Open bf8392 opened 3 years ago
@bd8392 my counter proposal would be to bring JWTAuthneticationProvider
for third party identity management. You can always spin more advanced security provider such Keycloak which will bring all necessary functionalities you mention.
While totp integration is not that hard, it is adding more weight to security subsystem maintained by very few folks.
@bd8392 my counter proposal would be to bring
JWTAuthneticationProvider
for third party identity management. You can always spin more advanced security provider such Keycloak which will bring all necessary functionalities you mention. While totp integration is not that hard, it is adding more weight to security subsystem maintained by very few folks.
Nice idea! What about building an add-on for 2 fa :-). (Keycloak is a little heavy for a pi for example)
@bd8392 my counter proposal would be to bring
JWTAuthneticationProvider
for third party identity management. You can always spin more advanced security provider such Keycloak which will bring all necessary functionalities you mention. While totp integration is not that hard, it is adding more weight to security subsystem maintained by very few folks.
Hi =) I thought about your approach, after using OH3 for some time now...I think the problem with it is, that the App and the api won't work anymore if you have "external" auth, as it is not implemented there...would't it be easier to integrate this directly in the new OH3 auth-system and the main ui? Would it help the "maintainance case" if implemented this like binding? For example with this code: https://github.com/samdjstevens/java-totp ?
Hy :-) I want to discuss some additional security-measures for OpenHab to make it better for Selfhost and put off some weight of myopenhab :-). Here are my suggestions:
With all this, you would have a perfect Selfhost-solution for OpenHab that most people maybe prefer...later the Amazon skill can maybe adapted, so you can use Amazon wothout myopenhab cloud. All this would put off weight of myopenhab, because people can more easy Selfhost :-). It also would make OpenHab more indipendent to all other solutions I know...
I think Https is with let's-encrypt by default would also be nice, but don't know if this is an easy measure to directly integrate... traefik would be a cool option, but I don't think that it can be directly integrated in OpenHab, as it is a docker-only solution. Https would also lead to the possibility to directly integrate TLS-security options...
I think all this is a lot of work, and I would be happy to help testing and find some members who want to work together on this :-). Who is in for help and/or discussion? :-)