diff --git a/api/v2.0/swagger.yaml b/api/v2.0/swagger.yaml
index dd71a37ee..789c63df7 100644
--- a/api/v2.0/swagger.yaml
+++ b/api/v2.0/swagger.yaml
@@ -4269,7 +4269,7 @@ paths:
'404':
$ref: '#/responses/404'
'500':
- $ref: '#/responses/500'
+ $ref: '#/responses/500'
/system/purgeaudit/{purge_id}/log:
get:
summary: Get purge job log.
@@ -7666,6 +7666,11 @@ definitions:
x-nullable: true
x-omitempty: true
description: The auth mode of current Harbor instance.
+ primary_auth_mode:
+ type: boolean
+ x-nullable: true
+ x-omitempty: true
+ description: The flag to indicate whether the current auth mode should consider as a primary one.
project_creation_restriction:
type: string
x-nullable: true
@@ -7793,7 +7798,7 @@ definitions:
update_time:
type: string
format: date-time
- description: the update time of purge job.
+ description: the update time of purge job.
Schedule:
type: object
properties:
@@ -8593,6 +8598,9 @@ definitions:
auth_mode:
$ref: '#/definitions/StringConfigItem'
description: The auth mode of current system, such as "db_auth", "ldap_auth", "oidc_auth"
+ primary_auth_mode:
+ $ref: '#/definitions/BoolConfigItem'
+ description: The flag to indicate whether the current auth mode should consider as a primary one.
ldap_base_dn:
$ref: '#/definitions/StringConfigItem'
description: The Base DN for LDAP binding.
@@ -8697,7 +8705,7 @@ definitions:
description: The OIDC group which has the harbor admin privileges
oidc_group_filter:
$ref: '#/definitions/StringConfigItem'
- description: The OIDC group filter which filters out the group doesn't match the regular expression
+ description: The OIDC group filter which filters out the group doesn't match the regular expression
oidc_scope:
$ref: '#/definitions/StringConfigItem'
description: The scope of the OIDC provider
@@ -8758,6 +8766,11 @@ definitions:
description: The auth mode of current system, such as "db_auth", "ldap_auth", "oidc_auth"
x-omitempty: true
x-isnullable: true
+ primary_auth_mode:
+ type: boolean
+ x-nullable: true
+ x-omitempty: true
+ description: The flag to indicate whether the current auth mode should consider as a primary one.
ldap_base_dn:
type: string
description: The Base DN for LDAP binding.
@@ -8942,7 +8955,7 @@ definitions:
type: string
description: The OIDC group filter which filters out the group name doesn't match the regular expression
x-omitempty: true
- x-isnullable: true
+ x-isnullable: true
oidc_scope:
type: string
description: The scope of the OIDC provider
@@ -8997,7 +9010,7 @@ definitions:
type: string
description: The audit log forward endpoint
x-omitempty: true
- x-isnullable: true
+ x-isnullable: true
skip_audit_log_database:
type: boolean
description: Skip audit log database
@@ -9401,10 +9414,11 @@ definitions:
items:
$ref: '#/definitions/ScanDataExportExecution'
description: The list of scan data export executions
+
WorkerPool:
type: object
description: the worker pool of job service
- properties:
+ properties:
pid:
type: integer
description: the process id of jobservice
@@ -9422,13 +9436,13 @@ definitions:
concurrency:
type: integer
description: The concurrency of the work pool
- host:
+ host:
type: string
- description: The host of the work pool
+ description: The host of the work pool
Worker:
type: object
description: worker in the pool
- properties:
+ properties:
id:
type: string
description: the id of the worker
@@ -9463,7 +9477,7 @@ definitions:
