Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML2 Integration for login #34

Open
lusu007 opened this issue Jan 16, 2021 · 2 comments
Open

SAML2 Integration for login #34

lusu007 opened this issue Jan 16, 2021 · 2 comments
Labels
priority: high The referenced issue/pr has a high priority. scope: backend The referenced issue/pr is about the backend package scope: frontend The referenced issue/pr is about the frontend package type: feature The referenced issue/pr is about a feature.
Milestone
v1.1.0

Comments

@lusu007
Copy link
Contributor

lusu007 commented Jan 16, 2021
edited
Loading

Describe the solution you'd like
We need SAML2 integration for integrating this webapp with our current infrastructure.
@lusu007 lusu007 added priority: high The referenced issue/pr has a high priority. scope: backend The referenced issue/pr is about the backend package scope: frontend The referenced issue/pr is about the frontend package type: feature The referenced issue/pr is about a feature. labels Jan 16, 2021
@lusu007 lusu007 added this to the v1.1.0 milestone Jan 17, 2021
@DevSpork
Copy link

DevSpork commented Mar 7, 2021
edited
Loading

Hey, out of interest and because it wasn't assigned yet I tried to implement this feature here. It's still in an early state, there is very little documentation, it's probably against your style guides and it's only tested with Keycloak so no idea if this works with other IDPs. Nevertheless, whilst working on this, I stumbled across a little problem. In (at least my SAML provider) there is no numeric userid which leads to errors when querying for schematics and highmaps. To work around this a rather simple but ugly fix would be to md5 hash the username and interpret that hash as hex number. But there are several issues with this (username change?). But I don't want to fiddle with the db schema so what is your suggestion?

@J3SKO
Copy link
Contributor

J3SKO commented Mar 8, 2021

Nice that you want to handle this issue :)

General

  • SAML2 should be implement as an additional strategy
  • The preferred strategy should be set by environment variable (default: local)

Database

  • Each strategy should have its separate table
  • The ID should act as a table index, so it does not have to be provided by the strategy
  • Identification via email and so on by the strategy

Views / APIs

All pages / APIs that are no longer needed should be disabled (e.g. /pw-reset or /management/users)

If you have further questions, don't hesitate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: high The referenced issue/pr has a high priority. scope: backend The referenced issue/pr is about the backend package scope: frontend The referenced issue/pr is about the frontend package type: feature The referenced issue/pr is about a feature.
Projects
None yet
Milestone
v1.1.0
Development

No branches or pull requests
3 participants
@lusu007 @DevSpork @J3SKO