Open Schaussi opened 8 years ago
Interesting idea! Another option would be to support external authentication providers #336.
See also the Discourse plugin and foodcoop-adam's userinfo and vokomokum plugins.
Hey, great that this is already being proposed. LDAP support would be particularly useful as I am thinking about packaging this application for self-hosting with the https://yunohost.org/ project (which makes great use of a LDAP SSO integration).
If someone could point me in the right direction of which extension/plugin/whatever might be suitable for using and if the PR would be accepted, then I might give it a shot. I'm no Ruby programmer but let's see :bomb:
A very quick reply on how external SSO for Foodsoft may look like. The most clean way would be to add support in Foodsoft #336, but until that has happened, a plugin could be a solution now.
The vokomokum plugin uses a shared cookie and queries an external service for auth information based on the cookie, and auto-creates users and groups based its response. But the plugin also does many other things, so it's not that straightforward to pick out the things you need, I guess.
I'd start making something like this:
ApplicationController#redirect_to_login
(like here) to redirect to a custom controller in the plugin that does the loginlogout
there to do single-logoutlogin
action, which checks if user is logged into SSO
One question: what does SSO mean here in "LDAP SSO"? Is it a) that you enter your credentials once, and then you use the 'login' in other applications (like OAuth)? Or is it b) that you have a central username/password combination, which you can use to log into Foodsoft?
Just another suggestion; would be useful especially in environments with already existing centralized user management.