lasdf1234 opened a new issue, #11550:
URL: https://github.com/apache/gravitino/issues/11550

   ## What would you like to be improved?
   
   Built-in IDP uses HTTP Basic authentication (`gravitino.authenticators` with 
`org.apache.gravitino.idp.auth.BasicAuthenticator`). The Gravitino server, 
Java/Python clients, and engine connectors can authenticate with username and 
password, but the Web UI (v1 and Web V2) does not provide a login form or 
session flow for this mode.
   
   The Web UI currently supports:
   - `simple` — username-only login when authorization is enabled, or direct 
access when authorization is disabled
   - `oauth` — OIDC/OAuth login flow
   
   Users enabling built-in IDP Basic auth may expect to sign in through the 
browser UI. Without documentation, this gap is easy to miss and leads to 
confusion or failed login attempts.
   
   ## How should we improve?
   
   Update IDP and Web UI documentation to state clearly that:
   1. Built-in IDP Basic authentication is for REST APIs, clients, and engines 
— not the Web UI.
   2. To use the Web UI with authentication, configure OAuth/OIDC 
(`gravitino.authenticators=oauth`) with an external identity provider, or use 
`simple` mode for development scenarios where the UI username-only flow is 
acceptable.
   
   Relevant docs: `docs/security/how-to-use-built-in-idp.md`, 
`docs/security/how-to-authenticate.md`, `docs/webui.md`, `docs/webui-v2.md`.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to