[389-users] Re: SSO and 389

2022-03-12 Thread Olivier JUDITH
Hi ,

In my previous work , I have deployed a SSO solution based on Keyloack (
https://www.keycloak.org
)


   1.
   




 and 389 as backend ldap.
It Handles more than 3000 accounts and groups updated mostly from  an
ActiveDirectory.
The 389 was also used as Unix/Linux  ldap authentication.

Regards,



Le mer. 26 janv. 2022 à 12:05, N R  a écrit :

> Hi,
>
> I've done some SAML SSO integrations and work regularly with FreeIPA.
>
> SSO is usually handled via a protocol like SAML, OpenID or Shibboleth,
> FreeIPA only serves as LDAP Identity database in these architectures.
> Our deployments used a "proxy" to handle these authentications and link
> them with LDAP, SimpleSAMLPHP.
>
> The implementation also depends a lot on the way you want to do SSO,
> centralized, federated, or cooperative.
>
> I would recommend to take a look at simplesamlphp documentation as it
> supports almost every SSO protocols and can easily be integrated to proxy
> SSO web requests.
>
> Regards,
> Nicolas
>
>
>
> Le lun. 10 janv. 2022 à 19:50, Jonathan Aquilina 
> a écrit :
>
>> Good Evening,
>>
>>
>>
>> I am just wondering can 389 along side free ipa be used to offer SSO
>> capabilities?
>>
>>
>>
>> Regards,
>>
>> Jonathan
>> ___
>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>> Do not reply to spam on the list, report it:
>> https://pagure.io/fedora-infrastructure
>>
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure


[389-users] Re: SSO and 389

2022-01-26 Thread N R
Hi,

I've done some SAML SSO integrations and work regularly with FreeIPA.

SSO is usually handled via a protocol like SAML, OpenID or Shibboleth,
FreeIPA only serves as LDAP Identity database in these architectures.
Our deployments used a "proxy" to handle these authentications and link
them with LDAP, SimpleSAMLPHP.

The implementation also depends a lot on the way you want to do SSO,
centralized, federated, or cooperative.

I would recommend to take a look at simplesamlphp documentation as it
supports almost every SSO protocols and can easily be integrated to proxy
SSO web requests.

Regards,
Nicolas



Le lun. 10 janv. 2022 à 19:50, Jonathan Aquilina 
a écrit :

> Good Evening,
>
>
>
> I am just wondering can 389 along side free ipa be used to offer SSO
> capabilities?
>
>
>
> Regards,
>
> Jonathan
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure