Users Authentication
Slurm-web gateway can authenticate users before granting access to the web interface and proxied cluster APIs. Authentication is optional but strongly recommended in production.
When enabled, users sign in through the gateway. The gateway issues a Slurm-web JSON Web Token (JWT) that carries the user identity and group memberships. This JWT is sent on subsequent API requests and forwarded to agents, where authorization policy enforces RBAC.
Slurm-web supports two authentication methods:
- LDAP authentication
-
Username and password validated against an LDAP directory (OpenLDAP, FreeIPA, Active Directory, etc.). This is the default method.
- OIDC authentication
-
Single sign-on (SSO) with an OpenID Connect identity provider such as Keycloak or Authentik. Password login on the gateway is disabled.
Exactly one method is active per deployment, selected with the method
parameter in the authentication
section of the gateway configuration file.
Please refer to the setup guides for each method for detailed instructions.