RFC 7644 - System for Cross-domain Identity Management: Protocol (ietf.org)
SO, i have been researching and reading alot about SSO recently, and with the same, we know some of the industry news and happening s that have been taking place.
We have Microsft Migrating their IDentify Platform to ENtra and many other happenings.
I am bringin this Discussion here because, its information everyone, i beleive the developers of Nethserver, as well as community memebrs will benefit from.
Considering NS8 is a new child and still in development process (not to say RC and releases cant happen without it)
its important i beleive to take note of these new happenings and changes happening in the indusctry.
as @Andy_Wismer has always stated, never put AD in the cloud, i think someone heard you and decided to implement a solution around the same.
From a security standpoint, it’s wise not to expose LDAP (Lightweight Directory Access Protocol) to the internet if you’re using Active Directory, OpenLDAP, FreeIPA or anything similar as your source of truth for authentication. SCIM fills a need for directory synchronization in a cloud-native world in which many companies aren’t hosting the software they use on their own servers.
SCIM, or the System for Cross-domain Identity Management (opens new window)specification, is an open standard designed to manage user identity information. SCIM provides a defined schema for representing users and groups, and a RESTful API to run CRUD operations on those user and group resources.
The goal of SCIM is to securely automate the exchange of user identity data between your company’s cloud applications and any service providers, such as enterprise SaaS applications.
I have seen manay SSO solution implement SCIM in the past few couple of months, and i remembered we had a discussion here about implementing a SSO based Module for NEthserver.
these topics, discussed at length: Single sign-on (SSO)/Identity and access management (IAM) for Nethserver - Feature - NethServer Community
Authentik discusses here implementing : We need to talk about SCIM: More deviation than standard | authentik (goauthentik.io)
there are also other references available here on the same: Tutorial - Develop a SCIM endpoint for user provisioning to apps from Microsoft Entra ID | Microsoft Learn
WHile we have had the LEmonLdapNG from NS7 i dont see them supporting SCIM yet.
WOuld NEthserver be inclined to implement SCIM by default inot Nethserver, or would the dev team Implement an SSO Module that has the more advanced SSO functions and SCIM?