action:
type: string
description: The action of the request, should be stop, pause or resume
- enum:
+ enum:
- stop
- pause
- resume
@@ -9511,4 +9525,4 @@ definitions:
paused:
type: boolean
description: if the scheduler is paused
- x-omitempty: false
\ No newline at end of file
+ x-omitempty: false
diff --git a/src/common/const.go b/src/common/const.go
index ff65d0f15..6edecdd6b 100755
--- a/src/common/const.go
+++ b/src/common/const.go
@@ -50,6 +50,7 @@ const (
ExtEndpoint = "ext_endpoint"
AUTHMode = "auth_mode"
+ PrimaryAuthMode = "primary_auth_mode"
DatabaseType = "database_type"
PostGreSQLHOST = "postgresql_host"
PostGreSQLPort = "postgresql_port"
diff --git a/src/controller/systeminfo/controller.go b/src/controller/systeminfo/controller.go
index 42fd556a4..111ad9bfb 100644
--- a/src/controller/systeminfo/controller.go
+++ b/src/controller/systeminfo/controller.go
@@ -44,6 +44,7 @@ var Ctl = NewController()
// Data wraps common systeminfo data
type Data struct {
AuthMode string
+ PrimaryAuthMode bool
SelfRegistration bool
HarborVersion string
AuthProxySettings *models.HTTPAuthProxy
@@ -93,6 +94,7 @@ func (c *controller) GetInfo(ctx context.Context, opt Options) (*Data, error) {
}
res := &Data{
AuthMode: utils.SafeCastString(cfg[common.AUTHMode]),
+ PrimaryAuthMode: utils.SafeCastBool(cfg[common.PrimaryAuthMode]),
SelfRegistration: utils.SafeCastBool(cfg[common.SelfRegistration]),
HarborVersion: fmt.Sprintf("%s-%s", version.ReleaseVersion, version.GitCommit),
}
diff --git a/src/lib/config/metadata/metadatalist.go b/src/lib/config/metadata/metadatalist.go
index 5852599ed..a9acfc070 100644
--- a/src/lib/config/metadata/metadatalist.go
+++ b/src/lib/config/metadata/metadatalist.go
@@ -65,6 +65,7 @@ var (
{Name: common.AdminInitialPassword, Scope: SystemScope, Group: BasicGroup, EnvKey: "HARBOR_ADMIN_PASSWORD", DefaultValue: "", ItemType: &PasswordType{}, Editable: true},
{Name: common.AUTHMode, Scope: UserScope, Group: BasicGroup, EnvKey: "AUTH_MODE", DefaultValue: "db_auth", ItemType: &AuthModeType{}, Editable: false, Description: `The auth mode of current system, such as "db_auth", "ldap_auth", "oidc_auth"`},
+ {Name: common.PrimaryAuthMode, Scope: UserScope, Group: BasicGroup, EnvKey: "PRIMARY_AUTH_MODE", DefaultValue: "false", ItemType: &BoolType{}, Description: `Use current auth mode as a primary one`},
{Name: common.ChartRepoURL, Scope: SystemScope, Group: BasicGroup, EnvKey: "CHART_REPOSITORY_URL", DefaultValue: "http://chartmuseum:9999", ItemType: &StringType{}, Editable: false},
{Name: common.TrivyAdapterURL, Scope: SystemScope, Group: TrivyGroup, EnvKey: "TRIVY_ADAPTER_URL", DefaultValue: "http://trivy-adapter:8080", ItemType: &StringType{}, Editable: false},
diff --git a/src/portal/src/app/base/left-side-nav/config/auth/config-auth.component.html b/src/portal/src/app/base/left-side-nav/config/auth/config-auth.component.html
index ca245e916..b64ba7cf5 100644
--- a/src/portal/src/app/base/left-side-nav/config/auth/config-auth.component.html
+++ b/src/portal/src/app/base/left-side-nav/config/auth/config-auth.component.html
@@ -51,6 +51,36 @@
>
+
diff --git a/src/portal/src/app/base/left-side-nav/config/auth/config-auth.component.ts b/src/portal/src/app/base/left-side-nav/config/auth/config-auth.component.ts
index 26d4fd7ca..c61b0d2d0 100644
--- a/src/portal/src/app/base/left-side-nav/config/auth/config-auth.component.ts
