First restructuring pass for auth section

source/authentication/insecure.rst

@@ -1,12 +1,19 @@
 .. _authentication-insecure:
 
-Other Insecure Options
-======================
+Insecure Options
+================
+.. danger::
 
-There are other insecure options that you may find Apache supports.
+    **Never** allow a production Open OnDemand installation to accept 
+    credentials over unencrypted connections.
 
-It's left to the reader to try those out. Open OnDemand developers
-highly discourage users attempting to authenticate with Apache's
-BASIC auth like PAM and LDAP as they are really quite insecure.
+There are other insecure options Apache still ships modules for 
+such as ``mod_auth_basic``. With Basic auth, the user’s password is
+Base-64-encoded and sent on *every* HTTP request, so even behind TLS the
+credential is exposed far more often than with modern single-sign-on
+solutions.
+
+For these reasons, Open OnDemand strongly discourages enabling Basic auth, 
+even when it is backed by PAM, LDAP, or any other password store. 
 
 Questions on these topics will be linked back to this page.

source/authentication/overview/configure-authentication.rst

@@ -1,7 +1,7 @@
 .. _authentication-overview-configure-authentication:
 
-Configure Apache Authentication
-===============================
+Apache Modules and the OOD Portal Generator
+===========================================
 
 Configure Authentication Module
 -------------------------------

source/authentication/tutorial-oidc-keycloak-rhel7.rst

@@ -37,7 +37,6 @@ please let us know by contacting us on the OnDemand Discourse at https://discour
 
 .. toctree::
    :maxdepth: 2
-   :numbered:
    :caption: Tutorial
 
    tutorial-oidc-keycloak-rhel7/install-keycloak

source/how-tos/app-development/interactive/form-widgets.rst

@@ -146,6 +146,9 @@ Form Widgets
     ``show_files`` is a boolean flag to show files or not. This defaults
     to true - it will show files.
 
+    ``popup_title`` is the title displayed in the modal. Default is 
+    "Select Your Working Directory".
+
     ``favorites`` allows you to override the :ref:`favorite paths you've added
     in files menu <add-shortcuts-to-files-menu>`.  Provide an array of new favorites
     or set to ``false`` to disable showing favorites altogether.
@@ -157,6 +160,7 @@ Form Widgets
           directory: "/fs/ess/project"
           show_hidden: true
           show_files: false
+          popup_title: "Select the Folder"
           favorites:
             - /fs/ess
             - /fs/scratch

source/installation.rst

@@ -6,7 +6,7 @@ Installation
 The OnDemand host machine needs to be setup *similarly* to a login node. This
 means that it will need:
 
-- RedHat/RockyLinux/AlmaLinux 8+ or Ubuntu 20.04-24.04 or Debian 12 or Amazon Linux 2023
+- RedHat/RockyLinux/AlmaLinux 8+ or Ubuntu 22.04-24.04 or Debian 12 or Amazon Linux 2023
 - the resource manager (e.g., Torque, Slurm, or LSF) client binaries and
   libraries used by the batch servers installed
 - configuration on both OnDemand node **and batch servers** to be able to
@@ -22,7 +22,8 @@ Open OnDemand, by default, expects Apache to have SSL enabled by :ref:`securing
    :numbered: 1
 
    installation/install-software
-   authentication
+   ood-authentication
+   integrated-authentication-solutions
    installation/add-ssl
    installation/modify-system-security
 

source/installation/install-software.rst

@@ -74,6 +74,7 @@ Open OnDemand uses these packages, among many others.
 
          .. code-block:: sh
 
+            sudo rpm --import https://yum.osc.edu/ondemand/RPM-GPG-KEY-ondemand
             sudo dnf install https://yum.osc.edu/ondemand/{{ ondemand_version }}/ondemand-release-web-{{ ondemand_version }}-1.el8.noarch.rpm
 
             sudo dnf install ondemand
@@ -82,21 +83,11 @@ Open OnDemand uses these packages, among many others.
 
