RocketChat
Add HTTP SSO
Add HTTP Auth by serverside variables "PHP_AUTH_USER"/"REMOTE_USER". This variables can be proxied by nginx/apache/iis with kerberos/ntlm module.
This is easiest SSO method, which used by many web-applications, i don't understand why you still not implemented this.
May I ask why was this closed without being implemented, or is it implemented? If I understood the issue correctly, this is typically known as "header authentication", and is commonly use to delegate authentication to a reverse proxy.
May I ask why was this closed without being implemented, or is it implemented? If I understood the issue correctly, this is typically known as "header authentication", and is commonly use to delegate authentication to a reverse proxy.
Yep, it is. But rocket.chat already have saml support, which have this authentication method.
I realize rocket.chat has SAML and Oauth support, but that's not the same as header (reverse proxy) authentication. Header authentication has the following advantages:
- Single implementation across all applications that are integrated with the SSO (SAML or OAUTH) service, which means consistent behavior and single configuration across all applications.
- Out-of-the-box support of all other protocols supported by a given reverse proxy, e.g. apache supports almost all protocols under the sun!
- Less fiddling with individual applications to figure out how to integrate them with SAML or OAUTH.
It's certainly very much appreciated that rocket.chat supports SAML and OAUTH natively. I'm just trying to say that there is value still in header authentication.
Interesting feature I would like to see myself but using this will make the mobile apps unusable since they would have to support unknown authentication schemes.
Interesting feature I would like to see myself but using this will make the mobile apps unusable since they would have to support unknown authentication schemes.
This is important for workstations in private domain networks.