flowfuse icon indicating copy to clipboard operation
flowfuse copied to clipboard

Published 20 hours ago verified publisher icon FlowFuse

Add LDAP to SSO support

Open zackwasli opened this issue 1 year ago • 4 comments

Description

It would be useful to support a wider range of SSO protocols like LDAP, in addition to SAML (currently supported)

Requested by

-https://app-eu1.hubspot.com/contacts/26586079/record/0-2/9822854636 -https://app-eu1.hubspot.com/contacts/26586079/record/0-2/10135626714

zackwasli avatar Aug 03 '23 14:08 zackwasli

@MarianRaphael can we get the product work on this started?

ZJvandeWeg avatar Mar 12 '24 16:03 ZJvandeWeg

Not sure how to size that, would need more insight from @knolleary

joepavitt avatar Apr 30 '24 12:04 joepavitt

This could be done by inserting something like keycloak, I have a local test setup for SSO which uses my local LDAP as the source of users/groups. Would be zero code change for FF, but is one more thing to manage.

hardillb avatar May 10 '24 09:05 hardillb

My concern of delegating this to keycloak is, for self-hosted, its another component for the user to have to configure - and keycloak isn't the most accessible in my experience.

There is a passport plugin for ldap that will do most of the heavy lifting. The harder work (true for either approach) is figuring out the typical configuration side of things - what information is needed to configure ldap fully and how we capture that.

knolleary avatar May 10 '24 13:05 knolleary