Hi Dave, thanks for your reply. I waited a bit longer with mine, as I wanted to have the chance to dig deeper into SAML and have some first hands-on. Actually I did a proof of concept now, and am still not sure how the best integration looks like.
Currently I see the SAML authentication as an "add on" to your normal user authentication providers. Because, actually I don't care if the additional user data is stored in LDAP, Mongo or wherever. I'm just creating an open session for a user, if my trusted IDP tells me to. So my current proof of concept is an app controller, which is taking care about the communication with the IDP and logs the user in, when he is authorized. Doing this in an App is not the ideal solution obvisously. Having an own mount point for SAML would be by far better (e.g. http://myside.com/saml or http://myside.com/auth/saml). But I found no way to achieve that with Allura other than patching the root controller. What I would need is a mount point for a controller and a view, which doesn't depend on a project or Application. What do you think would be the best practice for that? BR, Ingo 2018-01-04 2:34 GMT+01:00 <dev-digest-h...@allura.apache.org>: > From: Dave Brondsema <d...@brondsema.net> > To: dev@allura.apache.org > Cc: > Bcc: > Date: Thu, 28 Dec 2017 12:53:12 -0500 > Subject: Re: SAML > Hi Ingo, > > The short answer unfortunately is that Allura uses some of the basics of > Turbogears but does its own thing for most stuff, including > authentication. The > authentication system is pluggable in Allura, so it should be possible to > write > a SAML plugin, but the turbogears extension wouldn't work. > > These docs explain the methods that would have to be implemented: > https://forge-allura.apache.org/docs/api/lib/plugin.html# > allura.lib.plugin.AuthenticationProvider > > And > https://forge-allura.apache.org/p/allura/git/ci/master/ > tree/Allura/allura/lib/plugin.py > has the base AuthenticationProvider and the LocalAuthenticationProvider and > LdapAuthenticationProvider code, which could be useful references. > > -Dave > > On 12/25/17 1:26 PM, Ingo Hornberger wrote: > > Hey guys! > > I just did some research how allura could be extended with SSO > > functionality. I encountered that OpenID was once supported but > > discontinued. > > > > Then I found out that turbogears itself supports SAML with a pluggable > > extension: > > > > https://pypi.python.org/pypi/tgapp-samlauth/0.0.2 > > > > This sounded promising from an outside point of view. But I am new to TG, > > so I wanted to ask you guys for some hints to find the best and most > > pragmatical approach to get SAML or a similar protocol to work. It should > > just cooperate with keycloack. So a few configurations are possible, > while > > SAML would be prefered. > > > > Could such an extension work in allura, or did you change too much in the > > authentification system? > > > > Thanks in advance! > > > > Ingo > > > > > > -- > Dave Brondsema : d...@brondsema.net > http://www.brondsema.net : personal > http://www.splike.com : programming > <>< > > >
