kutt icon indicating copy to clipboard operation
kutt copied to clipboard
verified publisher icon thedevs-network

SSO for Kutt

Open jchurchward opened this issue 11 months ago • 3 comments

I am requesting the implementation of Entra ID (formerly Azure AD) Single Sign-On (SSO) capability for Kutt. This feature would enhance the user experience by allowing seamless and secure authentication through credentials managed in Entra ID.

Benefits:

  • Enhanced Security: Utilising Entra ID enables integration with advanced security features like multi-factor authentication (MFA), conditional access, and compliance with enterprise security policies.
  • Streamlined User Experience: Users can log in using their existing Entra ID credentials, reducing the need for separate usernames and passwords. Centralised Identity Management: Ability to manage user access, permissions, and de-provisioning through a single platform, simplifying administration.

For reference, Pingvin-Share implements a similar approach. In their setup, users and admins log in using Entra ID (formerly Azure AD) SSO, while all shared files remain accessible anonymously. This model closely aligns with the functionality being proposed. You can explore their implementation here: Pingvin-Share GitHub Repository.

jchurchward avatar Jan 24 '25 23:01 jchurchward

The user experience would be further enhanced by supporting OAuth 2.0 and/or OIDC, and not limiting to credentials managed in Entra ID.

If you search the issues you can find there was an old post with work and forks done to provide OIDC https://github.com/thedevs-network/kutt/issues/367 and [poeti8] was "not interested." Here is one of the kutt forks with OIDC by @rophy https://github.com/rophy/kutt

The Pingvin-Share docs https://stonith404.github.io/pingvin-share/setup/oauth2login identify multiple Built-in OAuth 2 Providers.

Kutt v3.x with OIDC would be great.

chrislawso avatar Jan 26 '25 07:01 chrislawso

Yes, It would be great, to basically support OpenId Connect and/or Saml2 as integration protocols with external Identity Providers.

diegopatinor avatar Feb 28 '25 19:02 diegopatinor

Adding my support to this request in general and OIDC specifically. It's one of very few services on my network that I can't integrate with Authentik yet, which I use as a launcher and SSO for pretty much everything.

I would not recommend LDAP as a solution because it seems fundamentally incompatible with anything but a username and password, like MFA codes, passkeys, etc.

skjdghsdjgsdj avatar Mar 25 '25 21:03 skjdghsdjgsdj