Gafaelfawr#
Gafaelfawr provides the authentication and authorization infrastructure for Phalanx environments, including the Vera C. Rubin Observatory Science Platform.
Its primary purpose is to serve as an NGINX auth_request backend.
It also provides basic API rate limiting and user quota information, an API to create and manipulate tokens, a minimal OpenID Connect server to support protected services that only understand OpenID Connect, and an implementation of the IVOA Group Membership Service protocol (version 1.0).
Currently, the Kubernetes NGINX ingress controller. A future version will use a Kubernetes gateway controller (probably Envoy) instead.
Gafaelfawr is developed on GitHub.
Gafaelfawr is part of the Rubin Science Platform identity management system. Its design is documented in DMTN-234, and its implementation in DMTN-224. History and decisions made during its development are documented in SQR-069. Read those documents for a more complete picture of how Gafaelfawr fits into a larger identity management system.
Learn how to protect services with Gafaelfawr and use the Gafaelfawr client.
See the full API documentation for the Gafaelfawr client.
Learn how to configure and administer the Gafaelfawr server.
Learn how to contribute to the Gafaelfawr codebase.
Gafaelfawr is named for Glewlwyd Gafaelfawr, the knight who challenges King Arthur in Pa gur yv y porthaur? and, in later stories, is a member of his court and acts as gatekeeper. Gafaelfawr is pronounced (very roughly) gah-VILE-vahwr. (If you speak Welsh and can provide a better pronunciation guide, please open an issue!)