universal-dashboard
universal-dashboard copied to clipboard
ironmansoftware
SAML 2.0/Shibboleth Support for Authentication Method
Being able to leverage a SAML2-compliant authentication method/provider (e.g. ADFS, OneLogin, Okta, Auth0) would be a win for corporations who require new products/tools to be integrated into the current enterprise auth provider.
Now that UD supports OpenID Connect, how important is this? I know they are different methods entirely but after a little Googling it looks like many of the listed providers also support OpenID Connect. For ADFS, we also have WS-FED implemented.
This is one of the most upvoted issues so I want to make sure we take a look (better late than never....)
@adamdriscoll I believe the WS-FED resoles this issue. I know it works properly with ADFS so at this point I'm satisfied.
It may suffice. I played with it when I first saw the release notes mentioning it, but I was failing to get any claims read by UD from the IdP, and I didn't have time to pursue it.
Also, WS-FED is fine for those running ADFS or AzureAD, but for people like me who run some other SAML-based IdP, like Shibboleth, it is not as useful. For either OpenID or WS-FED, the docs are also heavily MS-leaning, so it is a bit of a struggle for those of us who do not use a MS-stack IdP to make it work.
On Wed, Jan 22, 2020 at 6:56 AM Adam Driscoll [email protected] wrote:
Now that UD supports OpenID Connect, how important is this? I know they are different methods entirely but after a little Googling it looks like many of the listed providers also support OpenID Connect. For ADFS, we also have WS-FED implemented.
This is one of the most upvoted issues so I want to make sure we take a look (better late than never....)
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ironmansoftware/universal-dashboard/issues/320?email_source=notifications&email_token=AABMMU6UQ7FMYRPQFV5IPSTQ7BNB7A5CNFSM4FR3U5E2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJT262I#issuecomment-577220457, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABMMU2KDJDP7SJDYBGLLFDQ7BNB7ANCNFSM4FR3U5EQ .
I have done some more playing with OIDC. The only thing missing that I think would make this an adequate replacement for SAML would be the ability to specify scope as part of New-UDAuthenticationMethod, so we can move beyond the default claim set.