troubleshootme
commented
2 years ago I feel like SAML or OAUTH2 / OPENID would be the better option.
Open fukawi2 opened 3 years ago
troubleshootme
commented
2 years ago I feel like SAML or OAUTH2 / OPENID would be the better option.
xeruf
commented
2 years ago @troubleshootme these are just concrete SSO protocols ;) yes, OpenID Connect is the modern flexible standard to use here, though LDAP might also be sensible to sync customer information.
hrenard
commented
2 years ago @troubleshootme these are just concrete SSO protocols ;) yes, OpenID Connect is the modern flexible standard to use here, though LDAP might also be sensible to sync customer information.
Another approach to syncing is SCIM. It's only few endpoints to implements, and then the identity provider can push changes directly. OpenID Connect + SCIM is a neat combo.
ScionOfDesign
commented
2 years ago If this app gets open-source LDAP or OAuth support before Akaunting, it will have an indisputable competitive edge.
It would be great if support for SSO (eg, via Authelia)
When using Authelia via a reverse proxy, the authenticated username, email, name and groups are passed via HTTP headers:
Remote-UserRemote-NameRemote-EmailRemote-GroupsSee these docs for full information: https://www.authelia.com/docs/deployment/supported-proxies/
A couple of examples for how other projects implement support:
PAPERLESS_ENABLE_HTTP_REMOTE_USER)