OpenCAD-php
OpenCAD-php copied to clipboard
opencad-community
Single sign-on.
We should look into implementing SSO support in OpenCAD so that communities can have users login into OpenCAD against their own authentication service.
Two options that come to mind are either...
-
We could implement OpenID support but this would require significant rework of the current login system.
-
Implement "HTTP Header Authentication", which would allow OpenCAD to sit behind a reverse proxy (think Autheilia or Cloudflare Access). OpenCAD's login flow would be bypassed and authenticate a user based on a header set by the reverse proxy.
I personally am in favor of the 2nd option as I would prefer to have another application handle authentication instead of OpenCAD itself.
I absolutely agree that the second option is more than likely the better one. Though adding onto this, we should look at two-factor auth as well.
From: Justin @.> Sent: Tuesday, June 14, 2022 11:37 PM To: opencad-app/OpenCAD-php @.> Cc: Subscribed @.***> Subject: [opencad-app/OpenCAD-php] Single sign-on. (Issue #423)
We should look into implementing SSO support in OpenCAD so that communities can have users login into OpenCAD against their own authentication service.
Two options that come to mind are either...
- We could implement OpenID support but this would require significant rework of the current login system.
- Implement "HTTP Header Authentication", which would allow OpenCAD to sit behind a reverse proxy (think Autheiliahttps://www.authelia.com/ or Cloudflare Accesshttps://developers.cloudflare.com/cloudflare-one/identity/users/validating-json/). OpenCAD's login flow would be bypassed and authenticate a user based on a header set by the reverse proxy.
I personally am in favor of the 2nd option as I would prefer to have another application handle authentication instead of OpenCAD itself.
— Reply to this email directly, view it on GitHubhttps://github.com/opencad-app/OpenCAD-php/issues/423, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADS4MAF27TYNELVBZ5ZCT3DVPFFV5ANCNFSM5YZYV3HA. You are receiving this because you are subscribed to this thread.Message ID: @.@.>>
@Cambridgeport90, do you mean native 2-factor or MFA as component of something like Duo?
As a component of something like Duo.
From: Phill Fernandes @.> Sent: Wednesday, June 15, 2022 8:30 AM To: opencad-app/OpenCAD-php @.> Cc: Katherine M. Moss @.>; Mention @.> Subject: Re: [opencad-app/OpenCAD-php] Single sign-on. (Issue #423)
@Cambridgeport90https://github.com/Cambridgeport90, do you mean native 2-factor or MFA as component of something like Duo?
— Reply to this email directly, view it on GitHubhttps://github.com/opencad-app/OpenCAD-php/issues/423#issuecomment-1156410957, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADS4MAAH7PZRZE7ZJKNVFCLVPHEFBANCNFSM5YZYV3HA. You are receiving this because you were mentioned.Message ID: @.@.>>
Okay. Good to know because while possible native 2FA for OpenCAD is possible but a separate conversation.
As a component of something like Duo. From: Phill Fernandes @.> Sent: Wednesday, June 15, 2022 8:30 AM To: opencad-app/OpenCAD-php @.> Cc: Katherine M. Moss @.>; Mention @.> Subject: Re: [opencad-app/OpenCAD-php] Single sign-on. (Issue #423) @Cambridgeport90https://github.com/Cambridgeport90, do you mean native 2-factor or MFA as component of something like Duo? — Reply to this email directly, view it on GitHub<#423 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADS4MAAH7PZRZE7ZJKNVFCLVPHEFBANCNFSM5YZYV3HA. You are receiving this because you were mentioned.Message ID: @.@.>>