Any plans to have SSO?

[ti0rafa]

Are there any plans for "Single Sign On" option??.

Im trying to manage openKB users on my main app, and wanted to avoid different users.

[mrvautin]

It's been mentioned but no work has commenced. If you can set it up and submit a PR I would definitely merge it.

[TBK]

What kind of SSO do you need?

More specifically protocol and provider.

Passport would properly be the best option since it has support for 300+ authenticators - http://passportjs.org/docs

[mrvautin]

I would think the option for: Facebook, Google, Twitter and Github would be more than enough to cover everyone. What are your thoughts?

[TBK]

Throw LDAP into the mix and you also got local/corp deployments covered.

[ti0rafa]

Passportjs seems like a good option, if it can be integrated.

The provider: (in my case) will be my main app, it's a small ERP I help develop for a friend that needed a custom solution. So their users are managed locally.

The protocol: OAuth 2.0 probably is the way to go.

I was looking forward to an experience similar to what disqus or zendesk have for their SSO implementations. A very basic description of the process I hope I can achieve goes like this:

1. You configure the login/auth URL in openKB (config file, mongo document, etc)
2. When a user enters openKB and hits login they get redirected to what ever URL you previously configured
3. The login/auth URL does what ever it needs to authenticate the user
4. The login/auth URL grants a message to the user (JWT, Hash Signature, etc)
5. The user gets redirected back to openKB with the grant message
6. openKB validates the grant message and determines if its valid or not

I believe that experience can be achieve using passport if it can be integrated. And passport can help with the social logins for projects that need them.

[TBK]

So to satisfy everybody's needs as well as #72, following packages should suffice?

    "passport": "^0.3.2",
    "passport-oauth": "^1.0.0",
    "passport-ldapauth": "^1.0.0",
    "passport-facebook": "^2.1.1",
    "passport-twitter": "^1.0.4",
    "passport-google-oauth": "^1.0.0"

[TBK]

I have made a design concept for the user login:

I got the Facebook and Twitter login buttons from https://dribbble.com/shots/1358062-Social-Login-Buttons, the Google and GitHub I made based on the Twitter login button design.

I am not sure if a corp/org SSO login button is needed or what it should look like.

[mrvautin]

Looks good!

[TBK]

I am not sure how the Settings design should look and the same goes for what happens after the user clicks the "Login with ....." button.

Could be:

• New window opens
• Login modal
• Loads new site view

[unixben]

I think it would be more economical to use the font-awesome icons for the login services (fa-facebook, fa-github, fa-google and fa-twitter). Looks good regardless!

[plygrnd]

Definitely +1 for LDAP SSO! It'd be fantastic to be able to deploy in a corp environment without having to remember another password :)

[mrvautin]

I've already built LDAP into ezyFAQ but haven't had the chance to add it to openKB as yet.

[plygrnd]

Fair enough. Any chance you could build in Kerberos too? If not I'll send you a PR.

On Tue, 4 Apr 2017, 09:21 Mark Moffat, notifications@github.com wrote:

I've already built LDAP into ezyFAQ https://www.ezyfaq.com but haven't had the chance to add it to openKB as yet.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/mrvautin/openKB/issues/144#issuecomment-291428552, or mute the thread https://github.com/notifications/unsubscribe-auth/AUTwhNQCSSlH8mPUk4pqi3EmDCnKdK6Aks5rsf2dgaJpZM4Mf_io .

-- Regards, Daniel Urson

[TBK]

passport-kerberos

I have not had the time to adding passport support as of yet, might be able to do it next week.

[thenaturalist]

Hey there, any update on the plans for this?

[SalahAdDin]

👍

[skydiver]

Hello, i've added Google login using Passport.

You need to manually configure auth tokens from "config/config.json".

If anyone i interested on modify Admin > Settings page to load clientID, clientSecret and callbackURL will be great.

Feel free to add the rest of the providers with Passport and using Google as a template.

[xiddic]

I can't seem to find passport for AD integration? is the "strategy" for AD deprecated??

[JDCain]

For AD integration we're using passport with openkb and ADFS 4 using the openid connect functionality made available in 4. Although as of right now we're only using it to give view access and don't have modifications to give any rights.

[xiddic]

@JDCain The only thing halting me from deploying openkb is ad integration, do you have a working build, at the moment my nodejs dev level is to low to implement adfs and passport into openkb.

[SalahAdDin]

@TBK @skydiver Excellent, awesome.

[gonzalodiaz]

+1

[SalahAdDin]

:+1:

[joeyjmorales]

Hey Folks Super interested in this passport integration. Is there a plan to merge these? Thanks!