Additional authentication options

[DavidBoike]

Basic authentication

If installing ServicePulse in IIS and securing ServiceControl APIs, Windows authentication must be used or ServiceInsight won't be able to connect to the necessary APIs, as shown in the limitations section:

If ServiceControl is secured with an authentication module other that Windows authentication, ServiceInsight will not be able to connect to the REST API exposed via IIS. ServiceInsight version 1.4 or greater is required to use Windows authentication.

Windows security, especially when used with custom LDAP configurations, can be tricky to set up properly. Some organizations may prefer to set up Basic authentication with credentials that are managed separately from the organization's domain. This would currently work for ServicePulse through the browser, but not for ServiceInsight.

The API client inside ServiceInsight should be enhanced to detect the 401 Unauthorized response and present a simple interface for providing a NetworkCredential that could be used for all future requests.

OpenID

ServiceControl can now be deployed to cloud services such as Azure Container Apps which allow layering OpenID authentication onto the ingress via a variety of services. While ServicePulse can follow the redirect, ServiceInsight is not able to authenticate using these providers.

Here is a spike PR where I attempted to sniff information from the WWW-Authenticate header and complete an OAuth login flow, but ultimately failed as there's not enough information in the WWW-Authenticate header to get the job done.

[AlexKeySmith]

I would also love to see some alternative authentication / authorisation methods supported out of the box.
We're looking to move away from AD auth as we lean on more PaaS. It would be great to support oAuth2 / Open ID Connect.

[DavidBoike]

I updated this issue to be more inclusive of other authentication options, and added a link to a spike I did to try OpenID authentication that (sadly) failed.