i am currently setting up an R Studio Server Pro in Azure. Thanks to the Marketplace offering this was quite easy.
For obvious reasons i wanted to setup SAML Authentication via Azure. This worked out quite well too until the user provisioning on the debian machine.
As i can see from the logs, it is necessary to add users with their UPN, how can i achieve this on debian?
Or is there another way around for this?
Jul 4 16:00:14 rserver rserver[2180]: ERROR system error 2 (No such file or directory)
[description: User not found., user-value: surname.givennamen@company.com];
OCCURRED AT rstudio::core::Error rstudio::core::system::User::Impl::populateUser(rstudio::core::system::User::Impl::GetPasswdFunc<T>&, T)
[with T = const char* rstudio::core::system::User::Impl::GetPasswdFunc<T> = std::function<int(const char*, passwd*, char*, long unsigned int, passwd**)>]
src/cpp/shared_core/system/User.cpp:68; LOGGED FROM: bool rstudio::server::auth::validateUser(const string&, const string&, unsigned int, bool) src/cpp/server/auth/ServerValidateUser.cpp:51
This is a fantastic question! Thanks for reaching out here!
Unfortunately, we do not have a way for RStudio Server Pro / RStudio Workbench to automatically provision users today
As a result, there are a handful of usual patterns:
provision manually (icky)
use sssd to connect to a directory / LDAP server that has the users in it and provisions them on the server
create a manual script / cron job that queries the user store (i.e. Azure's API) and provisions users when new users are added
sssd / an LDAP domain join is probably the most common solution, but only works if you happen to have such a directory lying around. It is also worth noting that it is important to ensure that UIDs for new users are created in a consistent / idempotent fashion, and this is particularly important in Highly Available architectures.
Do you have thoughts on which approach seems most reasonable in your environment? I will share this feedback with our dev team - I am hopeful that at some point we will be able to provision users automatically, but that day is still unfortunately a ways out.