Using AD for user provisioning and SAML for auth on RStudio Workbench

  1. Configure LDAP/AD with RSW (source)
    1. Install the prerequisites
    2. Join the underlying Linux server with Active Directory
    3. Configure the rstudio PAM profile
      # /etc/pam.d/common-session
      session required 
      session required skel=/etc/skel/ umask=0022

      cp /etc/pam.d/login /etc/pam.d/rstudio

      # /etc/pam.d/rstudio  
      auth [user_unknown=ignore success=ok ignore=ignore default=bad]  

      auth substack system-auth  
      auth include postlogin  
      account required  
      account include system-auth  
      password include system-auth  
      # close should be the first session rule  
      session required close 
      session required  
      session optional
      # open should only be followed by sessions
      # to be executed in the user context 

      session required open  
      session required  
      session optional force revoke  
      session include system-auth  
      session include postlogin  
      -session optional
  2. Change auth to SAML (source)
    # /etc/rstudio/rserver.conf

  3. Ensure that the SAML assertion has an attribute (on login) that matches the user's linux username exactly (i.e. the output of `getent passwd username`)