and thus the reason why we are making some noise about SSO and some variations of it into Nethserver8 before it becomes too mature to implement them in the fisrt place,
DO you now understand why it is important to do this at this stage?
If you have a ERP or CRM, most are based on RDBMS Relation Database Management Systems.
If your SCIM contains one more telephone number than your CRM database has fields for, than with each sync, you risk losing data!
Only you donât know if itâs an important number r not, that is not decided by youâŠ
Simple!
2 of you are pushing for this, all other users seem silent on this.
My opinion is still: After Release!
But why would anyone implement a software to handle its data like that?
check out multi faceteded ERP solutions like zoho, which has over a quadrillion apps, but their login process is very seamless.
now lets look at another example, checkout aruba cloud, their SSO implementation is pathetic (Customer support, different login, cloud manager, different user, account manager, different user, but all some can SSO directly to the other and whoosh)
actually the correct assesment would be, 2 of you are vocal about it.
in this community there are members who barely comemnt on anything unless they have issues.
others mostly comment when solving users issues, etc, everyone have thir strength and it what makes the community function as it does.
So youâre saying SCIM / SSO is not an issue for themâŠ
Thanks!
I do agree that SSO is the future.
BUT: We donât have a finished building yet, itâs still a building with scaffolding.
The decision has been made to use containerization, Iâm fine with that - Iâve been against native installs for several years nowâŠ
What exact functionality the âAuthâ container can be changed over time, like NS8 1.1 can have more than what NS7 had, easy. Like the options for backup in NS7 grew with time, thatâs software âevolvingâ in a positive wayâŠ
But donât waste valuable time delaying the building from going operational, by discussing the glass tinting in the penthouse appartment!
My 2 cents!
Andy
as i can for sure see its not an issue for you 
everyone use a software for different purposes. i have one instance of Nethserver which only handles AD and SSO, thatâs the only thing that server does, (you actually helped me set it up and i am forever grateful for that.)and it has VPN connection(@mrmarkuz helped on the VPNs) to all other servers that need AD, but for those that do not, thatâs why LLNG courtesy of @danb35 plays its role. so LLNG does its thing and its been extremely useful, but oh boy is it hard to configure it. would i work with a simple or better solution, sue thing.
Not every nife is suited for some job,s others require a sledge hummer,
Very, very true.
But âSledge Hammersâ (or their users) then arenât specifically in the club of âshootersââŠ
And shooters arenât usually members of the âhammersââŠ
SME and Service Providers arenât the same club!
And NethServer is still mainly geared for SME, Home Users and EnthusiastsâŠ
you are a service providers,
you offer the services to SME.
most SME dont know what they want untill they are told. you have no idea how many large SME have no firewall.
I have currenlt adopted a network to manage for an organization with over 2000(desktops and printers only) lets not even get to cameras, biometric kits and other endpoints, and they do not have a zabbix or any network documentation. at the moment, i even doubt they have an AD in place, but i am learning this things and advicing the IT manager as we move along.
2 Likes
Only in the sense that I provide knowhow, and services with their hardware.
I do not provide services for paying customers on any my servers at the moment.
â Most SME actually know basically what they need. Bookkeeping, Files, Printing, etcâŠ
But what specific tool does it best, thatâs where advice and experience helps them.
But all this has nothing to do with any cloud!
âNeedâ? No, I donât guess it doesâparticularly given that time is limited to get NS8 out the door before CentOS 7 goes EOL next year. But if it is in the cards, that means other design decisions need to be made appropriately. For example, the other software on the server needs to be able to integrate with some standard SSO protocolâSOGo can do this, for example, while I donât think Roundcube can. And it needs to be configured in a way that doesnât preclude its integration with SSHâlike Nextcloud should use the actual usernames as the user IDs, not the UUIDs that it does right now. And if NS8 is going to be clustered, that SSO login information should be automatically shared among cluster nodes. Even if SSO itself isnât there at release, the ground work needs to be there.
And no, AD/LDAP arenât SSO.
Iâm not addressing SCIM itself here; I know almost nothing about it.
2 Likes
Hi Dan
Iâm not saying LDAP/DA are SSO - theyâre not. But they are the predecessorsâŠ
And NS8 doesnât need anything not there in NS7 for starters, as said, it can come in later, if the planning has been done for codingâŠ
My 2 cents
Andy
especially the planning bit is important.
exactly my point, it may not be available imeddiately, it may not be made available on release, but at the initial stages, the ground work needs to be in place for when its to be done, that way, there is not alot of reinvention to be done,
similarly, there are things not in NS7 that should be included for
things like these.
I would like SSO also for WordPress.
On Top of These,
Also for reference:
Zitadel: ZITADEL âą Identity infrastructure, simplified for you
looks mature and promising,
Written in the same Language as NEthserver 8
i think zitadel and goauthentik are competing at almost equal levels.
KANIDM: Kanidm
it should be notedthat this does not yet support SCIM but is planned:
SCIM Implementation · Issue #211 · kanidm/kanidm (github.com)
but it has replication, which might be a plus for the new NS8 architecture
Also SAML is not yet supported, will not be supported untill 2.0 is released,
I also came accross this for implementing SCIM in any golang based project, elimity-com/scim: Golang Implementation of the SCIM v2 Specification (github.com)
1 Like