Comments (15)
Are we still going to implement this?
from mycorrhiza.
from mycorrhiza.
This is the list of all the api libraries available, we probably need this one
from mycorrhiza.
The feature in question turned out to be an overly complex hairball of different protocols and communication methods with a ton of enterprise sauce on the top which I couldn't understand in a reasonable timeframe, so I'm unassigning it from myself. Feel free to pick it up.
from mycorrhiza.
https://joonas.fi/2021/08/saml-is-insecure-by-design/ hehehe
from mycorrhiza.
@bouncepaw Depends on how would we implement it, and how hard it is. SSO is usually released as Enterprise/Premium feature. π€
from mycorrhiza.
So, maybe we should wait for some Enterprise/Premium money whale to come and offer gold for this feature? And close the issue for now, because I don't think it's going to happen any time soon.
from mycorrhiza.
LDAP environment seems a little complicated to reproduce and mostly relies on M$ software (even though we have OpenLDAP). Do we have a real chance to put Mycorrhiza into enterprise?
from mycorrhiza.
Ew, Microsoft. Not in this mushroom garden.
from mycorrhiza.
I mean, it looks very simple enough with a provided library, we just add one more user source and a whole configuration section. And it is usable in *nix enterprise networks with OpenLDAP installed, not only M$.
Just... Is anybody here ready to perform a proper battle test? I've lost some teeth setting up ADDC on Linux when was getting my bachelor degree. Though, NixOS could have some options to make it less painful.
from mycorrhiza.
If it is so easy, then why did @handlerug resigned themselves from the task? They said it was hard. I suppose it is.
As for battle testing, @Astrr seems to be the best candidate. They are the one with the biggest interest in SSO after all.
This library was provided above: https://github.com/jtblin/go-ldap-client
It seems so unstable tbh.
Dunno, ΠΊΠΎΡΠΎΡΠ΅.
from mycorrhiza.
About simplicity, look the usage example: https://github.com/jtblin/go-ldap-client#usage
I haven't look up any alternatives, but they're called low-level (we don't want stick hands into that, do we?).
By fact, this thing is just like simple sign-in, but instead of Mycorrhiza's own credentials DB is looks up the domain's one. The password should be sent with plain text in this case, though.
from mycorrhiza.
Uh oh alright let's keep this open then
from mycorrhiza.
It may look simple from the surface, but there might be some hidden gotchas that'll ruin the whole security model. I don't really want to deal with that possibility, so I resigned myself from the issue. Maybe it's simple, not like I know or care.
from mycorrhiza.
Yessss OpenID Connect support would be ideal, gonna take a look at #149 now π
from mycorrhiza.
Related Issues (20)
- `silentGitsh` ignores environment variables HOT 1
- Changing passwords HOT 10
- Make a new category auto-complete based on JavaScript
- Category descriptions
- Mycorrhiza 1.15 HOT 2
- Categories is not available HOT 8
- Make -create-admin more known HOT 1
- Rename hypha renames git repo instead HOT 5
- custom.css file HOT 6
- Caching static resources HOT 2
- Replace default static files HOT 5
- naming hypha 'wiki' results in unexpected behavior HOT 1
- A proper admin creation
- Language should be picked in settings by admins, not on client
- External links with a globe icon should always be on the same line HOT 7
- Add local time buttons in the editor
- Interwiki transclusion
- Can't remove media file from hypha HOT 4
- Math/LaTeX support in markup HOT 2
- Decrease tab-size HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mycorrhiza.