I have a private Docker registry sitting behind a secure instance of Apache / Ubuntu in Amazon cloud. Apache handles the corporate authentication via Shibboleth module (single-sign-on). So, using a web browser, there is no issue in searching and deleting container images in the registry after successful authentication. However, the command "docker login https://some.domain" including username, password and email from a different server just hangs and does not respond. Unfortunately, Apache, docker registry and shibboleth logs are not very helpful either even in debug mode.
I will be very keen to hear from anyone who has experience in securing a private docker registry via Apache & shibboleth where corporate enterprise IDs and SSO are required.
Shibboleth authentication via the Apache mod_shib module requires redirecting the end-user back to their home Identity Provider (IdP) where they will then be redirected back to the application's Service Provider (SP) with a valid session. This is a great pattern for fully-web-based applications, but this model can't be applied to command-line applications or applications that can't follow this model of web-based redirection.