Rstudio Server Pro - SAML with AzureAD - Username problems

R Admins
#1

Hi all,

i am currently setting up an R Studio Server Pro in Azure. Thanks to the Marketplace offering this was quite easy.
For obvious reasons i wanted to setup SAML Authentication via Azure. This worked out quite well too until the user provisioning on the debian machine.
As i can see from the logs, it is necessary to add users with their UPN, how can i achieve this on debian?
Or is there another way around for this?

Jul  4 16:00:14 rserver rserver[2180]: ERROR system error 2 (No such file or directory) 
[description: User not found., user-value: surname.givennamen@company.com]; 
OCCURRED AT rstudio::core::Error rstudio::core::system::User::Impl::populateUser(rstudio::core::system::User::Impl::GetPasswdFunc<T>&, T) 
[with T = const char*  rstudio::core::system::User::Impl::GetPasswdFunc<T> = std::function<int(const char*, passwd*, char*, long unsigned int, passwd**)>] 
src/cpp/shared_core/system/User.cpp:68; LOGGED FROM: bool rstudio::server::auth::validateUser(const string&, const string&, unsigned int, bool) src/cpp/server/auth/ServerValidateUser.cpp:51
#2

This is a fantastic question! Thanks for reaching out here!

Unfortunately, we do not have a way for RStudio Server Pro / RStudio Workbench to automatically provision users today :slightly_frowning_face:

As a result, there are a handful of usual patterns:

  • provision manually (icky)
  • use sssd to connect to a directory / LDAP server that has the users in it and provisions them on the server
  • create a manual script / cron job that queries the user store (i.e. Azure's API) and provisions users when new users are added

sssd / an LDAP domain join is probably the most common solution, but only works if you happen to have such a directory lying around. It is also worth noting that it is important to ensure that UIDs for new users are created in a consistent / idempotent fashion, and this is particularly important in Highly Available architectures.

Do you have thoughts on which approach seems most reasonable in your environment? I will share this feedback with our dev team - I am hopeful that at some point we will be able to provision users automatically, but that day is still unfortunately a ways out.

#3

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.