This authentication method is often used for SSO (Single Sign-On) especially for large organizations.
The authentication is done by another system, Kanboard doesn’t know your password and suppose you are already authenticated.
Apache Auth on the same server or a well-configured reverse proxy.
This is not in the scope of this documentation. You should check the user login is sent by the reverse proxy using a HTTP header, and find out which one.
Create a custom config.php
file or copy the config.default.php
file:
<?php
// Enable/disable reverse proxy authentication
define('REVERSE_PROXY_AUTH', true); // Set this value to true
// The HTTP header to retrieve. If not specified, REMOTE_USER is the default
define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER');
// The default Kanboard admin for your organization.
// Since everything should be filtered by the reverse proxy,
// you should want to have a bootstrap admin user.
define('REVERSE_PROXY_DEFAULT_ADMIN', 'myadmin');
// The default domain to assume for the email address.
// In case the username is not an email address, it
// will be updated automatically as [email protected]
define('REVERSE_PROXY_DEFAULT_DOMAIN', 'mydomain.com');
Note
REMOTE_USER
. For example, Apache add REMOTE_USER
by
default if Require valid-user
is set.REVERSE_PROXY_USER_HEADER
,
the value must be prefixed by HTTP_
because it’s fetched from
the $_SERVER
array.REMOTE_USER
is not set (same behavior with IIS and Nginx).X-Authenticated-User
. This de facto
standard has been adopted by a number of tools.