Closed Sprooty closed 4 months ago
tobychui
commented
4 months ago Hi @Sprooty,
Currently we have no plan to support basic auth group that can be assigned to different endpoints. However, the coming SSO function which features an oAuth server and a SSO portal will allow you to login to multiple endpoints with a self-defined login portal. I think this would have already covered your use cases?
Sprooty
commented
4 months ago Hi @tobychui, SSO for home use i would suggest it is is a bridge too far for home users. Oauth is a foreign concept to many people.
You have mentioned you may be running an oauth server internal to Zoraxy, but what will your datastore be? something internal to Zoraxy? or are you going to link into LDAPs or a DB?
If home users/power users is part of your target market, i would have a think about making functions of Zoraxy dependent on having SSO. Most stacks i use across the board don't even support SSO.
Not a dealbreaker for me, if we can't have 1:many or many:many mapping of generic users, ill just maintain them individually.
Thanks for the prompt response.
tobychui
commented
4 months ago Hey @Sprooty
Thanks for the input. SSO and oauth are two different module in our current roadmap. I guess in Zoraxy SSO implementation (which is still in the planning phrase), you will get a build in login interface with a GET parameter following for post login redirection. Something like auth.yourdomain.com/login?redirect=service.yourdomain.com. The SSO might also support 2FA or TOTP and acts kind of like an advance version of basic auth but with much prettier UI and safer authentication mechanism, all without the need of the upstream application supporting oauth login.
Oauth is another feature that I want to support, as we will need to maintain a user authentication database anyway, it make no sense to not adding in an oauth server just for other services that do supports it.
Sprooty
commented
4 months ago Hi @tobychui, just wanted to clarify. You have mentioned SSO, but the way you have described your intent, i suspect may not align to what many expect when "SSO Support" is mentioned.
If you are going to implement SSO allowing Zoraxy to be an SP (service provider), you will usually have SAML or Oauth2 support to integrate into an IDP (identity provider).
If your not going to support SAML or Oauth straight away, id be hesitant on any statements saying Zorazy has SSO support.
It sounds to me what your are describing is an advanced user management function with 2FA capability etc.
Look forward to seeing the project evolve.
yeungalan
commented
4 months ago I believe zoraxy will support both SP and Idp in the future but right now we are still planning about that :)
Is your feature request related to a problem? Please describe. Currently Basic auth credentials are created per endpoint
Describe the solution you'd like I would like to be able to apply existing creds to an endpoint, have global creds, or group endpoints into groups with relevant linked creds
Describe alternatives you've considered NA. Workaround currently is to manually apply creds to each endpoint.