          .. code-block:: sh
 
+            sudo rpm --import https://yum.osc.edu/ondemand/RPM-GPG-KEY-ondemand-SHA512
             sudo dnf install https://yum.osc.edu/ondemand/{{ ondemand_version }}/ondemand-release-web-{{ ondemand_version }}-1.el9.noarch.rpm
 
             sudo dnf install ondemand
 
-      .. tab:: Ubuntu 20.04
-
-         .. code-block:: sh
-
-            sudo apt install apt-transport-https ca-certificates
-            wget -O /tmp/ondemand-release-web_{{ ondemand_version }}.0-focal_all.deb https://apt.osc.edu/ondemand/{{ ondemand_version }}/ondemand-release-web_{{ ondemand_version }}.0-focal_all.deb
-            sudo apt install /tmp/ondemand-release-web_{{ ondemand_version }}.0-focal_all.deb
-            sudo apt update
-
-            sudo apt install ondemand
-
       .. tab:: Ubuntu 22.04
 
          .. code-block:: sh
@@ -134,6 +125,7 @@ Open OnDemand uses these packages, among many others.
 
          .. code-block:: sh
 
+            sudo rpm --import https://yum.osc.edu/ondemand/RPM-GPG-KEY-ondemand-SHA512
             sudo dnf install https://yum.osc.edu/ondemand/{{ ondemand_version }}/ondemand-release-web-{{ ondemand_version }}-1.amzn2023.noarch.rpm
 
             sudo dnf install ondemand

source/integrated-authentication-solutions.rst

@@ -0,0 +1,27 @@
+Authentication Solutions
+========================
+
+After reading how Apache modules work with OOD and setting up the user map, 
+Open OnDemand can then be integrated with your center's authentication solution 
+by following one of the tutorials below.
+
+.. note::
+
+   If you managed to install an Apache authentication module at your center
+   that currently does not have a tutorial listed below we would greatly
+   appreciate it if you could take the time to contribute a detailed
+   walk-through.
+
+.. toctree::
+   :maxdepth: 4
+   :caption: Known OOD Integrated Solutions
+
+   authentication/oidc
+   authentication/dex
+   authentication/shibboleth
+   authentication/cas
+   authentication/tutorial-oidc-keycloak-rhel7
+   authentication/duo-2fa-with-keycloak
+   authentication/adfs-with-auth-mellon
+   authentication/nsf-access
+   authentication/insecure

source/ood-authentication.rst

@@ -0,0 +1,34 @@
+.. _authentication:
+
+OOD Authentication
+==================
+
+After installing Open OnDemand you must:
+
+- **Configure OOD to work with an apache module** which will connect to your center's authentication solution to generate the correct Apache configuration. 
+- **Setup user mapping** to map the remote authenticated user to the corresponding local system user.
+- **Configure logout**.
+
+Each of these steps is covered in detail below.
+
+Open OnDemand supports most authentication modules that work with Apache HTTP
+Server version 2.4.
+
+.. tip::
+
+    :ref:`Dex <authentication-dex>` is a very good starting option if you can connect
+    to LDAP or Active Directory and not an institutional Single Sign-On service.
+
+.. warning::
+   No Open OnDemand functionality is available without an Apache module and user mapping 
+   configured. When no authentication is supplied Apache will only serve a static page that 
+   directs you to this page.
+
+.. toctree::
+   :maxdepth: 3
+   :caption: Setup Authentication Module, User Map, and Logout
+
+   authentication/overview/configure-authentication
+   authentication/overview/map-user
+   authentication/overview/configure-logout
+

source/requirements.rst

@@ -19,7 +19,6 @@ At this time OnDemand only supports the following operating systems and architec
 
    "RedHat/Rocky Linux/AlmaLinux 8",:raw-html:`✅`,:raw-html:`✅`,:raw-html:`✅`
    "RedHat/Rocky Linux/AlmaLinux 9",:raw-html:`✅`,:raw-html:`✅`,:raw-html:`✅`
-   "Ubuntu 20.04",:raw-html:`✅`,:raw-html:`✅`,:raw-html:`❌`
    "Ubuntu 22.04",:raw-html:`✅`,:raw-html:`✅`,:raw-html:`❌`
    "Ubuntu 24.04",:raw-html:`✅`,:raw-html:`✅`,:raw-html:`❌`
    "Debian 12",:raw-html:`✅`,:raw-html:`✅`,:raw-html:`❌`

source/security.rst

@@ -90,6 +90,6 @@ recommended in this guide and to regularly review security settings and updates.
 Relevant References
 -------------------
 
-- :ref:`Authentication Overview <authentication-overview>`
+- :ref:`Authentication Overview <authentication-overview-configure-authentication>`
 - :ref:`Logging <logging>`
 - :ref:`Customizations <customizations>`