Skip to content

Add external console integration (SSO handoff) guide#147

Merged
tamalsaha merged 3 commits into
masterfrom
docs-external-console-integration
Jul 14, 2026
Merged

Add external console integration (SSO handoff) guide#147
tamalsaha merged 3 commits into
masterfrom
docs-external-console-integration

Conversation

@tamalsaha

@tamalsaha tamalsaha commented Jul 14, 2026

Copy link
Copy Markdown
Member

Adds a new Integrations guide for Cloud Service Providers (CSPs) / ISVs who want to embed the KubeDB Platform console into their own console, hosted on a subdomain of the CSP console, so a user signed in to the CSP console is transparently signed in to the KubeDB console — no second login prompt.

What it covers

  • Phase 1 — Provisioning (once per user): the CSP backend creates a mirrored KubeDB user via the admin API (POST /api/v1/admin/users?org=<slug>), storing an internal generated password; plus optional profile-sync, password-rotation, and deprovision calls.
  • Phase 2 — Session handoff (every login): the CSP backend performs a server-side POST /api/v1/user/signin, captures the session + _csrf + NATS cookies, and re-emits them to the browser from a launch endpoint on the KubeDB subdomain so the same user is logged into the KubeDB console.
  • Granting access: a Client Organizations section (the managed-service-provider model) for giving each mirrored user scoped access to clusters/databases.
  • X-Csrf-Token usage for authenticated calls, logout (GET /api/v1/user/signout), an optional shared-parent-domain SSO variant, an API summary table, and a security checklist.

Conventions

  • Built against the documented API reference under docs/platform/api — uses the Authorization: token scheme, the ?org= context, and the documented request-body schemas rather than raw curl snippets. Cross-links the relevant API reference pages.
  • Placed under docs/platform/guides/integrations/ with Hugo front matter matching the sibling Rancher guide (weight: 60).
  • Two sequence diagrams rendered to SVG (the repo renders no inline mermaid), referenced via the repo's extra-../ link convention. All links verified to resolve.

Guide for CSPs/ISVs to embed the KubeDB Platform console into their own
console via a mirrored user + session-cookie handoff. Covers admin-token
user provisioning, the server-side login flow, cookie delivery to the
browser on a shared subdomain, logout, and a security checklist. Includes
two rendered sequence diagrams.

Signed-off-by: Tamal Saha <tamal@appscode.com>
kodiak-appscode[bot]
kodiak-appscode Bot previously approved these changes Jul 14, 2026
@github-actions

github-actions Bot commented Jul 14, 2026

Copy link
Copy Markdown

Visit the preview URL for this PR (updated for commit b414dd6):

https://kubedb-v2-hugo--pr147-docs-external-consol-sit9xfao.web.app

(expires Tue, 21 Jul 2026 16:19:27 GMT)

🔥 via Firebase Hosting GitHub Action 🌎

Sign: 0f29ae8ae0bd54a99bf2b223b6833be47acd5943

Use the documented endpoints, auth scheme (Authorization: token, ?org=),
and request-body schemas instead of raw curl snippets. Switch the session
handoff to POST /api/v1/user/signin and logout to GET /api/v1/user/signout.
Add a Client Organizations section for granting scoped cluster access, and
cross-link the relevant API reference pages. Regenerate both diagrams.

Signed-off-by: Tamal Saha <tamal@appscode.com>
kodiak-appscode[bot]
kodiak-appscode Bot previously approved these changes Jul 14, 2026
The rendered pages are served at directory-style URLs (no .md), so the
.md-suffixed cross-links 404ed on the live site. Switch them to
trailing-slash directory form (the same form the repo's existing anchor
links use), which resolves correctly and still passes the link checker.

Signed-off-by: Tamal Saha <tamal@appscode.com>
@tamalsaha
tamalsaha merged commit 899c4bf into master Jul 14, 2026
6 checks passed
@tamalsaha
tamalsaha deleted the docs-external-console-integration branch July 14, 2026 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant