Support different SSO Auth Methods like OAuth/LDAP/OIDC with an auth proxy #383
Replies: 3 comments
-
|
Just in case somebody wants to give it a go: Sign ins, for the well known I18n Elixir app Accent, can be setup for external providers via few environment variables and since they're using Überauth adding another provider strategy like GitLab seem to be straightforward. Überauth seem to support all popular variants from self hosted and external providers. And with external authentication (i.e. with OAuth/OpenID Connect), people could also activating 2FA on the authentication app, hence this would clearly solve issue 156 for some users. |
Beta Was this translation helpful? Give feedback.
-
|
Would this proposed implementation work with SAML providers, like Shiboleth? |
Beta Was this translation helpful? Give feedback.
-
|
#3170 is a working OIDC implementation, but still a bit rough around the edges. Still need to add automated user creation/profile metadata updates and some additional security things. |
Beta Was this translation helpful? Give feedback.
-
In order to allow users to login to plausible with different types of SSO there are two option to accomplish this.
Feature request
Add auth proxies support to plausible allowing to support a plethora of authentication options without polluting the code with Auth logic and code maintenance for the team.
How would you like it to work
The implementation is quite simple:
X-Auth-UserIdX-Auth-Groupsruna test against a regex. Alternatively a hard coded setting in the config could also determine who is the admin.This was plausible could easily support of sorts of auth mechanisms without implementing each one of it.
There is a whole ecosystem that would be instantly available cloud providers and web servers like AWS, GCP, Azure, Auth0, Nginx, Apache all support this type of auth method.
here some examples, how others are doing it.
Beta Was this translation helpful? Give feedback.
All reactions