bdemers commented on issue #807:
URL: 
https://github.com/apache/directory-scimple/issues/807#issuecomment-2825134564

   Many apps that use SSO, don't actually need a user store.
   A user logs in using OIDC, everything the application needs about the user 
is available from the IdP (either in the Id token or the user info endpoint). 
This user doesn't need to be persisted.
   
   That isn't true for all apps.  Take Slack for example. New user's get added 
to Slack before they initially log in.  (That new user might have direct 
messages waiting for them when they sign in for the first time)
   
   
   For non-SSO applications, (that fall into the first category), it's probably 
best to look into using something like using a gateway that can mange the OIDC 
dance for you.
   
   For example:
   https://developer.okta.com/blog/2020/01/08/secure-legacy-spring-cloud-gateway
   The code in this post is probably a bit dated now, but the pattern that it's 
using should still work.
   
   And this is really just an updated take on what was done for years using a 
reverse proxy (nginx, httpd, etc) and a `REMOTE_USER` header.
   
   Hopefully this helps


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

Reply via email to