SCIM a NEW "LDAP" STANDARD

and thus the reason why we are making some noise about SSO and some variations of it into Nethserver8 before it becomes too mature to implement them in the fisrt place,

DO you now understand why it is important to do this at this stage?

If you have a ERP or CRM, most are based on RDBMS Relation Database Management Systems.
If your SCIM contains one more telephone number than your CRM database has fields for, than with each sync, you risk losing data!

Only you don’t know if it’s an important number r not, that is not decided by you…

Simple!

2 of you are pushing for this, all other users seem silent on this.

My opinion is still: After Release!

But why would anyone implement a software to handle its data like that?

check out multi faceteded ERP solutions like zoho, which has over a quadrillion apps, but their login process is very seamless.

now lets look at another example, checkout aruba cloud, their SSO implementation is pathetic (Customer support, different login, cloud manager, different user, account manager, different user, but all some can SSO directly to the other and whoosh)

actually the correct assesment would be, 2 of you are vocal about it.

in this community there are members who barely comemnt on anything unless they have issues.
others mostly comment when solving users issues, etc, everyone have thir strength and it what makes the community function as it does.

So you’re saying SCIM / SSO is not an issue for them…

:slight_smile:

Thanks!

I do agree that SSO is the future.

BUT: We don’t have a finished building yet, it’s still a building with scaffolding.

The decision has been made to use containerization, I’m fine with that - I’ve been against native installs for several years now…

What exact functionality the “Auth” container can be changed over time, like NS8 1.1 can have more than what NS7 had, easy. Like the options for backup in NS7 grew with time, that’s software “evolving” in a positive way…

But don’t waste valuable time delaying the building from going operational, by discussing the glass tinting in the penthouse appartment!

My 2 cents!
Andy

as i can for sure see its not an issue for you :wink:
everyone use a software for different purposes. i have one instance of Nethserver which only handles AD and SSO, that’s the only thing that server does, (you actually helped me set it up and i am forever grateful for that.)and it has VPN connection(@mrmarkuz helped on the VPNs) to all other servers that need AD, but for those that do not, that’s why LLNG courtesy of @danb35 plays its role. so LLNG does its thing and its been extremely useful, but oh boy is it hard to configure it. would i work with a simple or better solution, sue thing.

Not every nife is suited for some job,s others require a sledge hummer,

Very, very true.

But “Sledge Hammers” (or their users) then aren’t specifically in the club of “shooters”…
And shooters aren’t usually members of the “hammers”…

SME and Service Providers aren’t the same club!

And NethServer is still mainly geared for SME, Home Users and Enthusiasts…

you are a service providers,

you offer the services to SME.
most SME dont know what they want untill they are told. you have no idea how many large SME have no firewall.

I have currenlt adopted a network to manage for an organization with over 2000(desktops and printers only) lets not even get to cameras, biometric kits and other endpoints, and they do not have a zabbix or any network documentation. at the moment, i even doubt they have an AD in place, but i am learning this things and advicing the IT manager as we move along.

2 Likes

Only in the sense that I provide knowhow, and services with their hardware.
I do not provide services for paying customers on any my servers at the moment.

→ Most SME actually know basically what they need. Bookkeeping, Files, Printing, etc…

But what specific tool does it best, that’s where advice and experience helps them.

But all this has nothing to do with any cloud!

“Need”? No, I don’t guess it does–particularly given that time is limited to get NS8 out the door before CentOS 7 goes EOL next year. But if it is in the cards, that means other design decisions need to be made appropriately. For example, the other software on the server needs to be able to integrate with some standard SSO protocol–SOGo can do this, for example, while I don’t think Roundcube can. And it needs to be configured in a way that doesn’t preclude its integration with SSH–like Nextcloud should use the actual usernames as the user IDs, not the UUIDs that it does right now. And if NS8 is going to be clustered, that SSO login information should be automatically shared among cluster nodes. Even if SSO itself isn’t there at release, the ground work needs to be there.

And no, AD/LDAP aren’t SSO.

I’m not addressing SCIM itself here; I know almost nothing about it.

2 Likes

Hi Dan

I’m not saying LDAP/DA are SSO - they’re not. But they are the predecessors…

And NS8 doesn’t need anything not there in NS7 for starters, as said, it can come in later, if the planning has been done for coding…

My 2 cents
Andy

especially the planning bit is important.

exactly my point, it may not be available imeddiately, it may not be made available on release, but at the initial stages, the ground work needs to be in place for when its to be done, that way, there is not alot of reinvention to be done,

similarly, there are things not in NS7 that should be included for

things like these.

3 posts were split to a new topic: Add WSDD service to file server

I would like SSO also for WordPress.

On Top of These,

Also for reference:

Zitadel: ZITADEL • Identity infrastructure, simplified for you
looks mature and promising,
Written in the same Language as NEthserver 8
i think zitadel and goauthentik are competing at almost equal levels.

KANIDM: Kanidm
it should be notedthat this does not yet support SCIM but is planned:
SCIM Implementation · Issue #211 · kanidm/kanidm (github.com)

but it has replication, which might be a plus for the new NS8 architecture

Also SAML is not yet supported, will not be supported untill 2.0 is released,

I also came accross this for implementing SCIM in any golang based project, elimity-com/scim: Golang Implementation of the SCIM v2 Specification (github.com)

1 Like