Add allowed_groups to sso-proxy docs

8ed88638 · ale · fe763606 · 8ed88638
Commit 8ed88638 authored 6 years ago by ale
--- a/README.md
+++ b/README.md
@@ -120,7 +120,8 @@ it wouldn't be safe for them to trust this information anyway, unless
 they have a way to ensure it comes only from the trusted sso-proxy
 (perhaps using TLS or other forms of transport verification). Finally,
 *sso-proxy* only handles incoming requests based on their Host
-attribute, not the request path.
+attribute, not the request path. And the only access control rules
+currently supported are group-based.

 The proxy server has its own configuration file, */etc/sso/proxy.yml*
 by default, which has the following attributes:
@@ -135,6 +136,8 @@ by default, which has the following attributes:
 * `backends` is the list of configured endpoints and associated
  backends, each entry has the following attributes:
  * `host` the HTTP host to serve
+  * `allowed_groups` is a list of the groups whose users will be
+    allowed access to the service
  * `upstream` is a list of *host:port* addresses for the upstream
    backends
  * `tls_server_name` allows you to explicitly set the value of the