+++ b/src/portal/src/app/base/left-side-nav/config/auth/config-auth.component.ts
@@ -236,6 +236,7 @@ export class ConfigurationAuthComponent implements OnInit {
prop.startsWith('oidc_') ||
prop === 'auth_mode' ||
prop === 'project_creattion_restriction' ||
+ prop === 'primary_auth_mode' ||
prop === 'self_registration' ||
prop.startsWith('http_')
) {
diff --git a/src/portal/src/app/base/left-side-nav/config/config.ts b/src/portal/src/app/base/left-side-nav/config/config.ts
index 5a2601398..173fe1eb4 100644
--- a/src/portal/src/app/base/left-side-nav/config/config.ts
+++ b/src/portal/src/app/base/left-side-nav/config/config.ts
@@ -54,6 +54,7 @@ export class ComplexValueItem {
export class Configuration {
[key: string]: any | any[];
auth_mode: StringValueItem;
+ primary_auth_mode: BoolValueItem;
project_creation_restriction: StringValueItem;
self_registration: BoolValueItem;
ldap_base_dn: StringValueItem;
@@ -114,6 +115,7 @@ export class Configuration {
session_timeout: NumberValueItem;
public constructor() {
this.auth_mode = new StringValueItem('db_auth', true);
+ this.primary_auth_mode = new BoolValueItem(false, true);
this.project_creation_restriction = new StringValueItem(
'everyone',
true
diff --git a/src/portal/src/app/base/left-side-nav/projects/projects.component.spec.ts b/src/portal/src/app/base/left-side-nav/projects/projects.component.spec.ts
index e880b1870..7cb6312dd 100644
--- a/src/portal/src/app/base/left-side-nav/projects/projects.component.spec.ts
+++ b/src/portal/src/app/base/left-side-nav/projects/projects.component.spec.ts
@@ -26,6 +26,10 @@ describe('ProjectComponent', () => {
value: 'oidc_auth',
editable: false,
},
+ primary_auth_mode: {
+ value: false,
+ editable: true,
+ },
count_per_project: {
value: -1,
editable: true,
diff --git a/src/portal/src/app/services/app-config.ts b/src/portal/src/app/services/app-config.ts
index 973843101..9841baeec 100644
--- a/src/portal/src/app/services/app-config.ts
+++ b/src/portal/src/app/services/app-config.ts
@@ -19,6 +19,7 @@ export class AppConfig {
with_trivy: boolean;
admiral_endpoint: string;
auth_mode: string;
+ primary_auth_mode: boolean;
registry_url: string;
project_creation_restriction: string;
self_registration: boolean;
@@ -36,6 +37,7 @@ export class AppConfig {
this.with_trivy = false;
this.admiral_endpoint = '';
this.auth_mode = 'db_auth';
+ this.primary_auth_mode = false;
this.registry_url = '';
this.project_creation_restriction = 'everyone';
this.self_registration = true;
diff --git a/src/portal/src/app/shared/router-guard/auth-user-activate.service.ts b/src/portal/src/app/shared/router-guard/auth-user-activate.service.ts
index 5848ecc7c..bbf0cb4ed 100644
--- a/src/portal/src/app/shared/router-guard/auth-user-activate.service.ts
+++ b/src/portal/src/app/shared/router-guard/auth-user-activate.service.ts
@@ -25,8 +25,8 @@ import { AppConfigService } from '../../services/app-config.service';
import { MessageHandlerService } from '../services/message-handler.service';
import { SearchTriggerService } from '../components/global-search/search-trigger.service';
import { Observable } from 'rxjs';
-import { CommonRoutes } from '../entities/shared.const';
import { UN_LOGGED_PARAM, YES } from '../../account/sign-in/sign-in.service';
+import { CommonRoutes, CONFIG_AUTH_MODE } from '../entities/shared.const';
@Injectable({
providedIn: 'root',
@@ -76,6 +76,18 @@ export class AuthCheckGuard implements CanActivate, CanActivateChild {
