sevmonster
commented
2 years ago Microsoft Office 365
FYI 365 uses Azure AD authentication, which supports SAML.
Open AndrewBucklin opened 2 years ago
sevmonster
commented
2 years ago Microsoft Office 365
FYI 365 uses Azure AD authentication, which supports SAML.
AndrewBucklin
commented
2 years ago Microsoft Office 365
FYI 365 uses Azure AD authentication, which supports SAML.
Ya, I noticed that later, but things like Exchange (on-prem), Remote Desktop Services, etc. requires WS-Federation, from what I can tell.
BeryJu
commented
2 years ago Valid feature request, but not something on the roadmap right now and not something I expect too many people want so this'll have to wait, however any contributions for this are welcome 🙂
bnsnlu
commented
1 year ago @AndrewBucklin Hey, what did you end up using? OpenIddict and Keycloak are the two free options I've come down to. Paid options are IdentityServer5 (Duende Software), Auth0, and Okta.
Seems like if you have time to develop, OpenIddict is the best because it's barebones and you can customize all you want. Keycloak is more like a product, so less customization, and it'll get the job done quicker. If you have the budget, then Auth0 seems to be good for the money. Identity server 5 is pretty pricey and Okta is not cheap either.
AndrewBucklin
commented
1 year ago @bnsnlu - Nothing yet. Our on-premise Exchange is still authenticating using the built-in forms-based authentication. We are holding out, hoping for WS-Federation support in Authentik, since we have successfully integrated all our other systems with it.
bnsnlu
commented
1 year ago @AndrewBucklin Thanks for the prompt reply! We might bite the bullet and use IdentityServer6. Trying to do a spike now. Thanks!
Smiley-k
commented
8 months ago Valid feature request, but not something on the roadmap right now and not something I expect too many people want so this'll have to wait, however any contributions for this are welcome 🙂
nobody knows that there is such a wonderful product as authentik ..... I've recently gotten acquainted myself and would be damn glad to add MS Exchange
Smiley-k
commented
8 months ago I found out that MS Exchange supports tokens, maybe you can try to do it, unfortunately I don't have MS Exchange at hand right now.
https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/inside-the-identity-token
jon91
commented
4 months ago So if ws-fed isn't supported, how do users log into a Windows machine, when their account is federated to authentik?
Is your feature request related to a problem? Please describe. No, just a regular feature request.
Describe the solution you'd like Would be great if WS-Federation (Web Services Federation) provider could be a supported provider in authentik, to allow for integrations with applications which require it for SSO (Microsoft Office 365, on-premise Microsoft Exchange, etc.).
Describe alternatives you've considered Here are some other products that already support WS-Federation (linked to the relevant documentation URL): Keycloak Auth0 Okta PingIdentity OneLogin Duo OpenIAM WSO2 Identity Server CyberArk Identity ForgeRock Identity Platform TheIdServer