Using Multiple Authenticators

Driverless AI lets you enable multiple authentication methods at the same time. The following are some examples of when this can be useful:

• When you want to use single sign-on (SSO) options for the front-end and also give users direct access with credentials for headless setups like the Driverless AI Python client.

• When you want to allow access to users that are not managed by the provider of the primary authentication option.

To enable additional authentications methods, use the additional_authentication_methods config.toml setting.

Note: In order to let users access their data when using multiple authenticators, usernames for all of the enabled authentication methods need to match one another.

Multiple Authentication Methods Example

In this example, a user wants to use OpenID Connect authentication on the front-end and also let users use LDAP credentials to gain access with the Driverless AI Python client.

To enable both authentication methods, use the config.toml file to set the following parameters:

authentication_method = "openid"
additional_authentication_methods = "['ldap']"

# Configure OpenID Connect
auth_openid_provider_base_uri = ...

# Configure LDAP
ldap_server = ...

The primary authentication method’s login page is available on the standard /login path. All of the enabled authentication methods can be used on path /login/<authentication methods name>. For this example, it appears as:

/login/openid
/login/ldap

Users can then use the Python client with LDAP credentials by specifying the correct server address, username, and password in the client’s constructor:

import driverlessai

dai = driverlessai.Client(
    address='http://address.of.my.driverless:12345',
    username='username',
    password='password'
)