Thanks for the response Tobias. Hope you can share with me your references on setting up a CIAM running on OpenBSD. I ran into FusionAuth and liked what I saw on client self-service registration and web-based user identity management; though they are Java-based, it seems that their disappointing definition of open source is that it runs on Linux. Thanks.
On Sun, Jul 24, 2022 at 8:39 PM Tobias Fiebig < tob...@reads-this-mailinglist.com> wrote: > Heho, > I think getting the basis going is not too hard; There is LDAP and iirc > also krb5 in base (if not, it is in ports), and you can always shoot for AD > with smb4. > > The bigger problem, though, is most likely getting a proper 'web-ish' SSO > provider for sth. like SAML or OpenID going. IIRC there are some PHP > implementations running against an LDAP fine; But the question then is > whether OpenBSD provides that much benefit if SSO goes through some random > PHP app with a questionable update record. > > For the more common SAML/OpenID providers, you probably run into the issue > that most of these apps are either a) build to be funny appliances, or b) > build to run in _some_ form of docker-ish environment (or, as I call it: > The enterprise problem)... > > I am planning to $somewhen setup something similar with OpenBSD and will > be happy to share docs (if I get around to it); But that will most likely > also be 'not safe for production' anyway... > > With best regards, > Tobias > > > > > -----Original Message----- > From: owner-m...@openbsd.org <owner-m...@openbsd.org> On Behalf Of Tito > Mari Francis Escaño > Sent: Sunday, 24 July 2022 07:11 > To: misc@openbsd.org > Subject: CIAM recommendation > > Hi everyone, > Can you please recommend package(s) I can setup on OpenBSD to create a > CIAM or customer identity and access management system? This is to provide > SSO between enterprise applications. While it's easy to go for Linux > option, I prefer to build on top of the security offered by OpenBSD from > the ground up. > Would appreciate your pointers on this. > Thank you. > >