Jump to content

SAML2 Single Sign-On Support


Recommended Posts

Single Sign-On allows users to sign on to applications without providing their passwords to the application (or having to manage an application-specific password). Instead the user signs on to a SSO provider using SAML2 or oauth. The browser then uses the token provided by the authentication provider to logon to the application. This has numerous advantages, including support of two-factor authentication etc. There are public SSO providers such as Google and Facebook. Also many organizations use internal instances.

As SAML2 user authentication is likely to become mandatory for any deployed applications on our network, I was wondering whether Intella Connect could / will include SAML2 in an upcoming release.

Many thanks!
Dominique

 

Link to comment
Share on other sites

Hi Dale,

I'll need to think where to fit this in in our roadmap. Have you done any research about this topic already? I know that oauth is a well defined standard, but does being "oauth compliant" means that Connect could be configured with few params to work with either FB, Google or any other prioprietary implementation? So I guess it should be similar to LDAP integration in this regard.

Link to comment
Share on other sites

Lukasz - Thanks for responding. We are using SAML2. OAuth might not actually be fit here (see also https://www.ubisecure.com/uncategorized/difference-between-saml-and-oauth/).

Looking at this here: https://en.wikipedia.org/wiki/SAML_2.0#Web_Browser_SSO_Profile

What Intella would have to implement is the 'Service Provider' side. Example scenario:
image.png.12ef9c43c4e13017b70473813bdf23cf.png

Reference: https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf

Happy chat off-line on the more practical aspects.

Dominique

Link to comment
Share on other sites

Just to follow-up on the point of FB, Google etc. Yes, using a standard such as SAML2 or OpenID Connect (which is based on OAuth2) will enable the use of Google or FB as identity providers to authenticate users that access Intella. When it comes to OAuth2, you may want to look at OpenID Connect instead. See https://developers.google.com/identity/protocols/OpenIDConnect

Link to comment
Share on other sites

  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...