authentik icon indicating copy to clipboard operation
authentik copied to clipboard

Published 20 hours ago verified publisher icon goauthentik

WS-Federation (Web Services Federation)

Open AndrewBucklin opened this issue 2 years ago • 3 comments

Is your feature request related to a problem? Please describe. No, just a regular feature request.

Describe the solution you'd like Would be great if WS-Federation (Web Services Federation) provider could be a supported provider in authentik, to allow for integrations with applications which require it for SSO (Microsoft Office 365, on-premise Microsoft Exchange, etc.).

Describe alternatives you've considered Here are some other products that already support WS-Federation (linked to the relevant documentation URL): Keycloak Auth0 Okta PingIdentity OneLogin Duo OpenIAM WSO2 Identity Server CyberArk Identity ForgeRock Identity Platform TheIdServer

AndrewBucklin avatar Jun 26 '22 15:06 AndrewBucklin

Microsoft Office 365

FYI 365 uses Azure AD authentication, which supports SAML.

sevmonster avatar Jul 08 '22 19:07 sevmonster

Microsoft Office 365

FYI 365 uses Azure AD authentication, which supports SAML.

Ya, I noticed that later, but things like Exchange (on-prem), Remote Desktop Services, etc. requires WS-Federation, from what I can tell.

AndrewBucklin avatar Jul 08 '22 19:07 AndrewBucklin

Valid feature request, but not something on the roadmap right now and not something I expect too many people want so this'll have to wait, however any contributions for this are welcome 🙂

BeryJu avatar Jul 08 '22 20:07 BeryJu

@AndrewBucklin Hey, what did you end up using? OpenIddict and Keycloak are the two free options I've come down to. Paid options are IdentityServer5 (Duende Software), Auth0, and Okta.

Seems like if you have time to develop, OpenIddict is the best because it's barebones and you can customize all you want. Keycloak is more like a product, so less customization, and it'll get the job done quicker. If you have the budget, then Auth0 seems to be good for the money. Identity server 5 is pretty pricey and Okta is not cheap either.

bnsnlu avatar Jan 23 '23 16:01 bnsnlu

@bnsnlu - Nothing yet. Our on-premise Exchange is still authenticating using the built-in forms-based authentication. We are holding out, hoping for WS-Federation support in Authentik, since we have successfully integrated all our other systems with it.

AndrewBucklin avatar Jan 25 '23 21:01 AndrewBucklin

@AndrewBucklin Thanks for the prompt reply! We might bite the bullet and use IdentityServer6. Trying to do a spike now. Thanks!

bnsnlu avatar Jan 25 '23 22:01 bnsnlu

Valid feature request, but not something on the roadmap right now and not something I expect too many people want so this'll have to wait, however any contributions for this are welcome 🙂

nobody knows that there is such a wonderful product as authentik ..... I've recently gotten acquainted myself and would be damn glad to add MS Exchange

Smiley-k avatar Nov 09 '23 01:11 Smiley-k

I found out that MS Exchange supports tokens, maybe you can try to do it, unfortunately I don't have MS Exchange at hand right now.

https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/inside-the-identity-token

Smiley-k avatar Nov 10 '23 16:11 Smiley-k

So if ws-fed isn't supported, how do users log into a Windows machine, when their account is federated to authentik?

jon91 avatar Feb 29 '24 18:02 jon91