let navigatorExtra: NavigationExtras = {
queryParams: { redirect_url: state.url },
};
+ // if primary auth mode enabled, skip the first step
+ if (
+ this.appConfigService.getConfig().auth_mode ==
+ CONFIG_AUTH_MODE.OIDC_AUTH &&
+ this.appConfigService.getConfig()
+ .primary_auth_mode
+ ) {
+ window.location.href =
+ '/c/oidc/login?redirect_url=' +
+ encodeURI(state.url);
+ return observer.next(false);
+ }
this.router.navigate(
[CommonRoutes.EMBEDDED_SIGN_IN],
navigatorExtra
diff --git a/src/portal/src/app/shared/services/interface.ts b/src/portal/src/app/shared/services/interface.ts
index 3cef79ada..2edbdeeb4 100644
--- a/src/portal/src/app/shared/services/interface.ts
+++ b/src/portal/src/app/shared/services/interface.ts
@@ -176,6 +176,7 @@ export interface SystemInfo {
with_chartmuseum?: boolean;
admiral_endpoint?: string;
auth_mode?: string;
+ primary_auth_mode?: boolean;
registry_url?: string;
project_creation_restriction?: string;
self_registration?: boolean;
diff --git a/src/portal/src/i18n/lang/de-de-lang.json b/src/portal/src/i18n/lang/de-de-lang.json
index e7ec8dcd3..d47c155fc 100644
--- a/src/portal/src/i18n/lang/de-de-lang.json
+++ b/src/portal/src/i18n/lang/de-de-lang.json
@@ -813,6 +813,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "Auth Mode",
+ "PRIMARY_AUTH_MODE": "Primärer Anmeldemodus",
"PRO_CREATION_RESTRICTION": "Projekt Erzeugung",
"SELF_REGISTRATION": "Selbst-Registrierung",
"AUTH_MODE_DB": "Datenbank",
@@ -834,6 +835,7 @@
"SELF_REGISTRATION_DISABLE": "Registrierung verboten. Haken setzen um Selbst-Registrierung zu erlauben.",
"VERIFY_REMOTE_CERT": "Festlegen, ob die Image-Replikation das Zertifikat der Gegenstelle überprüfen soll. Deaktiviere die Box, wenn der E-Mail-Server ein selbstsigniertes oder nicht-vertrauenswürdiges Zertifikat verwendet.",
"AUTH_MODE": "Der Standard Authentifizierungsmodus ist Datenbank, die Zugriffsdaten werden hierbei in einer lokalen Datenbank gespeichert. Wähle einen alternativen Authentifizierungsmodus, um die Nutzer gegen den konfigurierten Dienst zu verifizieren.",
+ "PRIMARY_AUTH_MODE": "Dieser Anmeldemodus wird zur Standardmethode für die Benutzeranmeldung. Der Anmeldebildschirm, in dem der Benutzer auswählt, ob er sich über den Identitätsanbieter oder über die lokale DB anmelden möchte, leitet den Benutzer automatisch an diesen Identitätsanbieter weiter. Die Anmeldung über die DB ist möglich, wenn die URL '/account/sign-in' explizit aufgerufen wird.",
"LDAP_SEARCH_DN": "DN eines Nutzers, der die Berechtigungen auf dem LDAP/AD Server hat. Falls der LDAP/AD server anonyme Suche nicht unterstützt, muss der DN und das ldap_search_pwd konfiguriert werden.",
"LDAP_BASE_DN": "Der Base DN unterhalb dem nach Nutzern im LDAP/AD gesucht wird.",
"LDAP_UID": "Das Attribut, dass in der Suche für die Zuordnung eines Nutzers verwendet wird. Kann uid, cn, email, sAMAccountName oder ein anderes Attribut abhängig vom LDAP/AD sein.",
diff --git a/src/portal/src/i18n/lang/en-us-lang.json b/src/portal/src/i18n/lang/en-us-lang.json
index 49dd85b6f..d6bbb580b 100644
--- a/src/portal/src/i18n/lang/en-us-lang.json
+++ b/src/portal/src/i18n/lang/en-us-lang.json
@@ -813,6 +813,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "Auth Mode",
+ "PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "Project Creation",
"SELF_REGISTRATION": "Allow Self-Registration",
