TRAINS_API_ACCESS_KEY=""
export TRAINS_API_SECRET_KEY=""
export TRAINS_API_HOST=""
Did that answer your question? If not, what is exactly the scenario you had in mind, meaning why would you limit the login to a specific set of users in your organization?
from clearml-server.
I'm using the AWS AMI release and addressing the front end of managing users (I'm ok with credentials management in back-end)
Before creating the credentials we need to login to the web interface - How do I manage users authentication and authorisation in the web interface ? Can I login using g-suite ?
After I have used new user login and all the users that logged in the past appear in the login screen, this is a bit ugly since the login screen now includes test users and demo users (test, test1, test11, test111 etc ;-)
I want to clear these users they all appear in the login screen after logout and clutter the view
It would be best if the web login could use the Googleβs SAML and/or OpenID
from clearml-server.
@bmartinn : Thank you for your answer and additional information. Although our use case is the following:
Our users want to use the same trains-server in different locations. But, yet we still want to be able to hide the web interface behind either a login page or in a VPC (to prevent anyone to randomly kill or archive experiments, or steal sensitive data). Since the second option is more complicated for the end user, the ideal scenario would be to have a Gsuite SSO with a restriction on the domain name (eg: [email protected]).
from clearml-server.
@GolfDeltaFox we added the ability to specify a list of User/Pass login credentials for the web server.
Feel free to check v0.10.1
π
from clearml-server.
Closing, feature added to v0.10.1
from clearml-server.
Related Issues (20)
- clearml-webserver crashes when IPv6 is disabled on a k8s node HOT 1
- Could not find host server definition HOT 5
- Feature Request: Get server configuration parameters from AWS Secrets Manager [security]
- [Customising web-ui] - Projects are loading tasks in web ui of self hosting server but i want them to show datasets HOT 3
- generating clearml-reports HOT 13
- How to write artifacts to S3 from server side? HOT 1
- Nginx Not Loading Plotly.js Resource: ClearML Self-Hosted Docker HOT 7
- Failed Navigate From Overview to Experiments Details HOT 4
- Async Delete Always Failed when Removing Experiments (using Minio)
- nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE vulnerability HOT 2
- ElasticSearch UI and Redis UI? HOT 2
- The problem with scalars HOT 12
- Curl 7.69 < 8.4.0 Heap Buffer Overflow vulnerability HOT 2
- OpenSSL 1.1.1 < 1.1.1x Vulnerability HOT 1
- Elasticsearch image tag 7.17 does not exist HOT 4
- Git package is not installed by default in node:20-bookworm-slim HOT 1
- SERVER UNAVAILABLE HOT 4
- APP Credentials disapper in webapp HOT 20
- Scalar graphs legend is too narrow for experiments with long names HOT 7
- Update from 1.14.1 to 1.15.0 leads to several fatal issues when booting HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clearml-server.