Heho, I think getting the basis going is not too hard; There is LDAP and iirc also krb5 in base (if not, it is in ports), and you can always shoot for AD with smb4.
The bigger problem, though, is most likely getting a proper 'web-ish' SSO provider for sth. like SAML or OpenID going. IIRC there are some PHP implementations running against an LDAP fine; But the question then is whether OpenBSD provides that much benefit if SSO goes through some random PHP app with a questionable update record. For the more common SAML/OpenID providers, you probably run into the issue that most of these apps are either a) build to be funny appliances, or b) build to run in _some_ form of docker-ish environment (or, as I call it: The enterprise problem)... I am planning to $somewhen setup something similar with OpenBSD and will be happy to share docs (if I get around to it); But that will most likely also be 'not safe for production' anyway... With best regards, Tobias -----Original Message----- From: owner-m...@openbsd.org <owner-m...@openbsd.org> On Behalf Of Tito Mari Francis Escaño Sent: Sunday, 24 July 2022 07:11 To: misc@openbsd.org Subject: CIAM recommendation Hi everyone, Can you please recommend package(s) I can setup on OpenBSD to create a CIAM or customer identity and access management system? This is to provide SSO between enterprise applications. While it's easy to go for Linux option, I prefer to build on top of the security offered by OpenBSD from the ground up. Would appreciate your pointers on this. Thank you.
