Open xtrcode opened 10 months ago
wmnnd
commented
10 months ago Hey there, thank you for suggesting this feature! I’m definitely open to adding SSO options to Keila, but there are no concrete plans at this point. Would you be able/willing to support the addition SSO to Keila - either by providing code or with a sponsorship for the feature?
almereyda
commented
8 months ago We would be able to test a Keila SSO implementation against Authentik.
Our preferred implementation would go with OpenID Connect rather than OAuth2, since that's easier to configure, due to the configuration endpoints.
To note, SSO implementation can also greatly help adoption of the SaaS version, since it is often a requirement for commercial customers.
In the long run, requests for SCIM support can also be expected.
@xtrcode It appears you have put some thought into how this could be implemented. Which sequence of steps do you see for an implementation path?
Something along the lines of the following?
The groundwork of creating abstract classes for each different authentication method seems to be the largest effort in the beginning. Adding additional providers afterwards appears more simple.
xtrcode
commented
8 months ago I would be able to test as well, but currently I lack the time to actually PR the necessary changes.
The order lgtm. Implementing proxy authentication should be given priority as it is the simplest task.
We're currently looking into keila as a replacement for our newsletter tool. Sadly it doesn't seem to support SSO yet. Are there any plans to implement something like
in the future?
When considering SSO implementations like @goauthentik, the easiest short-term solution would be to support proxy authentication, in such way, that the login data would be supplied via HTTP authentication, completely ignoring the login form.
To protect keila from brute force attacks via HTTP authentication, the configuration must be expanded to explicitly define the ip/fqdn of the SSO server(s).
However, keep up the good work!