search

ironmansoftware / universal-dashboard

Build beautiful websites with PowerShell.
https://universaldashboard.io
GNU Lesser General Public License v3.0
448 stars 83 forks source link

SAML 2.0/Shibboleth Support for Authentication Method #320

Open joalcorn opened 6 years ago

joalcorn commented 6 years ago

Being able to leverage a SAML2-compliant authentication method/provider (e.g. ADFS, OneLogin, Okta, Auth0) would be a win for corporations who require new products/tools to be integrated into the current enterprise auth provider.

urskog84 commented 6 years ago

+1

exactmike commented 6 years ago

+1

petercovach commented 6 years ago

+1

adamdriscoll commented 4 years ago

Now that UD supports OpenID Connect, how important is this? I know they are different methods entirely but after a little Googling it looks like many of the listed providers also support OpenID Connect. For ADFS, we also have WS-FED implemented.

This is one of the most upvoted issues so I want to make sure we take a look (better late than never....)

petercovach commented 4 years ago

@adamdriscoll I believe the WS-FED resoles this issue. I know it works properly with ADFS so at this point I'm satisfied.

joalcorn commented 4 years ago

It may suffice. I played with it when I first saw the release notes mentioning it, but I was failing to get any claims read by UD from the IdP, and I didn't have time to pursue it.

Also, WS-FED is fine for those running ADFS or AzureAD, but for people like me who run some other SAML-based IdP, like Shibboleth, it is not as useful. For either OpenID or WS-FED, the docs are also heavily MS-leaning, so it is a bit of a struggle for those of us who do not use a MS-stack IdP to make it work.

On Wed, Jan 22, 2020 at 6:56 AM Adam Driscoll notifications@github.com wrote:

Now that UD supports OpenID Connect, how important is this? I know they are different methods entirely but after a little Googling it looks like many of the listed providers also support OpenID Connect. For ADFS, we also have WS-FED implemented.

This is one of the most upvoted issues so I want to make sure we take a look (better late than never....)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ironmansoftware/universal-dashboard/issues/320?email_source=notifications&email_token=AABMMU6UQ7FMYRPQFV5IPSTQ7BNB7A5CNFSM4FR3U5E2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJT262I#issuecomment-577220457, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABMMU2KDJDP7SJDYBGLLFDQ7BNB7ANCNFSM4FR3U5EQ .

joalcorn commented 4 years ago

I have done some more playing with OIDC. The only thing missing that I think would make this an adequate replacement for SAML would be the ability to specify scope as part of New-UDAuthenticationMethod, so we can move beyond the default claim set.