"AUTH_MODE_DB": "Database",
@@ -834,6 +835,7 @@
"SELF_REGISTRATION_DISABLE": "Deactivate sign up.",
"VERIFY_REMOTE_CERT": "Determine whether the image replication should verify the certificate of a remote Harbor registry. Uncheck this box when the remote registry uses a self-signed or untrusted certificate.",
"AUTH_MODE": "By default the authentication mode is database, i.e. the credentials are stored in a local database. Set it to LDAP if you want to verify a user's credential against an LDAP server.",
+ "PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "A user's DN who has the permission to search the LDAP/AD server. If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.",
"LDAP_BASE_DN": "The base DN from which to look up a user in LDAP/AD.",
"LDAP_UID": "The attribute used in a search to match a user. It could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD.",
@@ -896,7 +898,7 @@
"SCOPE": "OIDC Scope",
"OIDC_VERIFYCERT": "Verify Certificate",
"OIDC_AUTOONBOARD": "Automatic onboarding",
- "USER_CLAIM": "Username Claim",
+ "USER_CLAIM": "Username Claim",
"OIDC_SETNAME": "Set OIDC Username",
"OIDC_SETNAMECONTENT": "You must create a Harbor username the first time when authenticating via a third party(OIDC).This will be used within Harbor to be associated with projects, roles, etc.",
"OIDC_USERNAME": "Username",
diff --git a/src/portal/src/i18n/lang/es-es-lang.json b/src/portal/src/i18n/lang/es-es-lang.json
index 669318c75..e5687e2eb 100644
--- a/src/portal/src/i18n/lang/es-es-lang.json
+++ b/src/portal/src/i18n/lang/es-es-lang.json
@@ -814,6 +814,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "Modo de autentificación",
+ "PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "Creación de Proyecto",
"SELF_REGISTRATION": "Permitir auto-registro",
"AUTH_MODE_DB": "Base de datos",
@@ -835,6 +836,7 @@
"SELF_REGISTRATION_DISABLE": "Disable sign up.",
"VERIFY_REMOTE_CERT": "Determina si la replicación de la imagen debería verificar el certificado de un registro Harbor remoto. Desmarque esta opción cuando el registro remoto use un certificado de confianza o autofirmado.",
"AUTH_MODE": "Por defecto el modo de autentificación es base de datos, es decir, las credenciales se almacenan en una base de datos local. Seleccione LDAP si quiere verificar las credenciales de usuarios a través del servidor LDAP.",
+ "PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "Un DN de usuario que tenga permisos para buscar el servidor LDAP/AD. Si el servidor LDAP/AD no soporta búsquedas anónimas, debería configurar este DN y ldap_search_pwd.",
"LDAP_BASE_DN": "La base DN para buscar un usuario en el LDAP/AD.",
"LDAP_UID": "El atributo usado en una búsqueda para encontrar un usuario. Debe ser el uid, cn, email, sAMAccountName u otro atributo dependiendo del LDAP/AD.",
diff --git a/src/portal/src/i18n/lang/fr-fr-lang.json b/src/portal/src/i18n/lang/fr-fr-lang.json
index 7d682f9f7..34388f50f 100644
--- a/src/portal/src/i18n/lang/fr-fr-lang.json
+++ b/src/portal/src/i18n/lang/fr-fr-lang.json
@@ -795,6 +795,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "Mode d'Identification",
+ "PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "Création du Projet",
"SELF_REGISTRATION": "Autoriser l'Auto-Inscription",
"AUTH_MODE_DB": "Base de données",
@@ -816,6 +817,7 @@
"SELF_REGISTRATION_DISABLE": "Désactiver l'inscription.",
