Using AD for user provisioning and SAML for auth on RStudio Workbench

  1. Configure LDAP/AD with RSW (source)
    1. Install the prerequisites
    2. Join the underlying Linux server with Active Directory
    3. Configure the rstudio PAM profile


      session required 

      session required skel=/etc/skel/ umask=0022

      cp /etc/pam.d/login /etc/pam.d/rstudio



      auth [user_unknown=ignore success=ok ignore=ignore default=bad]  

      auth substack system-auth  

      auth include postlogin  

      account required  

      account include system-auth  

      password include system-auth  

      # close should be the first session rule  

      session required close  

      session required  

      session optional

      # open should only be followed by sessions to be executed in the user context  

      session required open  

      session required  

      session optional force revoke  

      session include system-auth  

      session include postlogin  

      -session optional

  2. Change auth to SAML (source)

    # /etc/rstudio/rserver.conf




  3. Ensure that the SAML assertion has an attribute (on login) that matches the user's linux username exactly (i.e. the output of `getent passwd username`)