Alpine
Alpine copied to clipboard
stevespringett
Add SAML Support
Investigate:
- https://github.com/pac4j/jax-rs-pac4j
- https://github.com/googleapis/google-oauth-java-client
I would like to connect Dependency-Track with GitLab as OAuth2 authentication provider and will investigate on this.
Further information: https://oauth.net/2/
+1 for SAML or OpenID support. What are next steps? Did you ever get around to investigating either of those auth plugins @stevespringett? How did they look?
I have not had a chance to investigate, but I think this should be a capability of the next major release.
I would love to get support for OIDC. Is this still on the roadmap? And can you estimate when the next major release will be?
Yes, still on roadmap. Lots of folks want it. Ticket is labeled 'help wanted', so if someone submits a quality PR with test cases, it will make it into a release sooner than relying on myself to do it.
is this feature planned to be in the 1.8.0? Since there is already a snapshot for 1.8.0, is there any ETA for oauth2?
Thank you :)
@BenjenJones this ticket states 'help wanted'. If there are contributions from the community to add the feature, then yes, it will be included in 1.8.0
I started to work on an OpenID Connect implementation a few days ago (https://github.com/nscuro/Alpine/tree/10-openidconnect-support). I did check out pac4j and google-oauth-java-client and found pac4j to be too invasive. For a clean pac4j implementation, I feel Alpine would need to migrate completely to pac4j, including its "standard" and LDAP authentication. I went the DIY route as it appears to align with Alpine's principles quite well (minimal dependencies, no BS).
I don't have all too much time to work on it and I cannot promise that it'll be "production ready" in a timely manner. This is just a heads up that someone is indeed somewhat actively working on this topic. But as I said, please don't expect anything until I submit a PR.
