bdemers commented on issue #807: URL: https://github.com/apache/directory-scimple/issues/807#issuecomment-2825134564
Many apps that use SSO, don't actually need a user store. A user logs in using OIDC, everything the application needs about the user is available from the IdP (either in the Id token or the user info endpoint). This user doesn't need to be persisted. That isn't true for all apps. Take Slack for example. New user's get added to Slack before they initially log in. (That new user might have direct messages waiting for them when they sign in for the first time) For non-SSO applications, (that fall into the first category), it's probably best to look into using something like using a gateway that can mange the OIDC dance for you. For example: https://developer.okta.com/blog/2020/01/08/secure-legacy-spring-cloud-gateway The code in this post is probably a bit dated now, but the pattern that it's using should still work. And this is really just an updated take on what was done for years using a reverse proxy (nginx, httpd, etc) and a `REMOTE_USER` header. Hopefully this helps -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