"VERIFY_REMOTE_CERT": "Déterminez si la réplication de l'image doit vérifier le certificat d'un dépôt Harbor distant. Décochez cette case lorsque le registre distant utilise un certificat auto-signé ou non approuvé.",
"AUTH_MODE": "Par défaut, le mode d'authentification est la base de données, c-a-d que les informations d'identification sont stockées dans une base de données locale. Définissez-le sur LDAP si vous voulez vérifier l'identité d'un utilisateur par rapport à un serveur LDAP.",
+ "PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "Le DN d'un utilisateur qui a la permission de rechercher sur le serveur LDAP/AD. Si votre serveur LDAP/AD ne prend pas en charge la recherche anonyme, vous devez configurer ce DN et ldap_search_pwd.",
"LDAP_BASE_DN": "La base DN à partir de laquelle rechercher un utilisateur dans LDAP/AD.",
"LDAP_UID": "Attribut utilisé dans une recherche pour trouver un utilisateur. Cela peut être uid, cn, email, sAMAccountName ou d'autres attributs selon votre LDAP/AD.",
diff --git a/src/portal/src/i18n/lang/pt-br-lang.json b/src/portal/src/i18n/lang/pt-br-lang.json
index 73d5df1dc..755795077 100644
--- a/src/portal/src/i18n/lang/pt-br-lang.json
+++ b/src/portal/src/i18n/lang/pt-br-lang.json
@@ -26,7 +26,7 @@
"CANCEL": "CANCELAR",
"OK": "OK",
"DELETE": "REMOVER",
- "LOG_IN": "ENTRAR",
+ "LOG_IN": "ENTRAR",
"LOG_IN_OIDC": "Entrar com provedor OIDC",
"SIGN_UP_LINK": "Criar uma nova conta",
"SIGN_UP": "CADASTRO",
@@ -811,6 +811,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "Modo de autenticação",
+ "PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "Criação de Projeto",
"SELF_REGISTRATION": "Permitir cadastro de usuários.",
"AUTH_MODE_DB": "Banco de Dados",
@@ -832,6 +833,7 @@
"SELF_REGISTRATION_DISABLE": "Desabilitar cadastro de usuários.",
"VERIFY_REMOTE_CERT": "Determina se a replicação da imagem deve verificar o certificado do Harbor remoto. Desmarque se o servidor remoto utilizar um certificado auto-assinado ou não confiável.",
"AUTH_MODE": "Por padrão, o modo de autenticação é via banco de dados, ex. As credenciais são armazenadas em um Banco de Dados local. Altere para LDAP se você deseja verificar as credenciais de um usuário utilizando um servidor LDAP.",
+ "PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "A DN de um usuário que possui permissão para buscar no servidor LDAP/AD. Se o seu servidor LDAP/AD não suportar buscas anônimas, você deve configurar esse DN e ldap_search_pwd.",
"LDAP_BASE_DN": "O DN base de onde deve ser buscado um usuário no LDAP/AD.",
"LDAP_UID": "O atributo utilizado na busca de um uusário. Pode ser uid, cn, e-mail, sAMAccountName ou outro atributo dependendo LDAP/AD.",
diff --git a/src/portal/src/i18n/lang/tr-tr-lang.json b/src/portal/src/i18n/lang/tr-tr-lang.json
index d7b158dfb..07964a999 100644
--- a/src/portal/src/i18n/lang/tr-tr-lang.json
+++ b/src/portal/src/i18n/lang/tr-tr-lang.json
@@ -813,6 +813,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "Yetkilendirme Modu",
+ "PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "Proje oluşturma",
"SELF_REGISTRATION": "Kendi Kendine Kayıt Yapmaya İzin Ver",
"AUTH_MODE_DB": "Veritabanı",
@@ -834,6 +835,7 @@
"SELF_REGISTRATION_DISABLE": "Kaydolmayı devre dışı bırak.",
"VERIFY_REMOTE_CERT": "İmaj çoğaltmanın uzak Harbor kayıt defterinin sertifikasını doğrulaması gerekip gerekmediğini belirleyin. Uzak kayıt defteri kendinden imzalı veya güvenilmeyen bir sertifika kullandığında bu kutunun işaretini kaldırın.",
