search

Nike-Inc / cerberus

The Cerberus micro-service, a secure property store for cloud applications. It includes a REST API, authentication and encryption features, as well as a self-service web UI for users.
http://nike-inc.github.io/cerberus
Apache License 2.0
63 stars 28 forks source link

[Feature Request] Support OIDC or SAML Flows #220

Open andrewkrug opened 5 years ago

andrewkrug commented 5 years ago

It would be great to support standards compliant OIDC for integration as an alternative to the direct integration with the Okta API. This would open the door for Cerberus to integrate with a variety of auth providers (including Okta).

fieldju commented 5 years ago

We have been talking about on turning Cerberus into a Gradle multi-project setup where different modules could be enabled / disabled via configuration. Very similar to how Kayenta is set up.

After we do this, we are thinking about scrapping the current user auth flow and creating a new one that is specific to OKTA (maybe it can be generic) and using the oath flow. This would establish a pattern for others wanting to make a module for XXXXX identity provider, and allow use to scrap our custom MFA stuff which doesn't work that well.

andrewkrug commented 5 years ago

@fieldju I would of course advocate for a web standard. Okta and Auth0 both support great OIDC flows. I'd be happy to advise on how we've decoupled this in a couple of our other apps as well using an auth proxy.