Reverse proxy header authentication

Table of contents

• Overview
• Configuration Steps
  • Enabling Reverse proxy authentication
  • Reverse proxy identity provider configuration in Community Edition
  • Reverse proxy identity provider configuration in Enterprise and Team Editions
  • Configuring default HTTP header fields
  • Header example

Overview

CloudBeaver offers a feature for authorization and authentication using reverse proxy headers. This method allows to authenticate users via specific HTTP header fields.

Configuration Steps

Enabling Reverse proxy authentication

1. As an administrator, navigate to the Settings -> Server configuration.

2. Locate the Reverse proxy option and activate this setting to allow reverse proxy authentication.

   

3. Save changes.

Reverse proxy identity provider configuration in Community Edition

To configure reverse proxy authentication, follow these steps:

1. Open your .cloudbeaver.runtime.conf configuration file.
2. Locate the app section within the file.
3. Add a new entry to the authConfigurations array with the following structure:

  "app": {
    ...
    "authConfigurations": [
      {
        "id": "your_proxy_id",
        "provider": "reverseProxy",
        "displayName": "your_proxy_username",
        "disabled": true,
        "iconURL": "",
        "description": "",
        "parameters": {
          "logout-url": "https://link_if_needed",
          "user-header": "",
          "team-header": "",
          "team-delimiter": "",
          "first-name-header": "",
          "last-name-header": ""
        }
      }
    ]
  }

Important: Ensure you include the mandatory fields id, provider, and displayName. The provider name must be set to reverseProxy.

Reverse proxy identity provider configuration in Enterprise and Team Editions

To configure reverse proxy authentication in the Enterprise and Team Editions of CloudBeaver using the graphical user interface (GUI), follow these steps:

1. Log in as an administrator.
2. Navigate to Settings -> Server configuration in the CloudBeaver interface.
3. Click on the + Add button to create a new authentication provider.
4. In the Provider dropdown menu, select Reverse Proxy.
5. Enter a unique identifier in the ID field and a name for the configuration in the Configuration name field.
6. Click on Save to apply the changes.

Configuring default HTTP header fields

Configure the standard HTTP header fields as follows:

Header	Description
X-User	user login
X-Team	user teams
X-First-name	user profile firstname
X-Last-name	user profile lastname
X-Full-name	user profile fullname
X-Role	user roles, only for DBeaver Team edition

Header example

Consider a user named newuser, belonging to both user and admin teams. To access an application with reverse proxy header authentication enabled, the following HTTP headers should be set in the request to the CloudBeaver application:

X-User: newuser
X-Team: user|admin
X-First-name: John
X-Last-name: Smith

Tip: CloudBeaver categorizes users into two default teams: user and admin. Default delimiter used to separate teams in the header is | (could be customized in team-delimiter parameter, all characters are allowed).