"AUTH_MODE": "Varsayılan olarak kimlik doğrulama modu veritabanıdır, yani kimlik bilgileri yerel bir veritabanında saklanır. Bir LDAP sunucusunda bir kullanıcının kimlik bilgilerini doğrulamak istiyorsanız, LDAP olarak ayarlayın.",
+ "PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "LDAP / AD sunucusunu arama iznine sahip bir kullanıcının DN'si. LDAP / AD sunucunuz anonim aramayı desteklemiyorsa, bu DN ve ldap_search_pwd'yi yapılandırmanız gerekir.",
"LDAP_BASE_DN": "LDAP / AD'de bir kullanıcı aranacak temel DN.",
"LDAP_UID": "Bir kullanıcıyla eşleşmek için aramada kullanılan özellik. LDAP / AD'nize bağlı olarak, kullanıcı kimliği, cn, e-posta, sAMAccountName veya diğer özellikler olabilir.",
diff --git a/src/portal/src/i18n/lang/zh-cn-lang.json b/src/portal/src/i18n/lang/zh-cn-lang.json
index fa6bc453c..d47be6e24 100644
--- a/src/portal/src/i18n/lang/zh-cn-lang.json
+++ b/src/portal/src/i18n/lang/zh-cn-lang.json
@@ -815,6 +815,7 @@
"SESSION_TIMEOUT": "会话过期时间(分钟)",
"SESSION_TIMEOUT_INFO": "设置 Harbor UI 的会话过期时间。默认值为60分钟。",
"AUTH_MODE": "认证模式",
+ "PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "项目创建",
"SELF_REGISTRATION": "允许自注册",
"AUTH_MODE_DB": "数据库",
@@ -836,6 +837,7 @@
"SELF_REGISTRATION_DISABLE": "禁用注册功能。",
"VERIFY_REMOTE_CERT": "确定镜像复制是否要验证远程Harbor实例的证书。如果远程实例使用的是自签或者非信任证书,不要勾选此项。",
"AUTH_MODE": "默认认证模式为数据库认证,即用户凭证存储在本地数据库。如果使用LDAP来认证用户,则设置为LDAP。",
+ "PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "有搜索权限的LDAP用户DN。如果LDAP服务器不支持匿名搜索,则需要配置此DN及其密码。",
"LDAP_BASE_DN": "用来在LDAP和AD中搜寻用户的基础DN。",
"LDAP_UID": "在搜索中用来匹配用户的属性,可以是uid,cn,email,sAMAccountName或者其它LDAP/AD服务器支持的属性。",
diff --git a/src/portal/src/i18n/lang/zh-tw-lang.json b/src/portal/src/i18n/lang/zh-tw-lang.json
index 8edcadd92..15cdd380e 100644
--- a/src/portal/src/i18n/lang/zh-tw-lang.json
+++ b/src/portal/src/i18n/lang/zh-tw-lang.json
@@ -810,6 +810,7 @@
"SESSION_TIMEOUT": "Session Timeout (Minutes)",
"SESSION_TIMEOUT_INFO": "Set the session timeout for Harbor UI. The default is 60 minutes.",
"AUTH_MODE": "認證模式",
+ "PRIMARY_AUTH_MODE": "Primary Auth Mode",
"PRO_CREATION_RESTRICTION": "項目創建",
"SELF_REGISTRATION": "允許自註冊",
"AUTH_MODE_DB": "數據庫",
@@ -831,6 +832,7 @@
"SELF_REGISTRATION_DISABLE": "禁用註冊功能。",
"VERIFY_REMOTE_CERT": "確定鏡像複製是否要驗證遠程Harbor實例的證書。如果遠程實例使用的是自籤或者非信任證書,不要勾選此項。",
"AUTH_MODE": "默認認證模式為數據庫認證,即用戶憑證存儲在本地數據庫。如果使用LDAP來認證用戶,則設置為LDAP。",
+ "PRIMARY_AUTH_MODE": "This auth mode becomes the default way for users to login. The login screen where the user selects to login via the identity provider or via local DB will automatically redirect the user to this identity provider. Login via DB is possible when visiting the url '/account/sign-in' explicitly.",
"LDAP_SEARCH_DN": "有搜索權限的LDAP用戶DN。如果LDAP服務器不支持匿名搜索,則需要配置此DN及其密碼。",
"LDAP_BASE_DN": "用來在LDAP和AD中搜尋用戶的基礎DN。",
"LDAP_UID": "在搜索中用來匹配用戶的屬性,可以是uid,cn,email,sAMAccountName或者其它LDAP/AD服務器支持的屬性。",
diff --git a/src/server/v2.0/handler/systeminfo.go b/src/server/v2.0/handler/systeminfo.go
index de22b7625..5962107bf 100644
--- a/src/server/v2.0/handler/systeminfo.go
+++ b/src/server/v2.0/handler/systeminfo.go
@@ -69,6 +69,7 @@ func (s *sysInfoAPI) convertInfo(d *si.Data) *models.GeneralInfo {
}
res := &models.GeneralInfo{
AuthMode: &d.AuthMode,
+ PrimaryAuthMode: &d.PrimaryAuthMode,
SelfRegistration: &d.SelfRegistration,
HarborVersion: &d.HarborVersion,
}